|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to the development of state agency information security |
|
plans. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Subchapter F, Chapter 2054, Government Code, is |
|
amended by adding Section 2054.133 to read as follows: |
|
Sec. 2054.133. INFORMATION SECURITY PLAN. (a) Each state |
|
agency shall develop, and periodically update, an information |
|
security plan for protecting the security of the agency's |
|
information. |
|
(b) In developing the plan, the state agency shall: |
|
(1) consider any vulnerability report prepared under |
|
Section 2054.077 for the agency; |
|
(2) incorporate the network security services |
|
provided by the department to the agency under Chapter 2059; |
|
(3) identify and define the responsibilities of agency |
|
staff who produce, access, use, or serve as custodians of the |
|
agency's information; |
|
(4) identify risk management and other measures taken |
|
to protect the agency's information from unauthorized access, |
|
disclosure, modification, or destruction; |
|
(5) include: |
|
(A) the best practices for information security |
|
developed by the department; or |
|
(B) a written explanation of why the best |
|
practices are not sufficient for the agency's security; and |
|
(6) omit from any written copies of the plan |
|
information that could expose vulnerabilities in the agency's |
|
network or online systems. |
|
(c) Not later than October 15 of each even-numbered year, |
|
each state agency shall submit a copy of the agency's information |
|
security plan to the department. |
|
(d) Each state agency's information security plan is |
|
confidential and exempt from disclosure under Chapter 552. |
|
SECTION 2. Not later than October 15, 2014, each state |
|
agency shall develop and submit the information security plan |
|
required by Section 2054.133, Government Code, as added by this |
|
Act. |
|
SECTION 3. This Act takes effect September 1, 2013. |