+ All Categories
Home > Documents > Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in...

Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in...

Date post: 25-Jun-2020
Category:
Upload: others
View: 1 times
Download: 0 times
Share this document with a friend
17
Cybersecurity Legislation September 30, 2019 http://ly.tcea.org/820and3834 Presentation: http://ly.tcea.org/cyberpreso
Transcript
Page 1: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

CybersecurityLegislationSeptember 30, 2019

http://ly.tcea.org/820and3834

Presentation: http://ly.tcea.org/cyberpreso

Page 2: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided
Page 3: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided
Page 4: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided
Page 5: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

District loss $600,000

Page 6: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided
Page 7: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

SB 820(1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.

(2) "Cyber attack" means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer network, or computer system.

(3) "Cybersecurity" means the measures taken to protect a computer, computer network, or computer system against unauthorized use or access.

Google Doc with Notes: June Zoom on SB 820

Page 8: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

SB 820Appoint a Cybersecurity Coordinator

○ Will submit name via AskTed○ Will report a breach to TEA and notify parents

Google Doc with Notes: June Zoom on SB 820

Page 9: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

SB 820● Create a Cybersecurity policy to:

○ Secure district cybersecurity infrastructure○ Determine risk and implement mitigation planning○ Policy must not conflict with the information security standards for

institutions of higher education (Texas Cybersecurity Framework)

● TASB is drafting a policy that should be released mid-October

Google Doc with Notes: June Zoom on SB 820

Contact [email protected] to report a breach

Page 10: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

Texas Cybersecurity Framework

● Includes 40 objectives.● It is a self-risk assessment. ● TEA and ESCs have been using it for six years. ● ESCs are gearing up to help districts.

Google Doc with Notes: June Zoom on SB 820

http://ly.tcea.org/cyberframework

Page 11: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

Texas Cybersecurity Framework

http://ly.tcea.org/cyberframework

Page 12: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

TEA Cybersecurity Webinars

Texas Cybersecurity Framework (TCF) and its primary function. Access Recording on Texas Gateway

Basic Incident Response and the impact of a cybersecurity incident for your organization: 11/6, from 1:00 to 2:00 pm CST

http://ly.tcea.org/TEAcyber

Page 13: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

HB 3834● Requires local governments to train any employee or elected official

who has access to your computer system on cybersecurity awareness.

● DIR will produce a list of at least 5 approved trainings that:○ Focus on forming information security habits and procedures

that protect information resources.

○ Teach best practices for detecting, assessing, reporting, and addressing information security threats.

Page 14: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

HB 3834● A local government that has a ‘dedicated information resources

cybersecurity officer’ and has a cybersecurity training program that satisfies the requirements, may use their own training materials.

○ Must be working in this capacity 50% of the time.

● Training must take place by June 14, 2020

Questions? [email protected]

For more information: http://ly.tcea.org/DIR3834

Page 15: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

HB 3834● A local government must verify and report on the completion of a

cybersecurity training program by the required employees and elected officials (6/14/2020)

● A local government must require periodic audits to ensure compliance with the training requirement.

Questions? [email protected]

For more information: http://ly.tcea.org/DIR3834

Page 16: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

Checklist of Things to do

SB 820

1. Appoint Cybersecurity Officer and insert name in AskTed.

2. Review Texas Cybersecurity Framework.

a. Watch TEA webinars.

3. Create a draft policy that will mitigate your risks.

HB 3834

1. Determine what employees need to be trained.

2. Select a training program.

3. Determine when employees will be trained.

4. Determine what tool you will use to do the periodic audits.

Page 17: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided

2019 Bill Analysis: http://ly.tcea.org/86lege

Detailed Notes on SB 820 and HB 3834 http://ly.tcea.org/820and3834


Recommended