The following words and terms, when used with this chapter, shall have
the following meanings, unless the context clearly indicates otherwise.
(1) Access--To approach, interact with, or otherwise make use
of information resources.
(2) Business Continuity Planning--The process of identifying
critical data systems and business functions, analyzing the risks and probabilities
of service disruptions and developing procedures to restore those systems
and functions.
(3) Confidential Information--Information that is excepted
from disclosure requirements under the provisions of applicable state or federal
law, e.g. the Texas Public Information Act.
(4) Control--Any action, device, policy, procedure, technique,
or other measure that improves security.
(5) Custodian of an Information Resource--A person responsible
for implementing owner-defined controls and access to an information resource.
(6) Department--The Department of Information Resources.
(7) Information Resources--Is defined in §2054.003(6),
Texas Government Code and/or other applicable state or federal legislation.
(8) Information Security Program--The elements, structure,
objectives, and resources that establish an information resources security
function within an agency.
(9) Mission Critical Information--Information that is defined
by the agency to be essential to the agency's function(s).
(10) Owner of an Information Resource--A person responsible:
(A) For a business function; and
(B) For determining controls and access to information resources
supporting that business function.
(11) Platform--The foundation technology of a computer system.
The hardware and systems software that together provide support for an application
program. (Ref: Practices for Protecting Information Resources Assets.)
(12) Security Incident--An event which results in unauthorized
access, loss, disclosure, modification, disruption, or destruction of information
resources whether accidental or deliberate.
(13) Security Risk Analysis--The process of identifying and
documenting vulnerabilities and applicable threats to information resources.
(14) Security Risk Assessment--The process of evaluating the
results of the risk analysis by projecting losses, assigning levels of risk,
and recommending appropriate measures to protect information resources.
(15) Security Risk Management--Decisions to accept exposures
or to reduce vulnerabilities.
(16) User of an Information Resource--An individual or automated
application authorized to access an information resource in accordance with
the owner-defined controls and access rules.
(17) Vulnerability Report--A computer related report containing
information described in §2054.077(b), Government Code, as that section
may be amended from time to time.
|
