<<Prev Rule

Texas Administrative Code

 Next Rule>>
TITLE 1ADMINISTRATION
PART 10DEPARTMENT OF INFORMATION RESOURCES
CHAPTER 202INFORMATION SECURITY STANDARDS
SUBCHAPTER ADEFINITIONS
RULE §202.1Applicable Terms and Technologies for Information Security Standards
  (39) Risk Management--The process of aligning information resources risk exposure with the organization's risk tolerance by either accepting, transferring, or mitigating risk exposures.

  (40) Security Assessment--The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.

  (41) Security Incident--An incident that meets one of the requirements enumerated at Texas Government Code §2054.603(a)(1)(A) - (B).

  (42) Sensitive Personal Information--A category of personal identity information as defined by Texas Business and Commerce Code §521.002(a)(2).

  (43) Standards--Specific mandatory controls that help enforce and support the information security policy.

  (44) State-controlled data--Any and all data that is created, processed, or stored by a state agency.

  (45) StateRAMP--The risk and authorization management program, built upon the National Institute of Standards and Technology Special Publication 800-53 and modeled after the FedRAMP program, that provides state and local governments a common method for verification of cloud security.

  (46) Statewide Technology Centers--As defined in Texas Government Code §2054.375(2).

  (47) Threat--Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals by the unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

  (48) TX-RAMP--the Texas Risk and Authorization Management Program.

  (49) User of Information Resources--An individual, process, or automated application authorized to access an information resource in accordance with federal and state law, agency policy, and the information-owner's procedures and rules.

  (50) Vulnerability Assessment--A documented evaluation containing information described in Texas Government Code §2054.077(b), which includes the susceptibility of a particular system to a specific attack.

Source Note: The provisions of this §202.1 adopted to be effective March 17, 2015, 40 TexReg 1357; amended to be effective November 17, 2021, 46 TexReg 7775; amended to be effective November 16, 2023, 48 TexReg 6579 

       Previous Page

Link to Texas Secretary of State Home Page | link to Texas Register home page | link to Texas Administrative Code home page | link to Open Meetings home page