2021 Oregon Revised Statutes
Chapter 276A - Information Technology
Section 276A.329 - Oregon Cybersecurity Center of Excellence.


(1) Coordinate information sharing related to cybersecurity risks, warnings and incidents.
(2) Provide support regarding cybersecurity incident response and cybercrime investigations.
(3) Serve as an Information Sharing and Analysis Organization pursuant to 6 U.S.C. 133 et seq., and as a liaison with the National Cybersecurity and Communications Integration Center within the United States Department of Homeland Security, other federal agencies and other public and private sector entities on issues relating to cybersecurity.
(4) Identify and participate in appropriate federal, multistate or private sector programs and efforts that support or complement the center’s cybersecurity mission.
(5) Receive and appropriately disseminate relevant cybersecurity threat information from appropriate sources, including the federal government, law enforcement agencies, public utilities and private industry.
(6) Draft and biennially update an Oregon Cybersecurity Strategy and a Cyber Disruption Response Plan to be submitted to the Governor and an appropriate committee or interim committee of the Legislative Assembly. The plan must:
(a) Detail the steps that the state should take to increase the resiliency of its operations in preparation for, and during the response to, a cyber disruption event;
(b) Address high-risk cybersecurity for the state’s critical infrastructure, including a review of information security technologies currently in place to determine if current policies are sufficient to prevent the compromise or unauthorized disclosure of critical or sensitive government information inside and outside the firewall of state agencies, and develop plans to better identify, protect from, detect, respond to and recover from significant cyber threats;
(c) Establish a process to regularly conduct risk-based assessments of the cybersecurity risk profile, including infrastructure and activities within this state;
(d) Provide recommendations related to securing networks, systems and data, including interoperability, standardized plans and procedures, evolving threats and best practices to prevent the unauthorized access, theft, alteration or destruction of data held by the state;
(e) Include the recommended content and timelines for conducting cybersecurity awareness training for state agencies and the dissemination of educational materials to the public and private sectors in this state through the center;
(f) Identify opportunities to educate the public on ways to prevent cybersecurity attacks and protect the public’s personal information;
(g) Include strategies for collaboration with the private sector and educational institutions through the center and other venues to identify and implement cybersecurity best practices; and
(h) Establish data breach reporting and notification requirements in coordination with the Department of Consumer and Business Services. [2017 c.513 §4]

<< Previous
Next >>

Structure 2021 Oregon Revised Statutes

2021 Oregon Revised Statutes

Volume : 07 - Public Facilities and Finance

Chapter 276A - Information Technology

Section 276A.200 - Legislative findings on information resources.

Section 276A.203 - State Chief Information Officer; qualifications; duties; Enterprise Information Resources Management Strategy; rules.

Section 276A.206 - Oversight of state information and telecommunications technology by State Chief Information Officer; policy; rules; application for designation as community of interest.

Section 276A.209 - State Information Technology Operating Fund.

Section 276A.223 - Requirement that state agency or public corporation obtain quality management services when implementing information technology initiative; reports; exceptions.

Section 276A.230 - Definitions.

Section 276A.233 - Information technology portfolio-based management; inventory; standards; rules; exception.

Section 276A.236 - Enterprise information resources management; adoption and implementation of strategy; state agency information technology initiatives costing more than $1 million.

Section 276A.239 - Portfolio-based management of information technology resources for Secretary of State.

Section 276A.242 - Portfolio-based management of information technology resources for State Treasurer.

Section 276A.253 - Oregon transparency website.

Section 276A.256 - Reports of tax expenditures connected to economic development.

Section 276A.259 - Transparency Oregon Advisory Commission; members; duties; terms; reports.

Section 276A.262 - Transparency Oregon Advisory Commission Fund.

Section 276A.270 - Definitions.

Section 276A.273 - Electronic Government Portal Advisory Board.

Section 276A.276 - Ability to offer government services through portal; portal provider fee; rules.

Section 276A.300 - Information systems security in executive department; rules.

Section 276A.303 - Information systems security for Secretary of State, State Treasurer and Attorney General.

Section 276A.306 - Information security incidents and assessments; reports.

Section 276A.323 - State agency coordination.

Section 276A.326 - Oregon Cybersecurity Advisory Council.

Section 276A.329 - Oregon Cybersecurity Center of Excellence.

Section 276A.332 - Authority of State Chief Information Officer to enter into agreements.

Section 276A.335 - Moneys from federal government and other sources.

Section 276A.350 - Definitions.

Section 276A.353 - Chief Data Officer; duties; rules.

Section 276A.356 - Open data standard.

Section 276A.359 - Technical standards manual.

Section 276A.362 - Release of publishable data on web portal; exemptions; rules.

Section 276A.365 - Information management by state agencies.

Section 276A.368 - Purpose of data; limitation of liability; publishable data in public domain.

Section 276A.400 - Policy.

Section 276A.403 - Coordination of telecommunications systems.

Section 276A.406 - Acquisition of broadband and communications services.

Section 276A.412 - Contracts for telecommunications equipment and services not to exceed 10 years; exception for broadband infrastructure; contract benefits for designated communities of interest.

Section 276A.418 - Public contracts for broadband Internet access service; prohibitions; exceptions; rules.

Section 276A.421 - Provision of broadband services that compete with services of private telecommunications provider; circumstances of competition; broadband services advisory committee; rules.

Section 276A.424 - Connecting Oregon Schools Fund; rules.

Section 276A.500 - Definitions.

Section 276A.503 - Oregon Geographic Information Council; establishment; purposes; membership; terms of office.

Section 276A.506 - Powers of council; advisory committees.

Section 276A.509 - Public body duty to share geospatial framework data with council; conditions and exceptions; methods for sharing; limitations of liability.

Section 276A.512 - Oregon Geographic Information Council Fund; records and reports.

Section 276A.515 - State geographic information officer; qualifications; duties.