Sec. 2054.133. INFORMATION SECURITY PLAN. (a) Each state agency shall develop, and periodically update, an information security plan for protecting the security of the agency's information.
(b) In developing the plan, the state agency shall:
(1) consider any vulnerability report prepared under Section 2054.077 for the agency;
(2) incorporate the network security services provided by the department to the agency under Chapter 2059;
(3) identify and define the responsibilities of agency staff who produce, access, use, or serve as custodians of the agency's information;
(4) identify risk management and other measures taken to protect the agency's information from unauthorized access, disclosure, modification, or destruction;
(5) include:
(A) the best practices for information security developed by the department; or
(B) a written explanation of why the best practices are not sufficient for the agency's security; and
(6) omit from any written copies of the plan information that could expose vulnerabilities in the agency's network or online systems.
(c) Not later than June 1 of each even-numbered year, each state agency shall submit a copy of the agency's information security plan to the department. Subject to available resources, the department may select a portion of the submitted security plans to be assessed by the department in accordance with department rules.
(d) Each state agency's information security plan is confidential and exempt from disclosure under Chapter 552.
(e) Each state agency shall include in the agency's information security plan a written document that is signed by the head of the agency, the chief financial officer, and each executive manager designated by the state agency and states that those persons have been made aware of the risks revealed during the preparation of the agency's information security plan.
(f) Not later than November 15 of each even-numbered year, the department shall submit a written report to the governor, the lieutenant governor, and each standing committee of the legislature with primary jurisdiction over matters related to the department evaluating information security for this state's information resources. In preparing the report, the department shall consider the information security plans submitted by state agencies under this section, any vulnerability reports submitted under Section 2054.077, and other available information regarding the security of this state's information resources. The department shall omit from any written copies of the report information that could expose specific vulnerabilities in the security of this state's information resources.
Added by Acts 2013, 83rd Leg., R.S., Ch. 1222 (S.B. 1597), Sec. 1, eff. September 1, 2013.
Amended by:
Acts 2015, 84th Leg., R.S., Ch. 369 (S.B. 34), Sec. 1, eff. September 1, 2015.
Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 10, eff. September 1, 2017.
Acts 2017, 85th Leg., R.S., Ch. 955 (S.B. 1910), Sec. 3, eff. September 1, 2017.
Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 15, eff. September 1, 2019.
Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.14, eff. September 1, 2019.
Structure Texas Statutes
Subtitle B - Information and Planning
Chapter 2054 - Information Resources
Subchapter F. Other Powers and Duties of State Agencies
Section 2054.111. Use of State Electronic Internet Portal Project
Section 2054.1115. Electronic Payments on State Electronic Internet Portal
Section 2054.112. Security Review for New Internet Sites
Section 2054.1125. Security Breach Notification by State Agency
Section 2054.113. Duplication With State Electronic Internet Portal
Section 2054.115. Sale or Lease of Software
Section 2054.116. Spanish Language Content on Agency Websites
Section 2054.117. Electronic Data Processing Center
Section 2054.118. Major Information Resources Project
Section 2054.1181. Oversight of Major Information Resources Projects
Section 2054.1182. Evaluation of Completed Major Information Resources Projects
Section 2054.1183. Annual Report on Major Information Resources Projects
Section 2054.120. Electronic Mail Address
Section 2054.121. Coordination With Institutions of Higher Education
Section 2054.1211. Reporting Requirements of Institutions of Higher Education
Section 2054.122. Coordinated Technology Training
Section 2054.124. Power Management Software
Section 2054.125. Linking and Indexing Internet Sites
Section 2054.126. Posting of Information on Internet
Section 2054.1264. Posting of Cost-Efficiency Suggestions and Ideas on State Agency Website
Section 2054.1265. Posting High-Value Data Sets on Internet
Section 2054.127. Internet Website Development: Grants and Assistance
Section 2054.128. Environmental and Natural Resources Agencies Internet Portal
Section 2054.129. Advertising Online Options
Section 2054.130. Removal of Data From Data Processing Equipment; Rules
Section 2054.131. Electronic Benefits Enrollment and Administration System
Section 2054.132. Posting of Forms Required
Section 2054.133. Information Security Plan
Section 2054.134. Device and Internet Browser Compatibility
Section 2054.135. Data Use Agreement
Section 2054.136. Designated Information Security Officer