1.  The Office shall establish policies and procedures for:

(a) A state agency to notify the Office of any specific threat to the security of an information system operated or maintained by the state agency;

(b) Any other public or private entity to voluntarily notify the Office of any specific threat to the security of an information system;

(c) The Office to notify state agencies, appropriate law enforcement and prosecuting authorities and any other appropriate public or private entity of any specific threat to the security of an information system of which the Office has been notified; and

(d) The Administrator to convene a cybersecurity incident response team appointed pursuant to subsection 2 upon notification of the Office of a specific threat to the security of an information system.

2.  In consultation with appropriate state agencies, local governments and agencies of the Federal Government, the Administrator shall appoint a cybersecurity incident response team or teams. Such a team may include, without limitation, an investigator employed by the Investigation Division of the Department.

3.  A cybersecurity incident response team appointed pursuant to subsection 2 shall convene at the call of the Administrator and, subject to the direction of the Administrator, shall assist the Office and any appropriate state agencies, local governments or agencies of the Federal Government in responding to the threat to the security of an information system.

4.  A private entity may, in its discretion, use the services of a cybersecurity incident response team appointed pursuant to subsection 2.