Delaware Code
Subchapter I. General Provisions
§ 9011C. State information security requirements

The Department of Technology and Information shall have the power to:

(1) Develop and implement a comprehensive information security program that applies personnel, process, and technology controls to protect the State's data, systems, and infrastructure, within the State's computing environment and on partner systems. All systems that connect to the State network shall comply with the State Information Security Program;
(2) Identify and address information security risks to each state agency, to third-party providers, and to key supply chain partners, including an assessment of the extent to which information resources, processes, or technologies are vulnerable to unauthorized access or harm, including the extent to which the entity's electronically stored information is vulnerable to unauthorized access, use, disclosure, disruption, modification, or destruction, and direct risk mitigation strategies, methods, and procedures to reduce those risks;
(3) Establish a central Security Operations Center (SOC) to direct statewide cyber defense and cyber threat mitigation. The SOC responsibilities shall include generating, collecting and analyzing security activity information to effectively identify and respond to cyber-attacks against the State;
(4) Implement technical compliance to state-owned technology as required by law. The Department may also implement technical compliance to state-owned technology that is recommended by private industry standards. The Department shall have the full cooperation of state agencies in identifying compliance requirements or industry standards; and
(5) Temporarily disrupt the exposure of an information system or information technology infrastructure that is owned, leased, outsourced, or shared by one or more state agencies in order to isolate the source of, or stop the spread of, an information security breach or other similar information security incident.