Requires the office of the chief information officer to: (1) Develop and assist the updating of information security procedures, standards, and guidelines for state agencies;

(2) Assist with development of information technology security programs developed by state agencies;

(3) Review information security audits and assessments in state agencies;

(4) Establish and direct a risk management process; and

(5) Require agencies to immediately correct security vulnerabilities that, in the judgment of the office, pose an unacceptable risk to the agency or the state.

Provides that the adjutant general is responsible to the governor for developing and implementing a program for interagency coordination of continuity of operations planning by state agencies, boards, and commissions.

Gives responsibility to each state agency, board, and commission for developing an organizational continuity of operations plan that is updated and exercised annually in compliance with the program for interagency coordination of continuity of operations planning.