83R10600 YDB-D
By: Zaffirini S.B. No. 1597
A BILL TO BE ENTITLED
AN ACT
relating to the development of state agency information security
plans.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subchapter F, Chapter 2054, Government Code, is
amended by adding Section 2054.133 to read as follows:
Sec. 2054.133. INFORMATION SECURITY PLAN. (a) Each state
agency shall develop, and periodically update, an information
security plan for protecting the security of the agency's
information.
(b) In developing the plan, the state agency shall:
(1) consider any vulnerability report prepared under
Section 2054.077 for the agency;
(2) incorporate the network security services
provided by the department to the agency under Chapter 2059;
(3) identify and define the responsibilities of agency
staff who produce, access, use, or serve as custodians of the
agency's information;
(4) identify risk management and other measures taken
to protect the agency's information from unauthorized access,
disclosure, modification, or destruction; and
(5) include:
(A) the best practices for information security
developed by the department; or
(B) a written explanation of why the best
practices are not sufficient for the agency's security.
(c) Not later than December 1 of each even-numbered year,
each state agency shall submit a copy of the agency's information
security plan to the department.
SECTION 2. Not later than December 1, 2014, each state
agency shall develop and submit the information security plan as
required by Section 2054.133, Government Code, as added by this
Act.
SECTION 3. This Act takes effect September 1, 2013.