BILL ANALYSIS

H.B. 2192

By: Blanco

Government Transparency & Operation

Committee Report (Unamended)

BACKGROUND AND PURPOSE

Interested parties are concerned that the information security of certain state agencies might not adequately protect against current cyber-threats. H.B. 2192 seeks to improve such security by requiring such agencies to perform comprehensive information security assessments at least once every five years.

CRIMINAL JUSTICE IMPACT

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

RULEMAKING AUTHORITY

It is the committee's opinion that rulemaking authority is expressly granted to the Department of Information Resources in SECTION 1 of this bill.

ANALYSIS

H.B. 2192 amends the Government Code to require an agency in the executive or judicial branch of state government, including a public university system or a public institution of higher education, to conduct a comprehensive information security assessment of the agency's information resources systems, network systems, digital data storage systems, digital data security measures, and information resources vulnerabilities at least once every five years. The bill requires such an agency, not later than December 1 of the year in which the agency conducts such an assessment, to report the results of the study to the Department of Information Resources (DIR), the governor, the lieutenant governor, and the speaker of the house of representatives. The bill authorizes DIR by rule to establish the requirements for the information security assessment and related report.

EFFECTIVE DATE

September 1, 2017.