| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the position of chief information security officer in |
|
|
the Department of Information Resources. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter N-1, Chapter 2054, Government Code, |
|
|
is amended by adding Section 2054.510 to read as follows: |
|
|
Sec. 2054.510. CHIEF INFORMATION SECURITY OFFICER. (a) In |
|
|
this section, "state information security program" means the |
|
|
policies, standards, procedures, elements, structure, strategies, |
|
|
objectives, plans, metrics, reports, services, and resources that |
|
|
establish the information resources security function for this |
|
|
state. |
|
|
(b) The department shall employ a chief information |
|
|
security officer. |
|
|
(c) The chief information security officer shall oversee |
|
|
cybersecurity matters for this state including: |
|
|
(1) implementing the duties described by Section |
|
|
2054.059; |
|
|
(2) responding to reports received under Section |
|
|
2054.1125; |
|
|
(3) developing a statewide information security |
|
|
framework; |
|
|
(4) overseeing the development of statewide |
|
|
information security policies and standards; |
|
|
(5) developing, in coordination with state agencies, |
|
|
local governmental entities, and other entities operating or |
|
|
exercising control over state information systems or |
|
|
state-controlled data, information security policies, standards, |
|
|
and guidelines to strengthen this state's cybersecurity; |
|
|
(6) overseeing the implementation of the policies, |
|
|
standards, and guidelines developed under Subdivisions (3), (4), |
|
|
and (5); |
|
|
(7) providing information security leadership, |
|
|
strategic direction, and coordination for the state information |
|
|
security program; and |
|
|
(8) providing strategic direction to: |
|
|
(A) the network security center established |
|
|
under Section 2059.101, Government Code; and |
|
|
(B) statewide technology centers operated under |
|
|
Subchapter L. |
|
|
(d) Not later than November 15 of each even-numbered year, |
|
|
the chief information security officer shall submit a written |
|
|
report on the status and effectiveness of the state information |
|
|
security program to: |
|
|
(1) the executive director; |
|
|
(2) the governor; |
|
|
(3) the lieutenant governor; |
|
|
(4) the speaker of the house of representatives; and |
|
|
(5) each standing committee of the legislature with |
|
|
primary jurisdiction over matters related to the department. |
|
|
SECTION 2. This Act takes effect September 1, 2023. |