Sec. 2054.575. SECURITY ISSUES RELATED TO LEGACY SYSTEMS. (a) A state agency shall, with available funds, identify information security issues and develop a plan to prioritize the remediation and mitigation of those issues. The agency shall include in the plan:
(1) procedures for reducing the agency's level of exposure with regard to information that alone or in conjunction with other information identifies an individual maintained on a legacy system of the agency;
(2) the best value approach for modernizing, replacing, renewing, or disposing of a legacy system that maintains information critical to the agency's responsibilities;
(3) analysis of the percentage of state agency personnel in information technology, cybersecurity, or other cyber-related positions who currently hold the appropriate industry-recognized certifications as identified by the National Initiative for Cybersecurity Education;
(4) the level of preparedness of state agency cyber personnel and potential personnel who do not hold the appropriate industry-recognized certifications to successfully complete the industry-recognized certification examinations; and
(5) a strategy for mitigating any workforce-related discrepancy in information technology, cybersecurity, or other cyber-related positions with the appropriate training and industry-recognized certifications.
(b) The department shall, on request, facilitate collaborative efforts among state agencies to develop a plan described by Subsection (a).
(c) A plan developed under this section, along with any information or communication prepared or maintained for use in the preparation of the plan, is confidential and is not subject to disclosure under Chapter 552.
Added by Acts 2015, 84th Leg., R.S., Ch. 460 (H.B. 1890), Sec. 1, eff. June 15, 2015.
Amended by:
Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 12, eff. September 1, 2017.