88R27571 SCP-F
 
  By: Parker, et al. S.B. No. 621
 
  (Capriglione)
 
  Substitute the following for S.B. No. 621:  No.
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the position of chief information security officer in
  the Department of Information Resources.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter N-1, Chapter 2054, Government Code,
  is amended by adding Section 2054.510 to read as follows:
         Sec. 2054.510.  CHIEF INFORMATION SECURITY OFFICER. (a) In
  this section, "state information security program" means the
  policies, standards, procedures, elements, structure, strategies,
  objectives, plans, metrics, reports, services, and resources that
  establish the information resources security function for this
  state.
         (b)  The executive director, using existing funds, shall
  employ a chief information security officer.
         (c)  The chief information security officer shall oversee
  cybersecurity matters for this state including:
               (1)  implementing the duties described by Section
  2054.059;
               (2)  responding to reports received under Section
  2054.1125;
               (3)  developing a statewide information security
  framework;
               (4)  overseeing the development of statewide
  information security policies and standards;
               (5)  collaborating with state agencies, local
  governmental entities, and other entities operating or exercising
  control over state information systems or state-controlled data to
  strengthen this state's cybersecurity and information security
  policies, standards, and guidelines;
               (6)  overseeing the implementation of the policies,
  standards, and guidelines developed under Subdivisions (3) and (4);
               (7)  providing information security leadership,
  strategic direction, and coordination for the state information
  security program;
               (8)  providing strategic direction to:
                     (A)  the network security center established
  under Section 2059.101; and
                     (B)  statewide technology centers operated under
  Subchapter L; and
               (9)  overseeing the preparation and submission of the
  report described by Section 2054.0591.
         SECTION 2.  This Act takes effect September 1, 2023.