Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in...
Transcript of Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in...
![Page 1: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/1.jpg)
CybersecurityLegislationSeptember 30, 2019
http://ly.tcea.org/820and3834
Presentation: http://ly.tcea.org/cyberpreso
![Page 2: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/2.jpg)
![Page 3: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/3.jpg)
![Page 4: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/4.jpg)
![Page 5: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/5.jpg)
District loss $600,000
![Page 6: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/6.jpg)
![Page 7: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/7.jpg)
SB 820(1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.
(2) "Cyber attack" means an attempt to damage, disrupt, or gain unauthorized access to a computer, computer network, or computer system.
(3) "Cybersecurity" means the measures taken to protect a computer, computer network, or computer system against unauthorized use or access.
Google Doc with Notes: June Zoom on SB 820
![Page 8: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/8.jpg)
SB 820Appoint a Cybersecurity Coordinator
○ Will submit name via AskTed○ Will report a breach to TEA and notify parents
Google Doc with Notes: June Zoom on SB 820
![Page 9: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/9.jpg)
SB 820● Create a Cybersecurity policy to:
○ Secure district cybersecurity infrastructure○ Determine risk and implement mitigation planning○ Policy must not conflict with the information security standards for
institutions of higher education (Texas Cybersecurity Framework)
● TASB is drafting a policy that should be released mid-October
Google Doc with Notes: June Zoom on SB 820
Contact [email protected] to report a breach
![Page 10: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/10.jpg)
Texas Cybersecurity Framework
● Includes 40 objectives.● It is a self-risk assessment. ● TEA and ESCs have been using it for six years. ● ESCs are gearing up to help districts.
Google Doc with Notes: June Zoom on SB 820
http://ly.tcea.org/cyberframework
![Page 12: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/12.jpg)
TEA Cybersecurity Webinars
Texas Cybersecurity Framework (TCF) and its primary function. Access Recording on Texas Gateway
Basic Incident Response and the impact of a cybersecurity incident for your organization: 11/6, from 1:00 to 2:00 pm CST
http://ly.tcea.org/TEAcyber
![Page 13: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/13.jpg)
HB 3834● Requires local governments to train any employee or elected official
who has access to your computer system on cybersecurity awareness.
● DIR will produce a list of at least 5 approved trainings that:○ Focus on forming information security habits and procedures
that protect information resources.
○ Teach best practices for detecting, assessing, reporting, and addressing information security threats.
![Page 14: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/14.jpg)
HB 3834● A local government that has a ‘dedicated information resources
cybersecurity officer’ and has a cybersecurity training program that satisfies the requirements, may use their own training materials.
○ Must be working in this capacity 50% of the time.
● Training must take place by June 14, 2020
Questions? [email protected]
For more information: http://ly.tcea.org/DIR3834
![Page 15: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/15.jpg)
HB 3834● A local government must verify and report on the completion of a
cybersecurity training program by the required employees and elected officials (6/14/2020)
● A local government must require periodic audits to ensure compliance with the training requirement.
Questions? [email protected]
For more information: http://ly.tcea.org/DIR3834
![Page 16: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/16.jpg)
Checklist of Things to do
SB 820
1. Appoint Cybersecurity Officer and insert name in AskTed.
2. Review Texas Cybersecurity Framework.
a. Watch TEA webinars.
3. Create a draft policy that will mitigate your risks.
HB 3834
1. Determine what employees need to be trained.
2. Select a training program.
3. Determine when employees will be trained.
4. Determine what tool you will use to do the periodic audits.
![Page 17: Cybersecurity Legislation - 4.files.edl.io · (1) "Breach of system security" means an incident in which student information that is sensitive, protected, or confidential, as provided](https://reader033.fdocuments.in/reader033/viewer/2022060322/5f0d825e7e708231d43ab61c/html5/thumbnails/17.jpg)
2019 Bill Analysis: http://ly.tcea.org/86lege
Detailed Notes on SB 820 and HB 3834 http://ly.tcea.org/820and3834