security and privacy policies prescribed by the
Department of Technology. The report also
recommended government entities report to an
Assembly committee about its compliance with
those standards.
The report called for entities to undergo a
comprehensive information security assessment
at least every three years.
California’s auditor previously labeled
information security as a high-risk issue for the
government of America’s most populous state.
The report said the Department of Technology
had made progress on the issue.
Lawmakers proposed a similar requirement last
year. But the legislation faced opposition from
constitutional officers, including the secretary
of state, treasurer and controller, who argued
it would infringe on the independence of their
offices. The bill sputtered in the state Senate.
Assemblyman Ed Chau, a Democrat from
Monterey Park and a joint author of the
legislation, said he is still supportive of the
idea but added that special circumstances in
different parts of government should be taken
into consideration.
“Bringing consistency across state government
in cybersecurity and information security
policies is part of an effective strategy in
safeguarding against data security threats,”
Chau said.
Amy Tong, California’s chief information officer
and head of the Department of Technology,
said that she appreciates the audit’s call for
strengthening security at all state agencies. Tong
said the department’s security operations center
already blocks more than 200 million of what
she described as malicious probes aimed at
government entities.
antfer
(Antfer)
#1