Columbia, SC (WLTX) -- The senate subcommittee, appointed to investigate the security breach at the state revenue department met for a second time Wednesday morning.
Inspector General Pat Maley says information security needs to be a priority due to the fact that South Carolina has over a hundred agencies, universities, boards, and commissions.
"There is no common standard for them to rally around in order to make risk tolerance decision as well as what their information security program is."
Maley presented his review of state agencies' information security to a senate subcommittee. The report polled 18 chief information officers on their agencies' security.
"There was not one person out there that advocated a de-centralized model of letting individual operations make up their own information security, policy and protocols," said Maley.
The report recommends creating a new Chief Information Security Officer position, a committee to provide oversight of the development, and identifying the use of a consultant to assist with the security process.
"Most states have a security officer who is in charge of policies, printing a framework, and procedures for the agencies to work within," said DSIT director Jimmy Earley.
The head of South Carolina's information technology division, Jimmy Earley, says lawmakers should consider hiring two people to oversee agencies' cyber security.
"You create guidance for the agencies, you set the rules - for lack of a better term. Then agencies can decide how to taylor that if necessary to meet their own unique needs and circumstances," said Earley.
Senator Kevin Bryant, who is investigating the security breach at the SCDOR, says each agency having their own independent security like they do now is a bad idea.
"We need to hear from folks that are doing a good job protecting their data and we need to take that model and make it a statewide model," said Bryant.
The subcommittee plans on having a third hearing next Thursday at 10 a.m. They expect to hear from bankers, consumer affairs, and officials from the company Experian about the security breach.