Anchor: #i1041949

Section 2: Implementation and Authority

Anchor: #i1026784

Implementation

TxDOT uses a risk management approach to balance business productivity with data and infrastructure asset protection. TxDOT’s Executive Director delegates authority and responsibility for this approach to the Information Security Officer (ISO), who directs the Information Security Program. Along with the policies issued in this manual, the ISO:

  • governs the security processes to implement these policies
  • identifies the procedures to carry out the processes
  • establishes the standards by which implementation of the policies is measured
  • monitors the effectiveness of each process and makes adjustments as necessary
  • verifies that process results meet established standards
  • validates results
  • reports on the Information Security program status.
Anchor: #BGBHAGDF

Basis of Authority

Content in this manual is based in several federal and state laws and on existing agency policy.

  • Texas Administrative Code, Title 1, Chapter 202 Information Security Standards
  • Texas Penal Code, Chapter 33, Computer Crimes
  • Texas Business and Commerce Code:
    • Chapter 322, Uniform Electronic Transactions Act
    • Chapter 521, Unauthorized Use of Identifying Information
  • Texas Government Code:
    • Chapter 403, Section 275, Liability for Property Loss
    • Chapter 552, Public Information
    • Chapter 2054, Information Resources
    • Chapter 2203, Requirement to Use State Property for State Purposes
  • Texas CyberSecurity Act, HB8, 85th Regular Session
  • Federal laws, including:
    • Computer Security Act of 1987, Public Law 100-235
    • Electronic Signatures in Global and National Commerce (ESIGN) Act, Public Law 106-229
    • Computer Fraud and Abuse Act of 1986 Title 18, U.S. Code, Section 1030

NOTE: Order of Precedence. Legal authorities, such as federal or state laws and regulations take precedence over TxDOT policy if a conflict arises. However, TxDOT policy will take precedence over best practices, industry standards, and National Institute of Standards and Technology (NIST) guidelines.

Previous page  Next page   Title page