(39) Risk Management--The process of aligning information
resources risk exposure with the organization's risk tolerance by
either accepting, transferring, or mitigating risk exposures.
(40) Security Assessment--The testing or evaluation
of security controls to determine the extent to which the controls
are implemented correctly, operating as intended, and producing the
desired outcome with respect to meeting the security requirements
for an information system or organization.
(41) Security Incident--An incident that meets one
of the requirements enumerated at Texas Government Code §2054.603(a)(1)(A)
- (B).
(42) Sensitive Personal Information--A category of
personal identity information as defined by Texas Business and Commerce
Code §521.002(a)(2).
(43) Standards--Specific mandatory controls that help
enforce and support the information security policy.
(44) State-controlled data--Any and all data that is
created, processed, or stored by a state agency.
(45) StateRAMP--The risk and authorization management
program, built upon the National Institute of Standards and Technology
Special Publication 800-53 and modeled after the FedRAMP program,
that provides state and local governments a common method for verification
of cloud security.
(46) Statewide Technology Centers--As defined in Texas
Government Code §2054.375(2).
(47) Threat--Any circumstance or event with the potential
to adversely impact organizational operations (including mission,
functions, image, or reputation), organizational assets, or individuals
by the unauthorized access, destruction, disclosure, modification
of information, and/or denial of service.
(48) TX-RAMP--the Texas Risk and Authorization Management
Program.
(49) User of Information Resources--An individual,
process, or automated application authorized to access an information
resource in accordance with federal and state law, agency policy,
and the information-owner's procedures and rules.
(50) Vulnerability Assessment--A documented evaluation
containing information described in Texas Government Code §2054.077(b),
which includes the susceptibility of a particular system to a specific
attack.
|
Source Note: The provisions of this §202.1 adopted to be effective March 17, 2015, 40 TexReg 1357; amended to be effective November 17, 2021, 46 TexReg 7775; amended to be effective November 16, 2023, 48 TexReg 6579 |