The OIT Chief Information Security Officer has the responsibility for defining and implementing enterprise security policies, standards, guidelines and best practices for state agencies that are under the jurisdiction of Act 772. Additional responsibilities include:
- Coordination of vulnerability assessments performed for state agencies by contractors
- Assisting agencies with risk mitigation and management
- Coordination of enterprise disaster recovery planning
- Conducting security awareness training sessions and workshops
- Alert notification for security vulnerabilities and virus attacks
The Chief Information Security Officer chairs the statewide Information Security Committee that meets monthly to discuss security issues and recommend security policy requirements. All agencies that are under the jurisdiction of Act 772 have representation on this committee.