|
The following words and terms, when used with this chapter, shall have the following meanings, unless the context clearly indicates otherwise. (1)Access--To approach, interact with, or otherwise make use of information resources. (2)Business Continuity Planning--The process of identifying critical data systems and business functions, analyzing the risks and probabilities of service disruptions and developing procedures to restore those systems and functions. (3)Confidential Information--Information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act. (4)Control--Any action, device, policy, procedure, technique, or other measure that improves security. (5)Custodian of an Information Resource--A person responsible for implementing owner-defined controls and access to an information resource. (6)Department--The Department of Information Resources. (7)Information Resources--Is defined in Section 2054.003(6), Texas Government Code and/or other applicable state or federal legislation. (8)Information Security Program--The elements, structure, objectives, and resources that establish an information resources security function within an agency. (9)Mission Critical Information--Information that is defined by the agency to be essential to the agency's function(s). (10)Owner of an Information Resource--A person responsible: (A)For a business function; and (B)For determining controls and access to information resources supporting that business function. (11)Platform--The foundation technology of a computer system. The hardware and systems software that together provide support for an application program. (Ref: Practices for Protecting Information Resources Assets.) (12)Security Incident--An event which results in unauthorized access, loss, disclosure, modification, or destruction of information resources whether accidental or deliberate. (13)Security Risk Analysis--The process of identifying and documenting vulnerabilities and applicable threats to information resources. (14)Security Risk Assessment--The process of evaluating the results of the risk analysis by projecting losses, assigning levels of risk, and recommending appropriate measures to protect information resources. (15)Security Risk Management--Decisions to accept exposures or to reduce vulnerabilities. (16)User of an Information Resource--An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules. (17)Vulnerability Report--A computer related report containing information described in Section 2054.007(b), Government Code, as that section may be amended from time to time.
This agency hereby certifies that the proposal has been reviewed
by legal counsel and found to be within the agency's legal authority to adopt.
Filed with the Office of
the Secretary of State on March 6, 2002
TRD-200201365 Renee Mauzy
General Counsel
Department of
Information Resources
Earliest possible date of adoption: April 21, 2002
For further information, please call: (512) 475-4750
|
