2020 Biennial Performance Report

Advancing the Next Generation of Technology in Texas


Goal 1: Secure IT Service Delivery




State agencies must provide secure information and services to both the Texans they serve and the workforce they support. Protecting sensitive and confidential data is a top priority.

Objectives

  1. Evaluate and deploy cost-effective security enhancement tools. 
  2. Routinely improve and test business continuity plans.
  3. Consolidate and centralize identity and access management across applications.
  4. Prioritize legacy modernization efforts.
  5. Utilize an application portfolio management solution.

Outcomes

  1. Effective agency security programs that reduce risk and vulnerability of the agency's information systems.
  2. Protect private and confidential information, minimize exposure to cyberattacks, and create a mature risk-based security program.
  3. Address legacy system modernization to reduce risk of system compromise and data breaches.
  4. Redirect IT savings to improve security, enhance monitoring of potential threats, and increase application efficiency.

Assessment

Through the ongoing deployment of effective tools like multifactor authentication (MFA), continuity of operations planning (COOP), and training, state agencies continue to increase their ability to prevent, detect, respond to, and recover from security incidents and cyberattacks. 


Agencies understand that using tools for managing business application inventories, modernizing legacy systems, and keeping software current help combat cybersecurity concerns. 

Concerns

Understanding risk and barriers is key to improving the cybersecurity posture of state government. Agencies identified the increasing sophistication of threats as the top barrier to cybersecurity.

Recommendations

State agencies are increasingly taking a strategic approach to ensure reliable and secure access to information. The State of Texas must ensure there are sufficient resources, skills, and capacity at the enterprise — and agency — level to minimize cybersecurity exposure, reduce risk of system compromise, and facilitate the maturity of cybersecurity programs. DIR recommends the following actions to maintain the momentum for cybersecurity improvements.
1. Advance the state of security through expansion of coordinated incident response.

2. Enhance cybersecurity by aligning training and requirements for public sector entities.