How many security incidents did your agency have last month? How quickly were they detected? How long did they take to resolve and at what cost?
Information resources residing at state agencies are valuable assets belonging to the citizens of Texas. The Texas Department of Information Resources (DIR) helps government agencies and educational institutions assure the integrity, availability, and confidentiality of these critical assets.
For example, DIR educates agencies about security threats and prevention strategies, negotiates favorable contracts for security services and tools, and has developed a standardized, statewide Cybersecurity Framework. DIR has also transformed the incident reporting process to allow up-to-the-minute, on-site reporting as technology and cyber threats continue to evolve.
A new Governance Risk and Compliance Portal, Texas InfoSec Academy, and the Cybersecurity Framework are just a few of the initiatives that DIR is employing to elevate statewide information security to the next level.
The 83rd Legislative Session 2013 enacted two important cybersecurity-related bills that affect how agencies and educational institutions develop and report information security plans:
1. Senate Bill 1597 requires that each state agency submit a security plan to DIR by October 15 of each even-numbered year. The plan must include the best practices developed by the department.
2. Senate Bill 1134 required that DIR develop strategies and a framework for the securing of cyber infrastructure by state agencies. DIR subsequently worked with a committee of agency representatives and private sector reviewers to develop a framework and template that can help agencies comply with requirements.
TAC 202 outlines the Information Security Standards with which agencies and educational institutions must comply.