FAQ List

Expand/Contract Questions and Answers

How do I make a report of an incident?
How is Gartner assisting?
How will I find out more?
If the event happens on a Kansas Criminal Justice Information System (KCJIS) machine or system, do I still report it to the KISO?
If the incident impacts the election equipment or systems, do I still report it to the KISO?
Is my report protected?
My cyber insurance company says I cannot notify anyone if I have an incident. Do I still have to report?
What are the reporting timeframes?
What constitutes a ‘significant cybersecurity incident’?
What is the objective of this initiative?
Who do I reach out to for more information?
Who do I speak to if I have a complaint regarding Gartner services or a Gartner team member?
Who does this law apply to?
Who is Gartner?
Who is involved in the initiative?
Why do I have to report this to the KISO?

How do I make a report of an incident?
You can report an incident one of two ways:
1. You can call 785-296-6069 which will be monitored and/or answered 24/7.
2. Complete the report form, above
You will need to provide:
- Status of the incident
- A point of contact for the entity experiencing the incident
- Where the incident occurred and time it was discovered.
- Additional information about how the incident was detected, if it has been resolved, and who all has been notified.
- The impact of the incident, criticality of the incident, and actions that have been taken.
- Finally, if you are needing assistance with containment, mitigation, investigation, or remediation.
How is Gartner assisting?
Gartner is currently executing Phases 0 to 4 related to this program. This is a culmination effort of discovery that will span approximately nine months. The Gartner team is responsible for documenting the current state across Kansas, especially as it relates to the technology environments, and providing an accurate assessment report to OITS and other leadership on integration feasibility and the recommended approach.

Additional information related to Gartner and the phase timelines can be found in the Gartner Services – Kansas IT Integration Assessment Kick-Off Presentation.
How will I find out more?
We are still in the early stages of the initiative as of February 2025. The Change Management workstream is responsible for compiling a Communications Plan that will influence future outreach and establish effective conversational channels. In addition to the website, the team will be utilizing check-ins with key state leadership and, eventually, agency leadership to provide ongoing status debriefs.
If the event happens on a Kansas Criminal Justice Information System (KCJIS) machine or system, do I still report it to the KISO?
No, if the incident is on KCJIS equipment you will follow the same reporting process that you have always had, and the Kansas Bureau of Investigation (KBI) will make the necessary notification to the KISO within the prescribed timeframe.
If the incident impacts the election equipment or systems, do I still report it to the KISO?
Yes, if the incident involves the election equipment or systems you will report it to the KISO and to the Kansas Secretary of State’s Office within the prescribed time frames.
Is my report protected?
Yes, the reported incident will only be shared internally to those needing to assist in handling of the incident and the incident is protected from the open records act. The only reporting on state incidents that will be done is anonymized in aggregate reporting.
My cyber insurance company says I cannot notify anyone if I have an incident. Do I still have to report?
Yes, this is State Law, insurance policies cannot violate state law. If your policy includes language to this effect, please contact your insurance company and make sure they are aware of the State Law and if necessary, amend the language in your policy.
What are the reporting timeframes?
- Any public entity shall report within 12 hours after the discovery of the incident.
- Any government contractor that has a significant cybersecurity incident must report within:
  - 72 hrs. after the government contractor reasonably believes a significant cybersecurity incident has occurred; or
  - 12 hrs. if a determination is made during the investigation that such information, network or systems operated by or on behalf of the State were directly impacted.
What constitutes a ‘significant cybersecurity incident’?
A cybersecurity incident that results in or is likely to result in financial loss or demonstrable harm to public confidence or public health and safety in the State of Kansas. Any event or combination that threatens, without lawful authority the confidentiality, integrity or availability of information or information systems and that requires an entity to initiate a response or recovery. Examples include but are not limited to malware, ransomware, denial of service, man in the middle and other such attacks by bad actors.

What to report:
- Denial of service attack that lasted over an hour
- Discovery of ransomware note
- Multiple anti-virus or endpoint detection and response alerts resulting in a need to contain or shutdown systems
Things not to report:
- Individual phishing message
- Single anti-virus alerts
What is the objective of this initiative?
The OITS IT Assessment is a response to Senate Bill 291 which, among other things, instructs OITS to investigate and perform a technical consolidation of certain information technology services, especially cyber security controls/responsibilities, under the Executive Chief Information Technology Officer. This initiative is anticipated to impact the majority of state agencies and their technological ecosystems.

For more context, please see:
- The official bill summary
- The full text of the bill
Who do I reach out to for more information?
The current project manager for this effort is Donnita Thomas. The Gartner counterpart is Ian Anderson.
Who do I speak to if I have a complaint regarding Gartner services or a Gartner team member?
Any escalation issues or concerns related to Gartner can be raised to Executive Branch CITO, Jeff Maxon, or Gartner’s Senior Managing Partner, Brian Conologue.
Who does this law apply to?
- Any public entity that experiences a significant cybersecurity incident.
- Any government contractor that has a significant cybersecurity incident.
Who is Gartner?
Gartner is a global technology research and advisory firm. Gartner’s Consulting division has been selected as the OITS partner of choice to help lead and support this initiative. Gartner team members currently operate five primary workstreams (Organization/Governance, Architecture, Financial, Organization Change Management, and Financial) that are actively fulfilling the IT Assessment phase objectives. Each workstream is led by a Gartner subject matter expert and supporting team members.
Who is involved in the initiative?
OITS has been instructed by the Office of the Governor to take a leading role by partnering with Kansas state agencies. OITS leadership, other agency CIO/CTO/CSO-related leadership, and agency Executive Directors will be involved in the planning and decision-making. Individual agency personnel may be required to assist at times, especially by providing documentation or requested insight into current state practices. The leader for this initiative is Jeff Maxon, Chief Information Technology Officer.
Why do I have to report this to the KISO?
The Kansas Information Security Office has been designated by the Kansas Legislature as the point of contact for reporting and/or coordination of assistance for any incidents that could potentially threaten state systems. The KISO is also committed to assisting public entities and providing resources to assist with handling the incident.

How do I make a report of an incident?

How is Gartner assisting?

How will I find out more?

If the event happens on a Kansas Criminal Justice Information System (KCJIS) machine or system, do I still report it to the KISO?

If the incident impacts the election equipment or systems, do I still report it to the KISO?

Is my report protected?

My cyber insurance company says I cannot notify anyone if I have an incident. Do I still have to report?

What are the reporting timeframes?

What constitutes a ‘significant cybersecurity incident’?

What is the objective of this initiative?

Who do I reach out to for more information?

Who do I speak to if I have a complaint regarding Gartner services or a Gartner team member?

Who does this law apply to?

Who is Gartner?

Who is involved in the initiative?

Why do I have to report this to the KISO?