17
Cybersecurity Legislation September 30, 2019 http://ly.tcea.org/820and3834 Presentation: http://ly.tcea.org/cyberpreso
CybersecurityLegislationSeptember 30, 2019
http://ly.tcea.org/820and3834
Presentation: http://ly.tcea.org/cyberpreso
District loss $600,000
SB 820(1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.
(2) "Cyber attack" means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer network, or computer system.
(3) "Cybersecurity" means the measures taken to protect a computer, computer network, or computer system against unauthorized use or access.
Google Doc with Notes: June Zoom on SB 820
SB 820Appoint a Cybersecurity Coordinator
○ Will submit name via AskTed○ Will report a breach to TEA and notify parents
Google Doc with Notes: June Zoom on SB 820
SB 820● Create a Cybersecurity policy to:
○ Secure district cybersecurity infrastructure○ Determine risk and implement mitigation planning○ Policy must not conflict with the information security standards for
institutions of higher education (Texas Cybersecurity Framework)
● TASB is drafting a policy that should be released mid-October
Google Doc with Notes: June Zoom on SB 820
Contact [email protected] to report a breach
Texas Cybersecurity Framework
● Includes 40 objectives.● It is a self-risk assessment. ● TEA and ESCs have been using it for six years. ● ESCs are gearing up to help districts.
Google Doc with Notes: June Zoom on SB 820
http://ly.tcea.org/cyberframework
TEA Cybersecurity Webinars
Texas Cybersecurity Framework (TCF) and its primary function. Access Recording on Texas Gateway
Basic Incident Response and the impact of a cybersecurity incident for your organization: 11/6, from 1:00 to 2:00 pm CST
http://ly.tcea.org/TEAcyber
HB 3834● Requires local governments to train any employee or elected official
who has access to your computer system on cybersecurity awareness.
● DIR will produce a list of at least 5 approved trainings that:○ Focus on forming information security habits and procedures
that protect information resources.
○ Teach best practices for detecting, assessing, reporting, and addressing information security threats.
HB 3834● A local government that has a ‘dedicated information resources
cybersecurity officer’ and has a cybersecurity training program that satisfies the requirements, may use their own training materials.
○ Must be working in this capacity 50% of the time.
● Training must take place by June 14, 2020
Questions? [email protected]
For more information: http://ly.tcea.org/DIR3834
HB 3834● A local government must verify and report on the completion of a
cybersecurity training program by the required employees and elected officials (6/14/2020)
● A local government must require periodic audits to ensure compliance with the training requirement.
Questions? [email protected]
For more information: http://ly.tcea.org/DIR3834
Checklist of Things to do
SB 820
1. Appoint Cybersecurity Officer and insert name in AskTed.
2. Review Texas Cybersecurity Framework.
a. Watch TEA webinars.
3. Create a draft policy that will mitigate your risks.
HB 3834
1. Determine what employees need to be trained.
2. Select a training program.
3. Determine when employees will be trained.
4. Determine what tool you will use to do the periodic audits.
2019 Bill Analysis: http://ly.tcea.org/86lege
Detailed Notes on SB 820 and HB 3834 http://ly.tcea.org/820and3834
