Strategic Security Intelligence

Texas Information Security Standards

(3) Policy

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

It is the policy of the state of Texas that:

• (A) Automated information and information resources residing in the various agencies of state government are strategic and vital assets belonging to the people of Texas. These assets require a degree of protection commensurate with their value. Measures shall be taken to protect these assets against accidental or unauthorized disclosure, modification or destruction, as well as to assure the security, reliability, integrity and availability of information.
• (B) The protection of assets is a management responsibility.
• (C) Access to state information resources must be strictly controlled. State law requires that state owned information resources be used only for official state purposes.
• (D) Information which is sensitive or confidential must be protected from unauthorized access or modification. Data which is essential to critical state functions must be protected from loss, contamination, or destruction.
• (E) Risks to information resources must be managed. The expense of security safeguards must be appropriate to the value of the assets being protected, considering value to both the state and a potential intruder.
• (F) The integrity of data, its source, its destination, and processes applied to it must be assured. Changes to data must be made only in authorized and acceptable ways.
• (G) In the event a disaster or catastrophe disables information processing and related telecommunication functions, the ability to continue critical governmental services must be assured. Information resources must be available when needed.
• (H) Security needs must be considered and addressed in all phases of development or acquisition of new information processing systems.
• (I) Security awareness and training of employees is one of the most effective means of reducing vulnerability to errors and fraud and must be continually emphasized and reinforced at all levels of management. All individuals must be accountable for their actions relating to information resources.
• (J) Agency information security programs must be responsive and adaptable to changing vulnerabilities and technologies affecting state information resources.
• (K) Agencies must ensure adequate separation of functions for tasks that are susceptible to fraudulent or other unauthorized activity.