IT Leadership Banner 

Strategy 2.1 – Align the State's Approach to Enterprise Security 

State agencies have accomplished many successful IT initiatives during this past biennium. Selected agency projects are highlighted below for the enterprise security categories of State Enterprise Security Plan, Decreasing Vulnerability to Cyber Attack, and Response and Recovery Capabilities.

Agency Spotlights: State Enterprise Security Plan

Agency

Initiative

Office of Attorney General

The OAG has developed an Information Security Strategic Plan (ISSP) that aligns with the State Enterprise Security Plan. The agency is implementing a risk-based information security strategy to provide a means to mitigate risks that also maximizes the positive effects of security activities and minimizes costs.

Texas Department of Insurance 

The TDI security program includes several initiatives that align with the State Enterprise Security Plan. TDI’s security program includes security awareness training and an online computer security manual, as well as participating in DIR-sponsored training and other continuing education certificate training.  

Texas Water Development Board 

TWDB has implemented the strategies in the State Enterprise Security Plan; developed security policies to develop a business continuity plan and a “user awareness” security program; and implemented appropriate hardware to protect agency information resources. 

Texas Workforce Commission 

 

TWC conducts regular reviews and risk assessments of agency technology resources, capabilities, and assets. To support this effort, TWC recently developed an Unemployment Insurance IT System Security Plan and Risk Assessment in accordance with Federal Information Security Management Act (FISMA).

Back to Top

Agency Spotlights: Decreasing Vulnerability to Cyber Attack

Agency

Initiative

Health and Human Services Commission

HHSC is planning a Data Loss Prevention (DLP) Program that will classify HHSC data and protect according to classification. The protection mechanisms will be in place for data throughout its lifecycle, including in use, in transit, in storage, and finally, at destination.

Secretary of State

The Secretary of State conducts quarterly vulnerability assessments as part of requirements for the Payment Card Industry Data Security Standards (PCI DSS). The information technology, legal, and program areas work together to ensure sensitive personal information is properly safeguarded

Texas Department of Insurance 

TDI has implemented defined levels of security access for databases and applications that contain confidential information. TDI utilizes a statement of responsibility and accountability that every user of TDI network systems must sign, even temporary staff or contractors. 

Texas Department of Savings and Mortgage Lending 

TDSML has procedures in place to control, document, and track the access of employees to the agency’s sensitive systems.  

Texas Education Agency

TEA implemented disk encryption for laptop security, as well as secured web email for encrypting communication with external parties. The agency also completed an internal audit of protection of student confidential data and is planning to strengthen compliance with FERPA.  

Texas Workforce Commission

TWC performs at least two system penetration tests annually to ensure the security of TWC systems and data. In fiscal 2010, TWC implemented an automated security assessment appliance, allowing TWC to perform self-assessments of various security configurations.

University of Houston

Mandatory annual online security training educates students, faculty and staff how to protect their computers, personal information and UH computers from hackers and other risks, and how to be greener computer users.  Training to students is new in FY2011 and uses Twitter, YouTube, Facebook, and videos of UH students and games in an interactive e-book format. 

   

Back to Top

Agency Spotlights: Response and Recovery Capabilities

Agency

Initiative

Texas Department of Insurance 

The TDI disaster recovery plan ensures the efficient and effective recovery of agency operations in the event of a disaster, including provisions for pandemic preparedness. The plan defines critical functions and identifies alternate work locations. 

Texas Facilities Commission

TFC collaborated with IBM and DIR to develop, test, and implement a Disaster Recovery Plan (DRP) that reflects the agency’s new virtual environment at the Austin Data Center. The updated DRP will be incorporated into the agency’s Business Continuity Plan along with recovery plans for each division.  

Texas Lottery Commission

TLC cooperates with DIR’s Network and Security Operations Center, maintains a backup facility to support recovery and business continuity activities, and has a comprehensive business continuity plan, that is periodically reviewed and tested.  

Texas Workforce Commission 

TWC conducts end-to-end disaster recovery tests each year for equipment and applications located at both the Austin Data Center and the San Angelo Data Center. TWC has also improved power backup technologies for the TWC Annex data center, developed an emergency email service to ensure continued communication in the event of a disaster, enhanced remote access capability (VPN, GoToMyPC) in the event of a pandemic or disaster, and developed an agency-wide Continuity of Operations Plan.  

Back to Top

    © Department of Information Resources 2012