Sec. 2054.133. INFORMATION SECURITY PLAN. (a) Each state agency shall develop, and periodically update, an information security plan for protecting the security of the agency's information.
(b) In developing the plan, the state agency shall:
(1) consider any vulnerability report prepared under Section 2054.077 for the agency;
(2) incorporate the network security services provided by the department to the agency under Chapter 2059;
(3) identify and define the responsibilities of agency staff who produce, access, use, or serve as custodians of the agency's information;
(4) identify risk management and other measures taken to protect the agency's information from unauthorized access, disclosure, modification, or destruction;
(5) include:
(A) the best practices for information security developed by the department; or
(B) a written explanation of why the best practices are not sufficient for the agency's security; and
(6) omit from any written copies of the plan information that could expose vulnerabilities in the agency's network or online systems.
(c) Not later than October 15 of each even-numbered year, each state agency shall submit a copy of the agency's information security plan to the department.
(d) Each state agency's information security plan is confidential and exempt from disclosure under Chapter 552.
(f) Not later than January 13 of each odd-numbered year, the department shall submit a written report to the governor, the lieutenant governor, and the legislature evaluating information security for this state's information resources. In preparing the report, the department shall consider the information security plans submitted by state agencies under this section, any vulnerability reports submitted under Section 2054.077, and other available information regarding the security of this state's information resources. The department shall omit from any written copies of the report information that could expose specific vulnerabilities in the security of this state's information resources.
Added by Acts 2013, 83rd Leg., R.S., Ch. 1222 (S.B. 1597), Sec. 1, eff. September 1, 2013.
Amended by:
Acts 2015, 84th Leg., R.S., Ch. 369 (S.B. 34), Sec. 1, eff. September 1, 2015.
Text of section as added by Acts 2015, 84th Leg., R.S., Ch. 513 (H.B. 855), Sec. 1
For text of section as added by Acts 2015, 84th Leg., R.S., Ch. 965 (S.B. 1877), Sec. 1, see other Sec. 2054.134.
Last modified: September 28, 2016