Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
It is the policy of the state of Texas that:
(A) Automated information and information resources residing in the
various agencies of state government are strategic and vital assets
belonging to the people of Texas. These assets require a degree of
protection commensurate with their value. Measures shall be taken
to protect these assets against accidental or unauthorized
disclosure, modification or destruction, as well as to assure the
security, reliability, integrity and availability of information.
(B) The protection of assets is a management responsibility.
(C) Access to state information resources must be strictly controlled.
State law requires that state owned information resources be used
only for official state purposes.
(D) Information which is sensitive or confidential must be protected
from unauthorized access or modification. Data which is essential
to critical state functions must be protected from loss,
contamination, or destruction.
(E) Risks to information resources must be managed. The expense of
security safeguards must be appropriate to the value of the assets
being protected, considering value to both the state and a
potential intruder.
(F) The integrity of data, its source, its destination, and processes
applied to it must be assured. Changes to data must be made only in
authorized and acceptable ways.
(G) In the event a disaster or catastrophe disables information
processing and related telecommunication functions, the ability to
continue critical governmental services must be assured.
Information resources must be available when needed.
(H) Security needs must be considered and addressed in all phases of
development or acquisition of new information processing systems.
(I) Security awareness and training of employees is one of the most
effective means of reducing vulnerability to errors and fraud and
must be continually emphasized and reinforced at all levels of
management. All individuals must be accountable for their actions
relating to information resources.
(J) Agency information security programs must be responsive and
adaptable to changing vulnerabilities and technologies affecting
state information resources.
(K) Agencies must ensure adequate separation of functions for tasks
that are susceptible to fraudulent or other unauthorized activity.