PM-02-727 Senior Information Security Officer

Senior Information Security Officer

PM-02-727
Senior Information Security Officer
Program Management
Identify
Enterprise Security Policy, Standards and Guidelines
NOT SELECTED
P1
Yes
February 13, 2018

The Agency chief information security officer is the designated senior information security officer and is reponsible for all requirements outlined in Texas Administrative Code Section 202.71. The chief information security officer may issue exceptions to information security requirements or controls outlined in Texas Administrative Code Chapter 202.

Responsibility for the security program has not been defined.
The organization appoints a senior information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.
The organization has a designated security official who: a. is responsible for the development and implementation of the organizational information security program; b. is responsible for the development of information security policies and procedures; c. is responsible for and has authority for monitoring of compliance to the organization’s information security policy and procedures; and d. has appropriate level of accessibility and visibility from executive leadership of the organization to be effective.
Each state organization head or his or her designated representative(s) shall designate an information security officer to administer the state organization information security program.
Obtain Information security program policy; information security program plan; documentation addressing roles and responsibilities of the senior information security officer position; information security program mission statement; other relevant documents or records and ascertain if: (I) organization appoints a senior information security officer to coordinate, develop, implement, and maintain an organization-wide information security program; and (ii) the organization empowers the senior information security officer with the mission and resources required to coordinate, develop, implement, and maintain an organization-wide information security program.