The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise. (1) - (11)(No change.) (12)Restricted Personal Information--Includes an individual's social security number, or data protected under state or federal law (e.g., financial, medical or student data). (13)Sanitized--Overwriting data using software tools and procedures to comply with the U.S. Department of Defense 5220.22-M standard for disk-sanitization. For specific types storage media see Department of Defense 5220.22-M §8-500. Software and Data, Table 1 Clearing and Sanitization Data Storage. (14)[(12)] Security Incident--An event which results in unauthorized access, loss, disclosure, modification, disruption, or destruction of information resources whether accidental or deliberate. (15)[(13)] Security Risk Analysis--The process of identifying and documenting vulnerabilities and applicable threats to information resources. (16)[(14)] Security Risk Assessment--The process of evaluating the results of the risk analysis by projecting losses, assigning levels of risk, and recommending appropriate measures to protect information resources. (17)[(15)] Security Risk Management--Decisions to accept exposures or to reduce vulnerabilities. (18)Storage Device--Any fixed or removable device that contains data and maintains the data after power is removed from the device. (19)[(16)] Test--A simulated or documented "real-live" incident for which records are kept of the incident. (20)[(17)] User of an Information Resource--An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules. (21)Vulnerability Assessment--A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack. (22)[(18)] Vulnerability Report--A computer related report containing information described in §2054.077(b), Government Code, as that section may be amended from time to time. (23)Wireless Access--Using one or more of the following technologies to access the information resources systems of a state agency or institution of higher education: (A)Wireless Local Area Networks--Based on the IEEE 802.11 family of standards. (B)Wireless Personal Area Networks--Based on the Bluetooth and/or InfraRed (IR) technologies. (C)Wireless Handheld Devices--Includes text-messaging devices, Personal Digital Assistant (PDAs), and smart phones. (24)Wireless Security Guidelines--The National Institute of Standards and Technology Special Publication 800-48, Wireless Network Security 802.11, Bluetooth and Handheld Devices.
This agency hereby certifies that the proposal has
been
reviewed by legal counsel and found to be within the agency's legal authority
to adopt.
Filed with the Office of
the Secretary of State on November 1, 2005
TRD-200504999 Renée Mauzy
General Counsel
Department of Information Resources
Earliest possible date of adoption: December 18, 2005
For further information, please call: (512) 936-6448
|
