The following words and terms, when used with this chapter, shall have the following meanings, unless the context clearly indicates otherwise.
- (1) Access--To approach, interact with, or otherwise make use of information resources.
- (2) Business Continuity Planning--The process of identifying critical data systems and business functions, analyzing the risks and probabilities of service disruptions and developing procedures to restore those systems and functions.
- (3) Confidential Information--Information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act.
- (4) Control--Any action, device, policy, procedure, technique, or other measure that improves security.
- (5) Custodian of an Information Resource--A person responsible for implementing owner-defined controls and access to an information resource.
- (6) Department--The Department of Information Resources.
- (7) Information Resources--Is defined in §2054.003(6), Texas Government Code and/or other applicable state or federal legislation.
- (8) Information Security Program--The elements, structure, objectives, and resources that establish an information resources security function within an agency.
- (9) Mission Critical Information--Information that is defined by the agency to be essential to the agency's function(s).
(10) Owner of an Information Resource--A person responsible:
- (A) For a business function; and
- (B) For determining controls and access to information resources supporting that business function.
- (11) Platform--The foundation technology of a computer system. The hardware and systems software that together provide support for an application program. (Ref: Practices for Protecting Information Resources Assets.)
- (12) Security Incident--An event which results in unauthorized access, loss, disclosure, modification, disruption, or destruction of information resources whether accidental or deliberate.
- (13) Security Risk Analysis--The process of identifying and documenting vulnerabilities and applicable threats to information resources.
- (14) Security Risk Assessment--The process of evaluating the results of the risk analysis by projecting losses, assigning levels of risk, and recommending appropriate measures to protect information resources.
- (15) Security Risk Management--Decisions to accept exposures or to reduce vulnerabilities.
- (16) User of an Information Resource--An individual or automated application authorized to access an information resource in accordance with the owner-defined controls and access rules.
- (17) Vulnerability Report--A computer related report containing information described in §2054.077(b), Government Code, as that section may be amended from time to time.
Source Note:The provisions of this §202.1 adopted to be effective June 17, 2002, 27 TexReg 5152.