Home Table of Contents

§ 3.5-2A-03. State Chief Information Security Officer

West's Annotated Code of MarylandState Finance and ProcurementEffective: July 1, 2022

West's Annotated Code of Maryland
State Finance and Procurement
Division I. State Finance [Titles 1-10a] (Refs & Annos)
Title 3.5. Department of Information Technology (Refs & Annos)
Subtitle 2a. Office of Security Management (Refs & Annos)
Effective: July 1, 2022
MD Code, State Finance and Procurement, § 3.5-2A-03
§ 3.5-2A-03. State Chief Information Security Officer
Currentness
Head of Office
(a) The head of the Office is the State Chief Information Security Officer.
Appointment
(b) The State Chief Information Security Officer shall:
(1) be appointed by the Governor with the advice and consent of the Senate;
(2) serve at the pleasure of the Governor;
(3) be supervised by the Secretary; and
(4) serve as the chief information security officer of the Department.
Qualifications
(c) An individual appointed as the State Chief Information Security Officer under subsection (b) of this section shall:
(1) at a minimum, hold a bachelor's degree;
(2) hold appropriate information technology or cybersecurity certifications;
(3) have experience:
(i) identifying, implementing, or assessing security controls;
(ii) in infrastructure, systems engineering, or cybersecurity;
(iii) managing highly technical security, security operations centers, and incident response teams in a complex cloud environment and supporting multiple sites; and
(iv) working with common information security management frameworks;
(4) have extensive knowledge of information technology and cybersecurity field concepts, best practices, and procedures, with an understanding of existing enterprise capabilities and limitations to ensure the secure integration and operation of security networks and systems; and
(5) have knowledge of current security regulations.
Advice and recommendations
(d) The State Chief Information Security Officer shall provide cybersecurity advice and recommendations to the Governor on request.
Director of Local Cybersecurity
(e)(1)(i) There is a Director of Local Cybersecurity, who shall be appointed by the State Chief Information Security Officer.
(ii) The Director of Local Cybersecurity shall work in coordination with the Maryland Department of Emergency Management to provide technical assistance, coordinate resources, and improve cybersecurity preparedness for units of local government.
(2)(i) There is a Director of State Cybersecurity, who shall be appointed by the State Chief Information Security Officer.
(ii) The Director of State Cybersecurity is responsible for implementation of this section with respect to units of State government.
Staff
(f) The Department shall provide the Office with sufficient staff to perform the functions of this subtitle.

Credits

Added by Acts 2022, c. 241, § 2, eff. May 12, 2022; Acts 2022, c. 242, § 2, eff. July 1, 2022.
MD Code, State Finance and Procurement, § 3.5-2A-03, MD STATE FIN & PROC § 3.5-2A-03
Current through legislation effective through May 9, 2024, from the 2024 Regular Session of the General Assembly. Some statute sections may be more current, see credits for details.
End of Document