By: Parker  S.B. No. 621
         (In the Senate - Filed January 26, 2023; February 17, 2023,
  read first time and referred to Committee on Business & Commerce;
  March 16, 2023, reported adversely, with favorable Committee
  Substitute by the following vote:  Yeas 11, Nays 0; March 16, 2023,
  sent to printer.)
Click here to see the committee vote
 
  COMMITTEE SUBSTITUTE FOR S.B. No. 621 By:  Birdwell
 
 
A BILL TO BE ENTITLED
 
AN ACT
 
  relating to the position of chief information security officer in
  the Department of Information Resources.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter N-1, Chapter 2054, Government Code,
  is amended by adding Section 2054.510 to read as follows:
         Sec. 2054.510.  CHIEF INFORMATION SECURITY OFFICER. (a) In
  this section, "state information security program" means the
  policies, standards, procedures, elements, structure, strategies,
  objectives, plans, metrics, reports, services, and resources that
  establish the information resources security function for this
  state.
         (b)  The executive director, using existing funds, shall
  employ a chief information security officer.
         (c)  The chief information security officer shall oversee
  cybersecurity matters for this state including:
               (1)  implementing the duties described by Section
  2054.059;
               (2)  responding to reports received under Section
  2054.1125;
               (3)  developing a statewide information security
  framework;
               (4)  overseeing the development of statewide
  information security policies and standards;
               (5)  developing, in coordination with state agencies,
  local governmental entities, and other entities operating or
  exercising control over state information systems or
  state-controlled data, information security policies, standards,
  and guidelines to strengthen this state's cybersecurity;
               (6)  overseeing the implementation of the policies,
  standards, and guidelines developed under Subdivisions (3), (4),
  and (5);
               (7)  providing information security leadership,
  strategic direction, and coordination for the state information
  security program;
               (8)  providing strategic direction to:
                     (A)  the network security center established
  under Section 2059.101; and
                     (B)  statewide technology centers operated under
  Subchapter L; and
               (9)  overseeing the preparation and submission of the
  report described by Section 2054.0591.
         SECTION 2.  This Act takes effect September 1, 2023.
 
  * * * * *