Strategic Security Intelligence
|
Texas Information Security Standards
|
(2) Classification of Information
Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
The state's automated information files and databases are essential
and vital public resources which must be protected from unauthorized
modification, deletion or disclosure. Subject to executive management
review, agency program managers have responsibility for the information
assets utilized in carrying out the programs under their direction and
accordingly are responsible for classifying program information.
- (A) For purposes of this subsection, two classifications of information
are defined which require special protective precautions:
- (i) confidential information information maintained by state
agencies that is exempt from disclosure under the provisions
of the Texas Open Records Act or other state or federal law;
and,
- (ii) sensitive information information maintained by state
agencies that requires special precautions, as determined by
agency standards and risk management decisions, to assure its
accuracy and integrity by utilizing error checking,
verification procedures and/or access control to protect it
from unauthorized modification or deletion.
- (B) As defined above, sensitive information may be either public or
confidential and requires a higher than normal assurance of
accuracy and completeness. Likewise, confidential information may
also be considered sensitive, requiring special measures to ensure
its accuracy. Thus, the controlling factor for confidential
information is dissemination, while the controlling factor for
sensitive information is that of integrity.