88R3800 SCP-F
 
  By: Capriglione H.B. No. 2156
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the position of chief information security officer in
  the Department of Information Resources.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter N-1, Chapter 2054, Government Code,
  is amended by adding Section 2054.510 to read as follows:
         Sec. 2054.510.  CHIEF INFORMATION SECURITY OFFICER. (a) In
  this section, "state information security program" means the
  policies, standards, procedures, elements, structure, strategies,
  objectives, plans, metrics, reports, services, and resources that
  establish the information resources security function for this
  state.
         (b)  The department shall employ a chief information
  security officer.
         (c)  The chief information security officer shall oversee
  cybersecurity matters for this state including:
               (1)  implementing the duties described by Section
  2054.059;
               (2)  responding to reports received under Section
  2054.1125;
               (3)  developing a statewide information security
  framework;
               (4)  overseeing the development of statewide
  information security policies and standards;
               (5)  developing, in coordination with state agencies,
  local governmental entities, and other entities operating or
  exercising control over state information systems or
  state-controlled data, information security policies, standards,
  and guidelines to strengthen this state's cybersecurity;
               (6)  overseeing the implementation of the policies,
  standards, and guidelines developed under Subdivisions (3), (4),
  and (5);
               (7)  providing information security leadership,
  strategic direction, and coordination for the state information
  security program; and
               (8)  providing strategic direction to:
                     (A)  the network security center established
  under Section 2059.101, Government Code; and
                     (B)  statewide technology centers operated under
  Subchapter L.
         (d)  Not later than November 15 of each even-numbered year,
  the chief information security officer shall submit a written
  report on the status and effectiveness of the state information
  security program to:
               (1)  the executive director;
               (2)  the governor;
               (3)  the lieutenant governor;
               (4)  the speaker of the house of representatives; and
               (5)  each standing committee of the legislature with
  primary jurisdiction over matters related to the department.
         SECTION 2.  This Act takes effect September 1, 2023.