It is the policy of the State of Texas that:
(1) Information resources residing in the various agencies
of state government are strategic and vital assets belonging to the people
of Texas. These assets must be available and protected commensurate with the
value of the assets. Measures shall be taken to protect these assets against
unauthorized access, disclosure, modification or destruction, whether accidental
or deliberate, as well as to assure the availability, integrity, utility,
authenticity, and confidentiality of information. Access to state information
resources must be appropriately managed.
(2) All agencies are required to have an information resources
security program consistent with these standards, and the agency head is responsible
for the protection of information resources.
(3) All individuals are accountable for their actions relating
to information resources. Information resources shall be used only for intended
purposes as defined by the agency and consistent with applicable laws.
(4) Risks to information resources must be managed. The expense
of security safeguards must be commensurate with the value of the assets being
protected.
(5) The integrity of data, its source, its destination, and
processes applied to it must be assured. Changes to data must be made only
in an authorized manner.
(6) Information resources must be available when needed. Continuity
of information resources supporting critical governmental services must be
ensured in the event of a disaster or business disruption.
(7) Security requirements shall be identified, documented,
and addressed in all phases of development or acquisition of information resources.
(8) Agencies must ensure adequate controls and separation of
duties for tasks that are susceptible to fraudulent or other unauthorized
activity.
|