The chief information security officer shall be responsible for the following:
- I. Chairing the cybersecurity advisory committee.
- II. Developing, publishing, maintaining, and interpreting the statewide information security manual's policies and standards.
- III. Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.
- IV. Staffing and training members of ESF-17 under the state emergency operations plan.
- V. Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.
- VI. Providing information security subject matter expertise to the executive branch of the New Hampshire state government.
- VII. Drafting and implementing an information security awareness and training program to be used by all state agencies.
- VIII. Providing security metrics to track the performance of the information security program.
IX. Developing an information security governance and risk program, including, but not limited to:
- (a) Coordinating and conducting risk assessments of agencies and their information assets.
- (b) Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.
- (c) Conducting penetration tests of agency networks, applications, databases, and systems.
- (d) Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.
- X. Serving as the chief of the New Hampshire cyber integration center.
Source. 2023, 135:4, eff. Aug. 29, 2023.