NOTE: In this website, non 'region10.org' url links open in a new window.

SB 820 & HB 3834 Update

You are probably aware of several statues which passed the 86th legislature in regards to cybersecurity measures to be implemented by school districts.

This fall, Region 10 ESC will begin a series of tech roundtables with time set aside to discuss the new requirements and work collaboratively to ensure your district meets the new expectations and deliverables. We will also hold at least one workshop where each participant will complete a self-assessment of their IT environment and develop a remediation plan to address any issues/gaps in their environment.

SB 820

SB 820 contains four major components for compliance:

  1. Each school district shall adopt a cybersecurity policy to secure the district infrastructure against cyber-attacks and determine cybersecurity risk and implement mitigation planning. The cybersecurity policy may not conflict with information standard for institutions of higher education adopted by the Texas Department of Information Resources under chapters 2054 and 2059 of the Government Code. The information standard for institutions of higher education is commonly referred to as the Texas Cybersecurity Framework, consisting of 40 cybersecurity objectives.

  2. Each superintendent shall designate a cybersecurity coordinator as a liaison between the district and TEA on cybersecurity matters.

  3. The district’s cybersecurity coordinator shall report to TEA any cyber-attack or incident against the district’s infrastructure which constitutes a breach of security as defined in the statute.

  4. The district’s cybersecurity coordinator shall provide notice to a parent of an enrolled student in the district of the cyber-attack which required a report to be submitted to TEA.

HB 3834

  • HB 3834 requires LEAs to provide an annual cybersecurity training program which has been certified by the Texas Department of Information Resources (DIR) to all employees who have access to a computer or database.

  • DIR has started the certification process for Cybersecurity Programs and plans to have a list of certified programs in the next two months.

  • It is recommended that LEAs that have purchased or have already been offering a security awareness training programs, continue using the same program while LEAs not currently providing a security awareness program should consider waiting until DIR has finished the certification process and then evaluate the best certified program for the LEA.

  • Region 10 will soon offer InfoSec IQ as a high quality, low-cost training solution for district staff and students that we believe will be a certified training program.

It is important to note that districts not panic due to these new requirements as the only thing due in September is to have a Cyber Security Coordinator registered in AskTed.

TEA has modified AskTED to collect the new Cybersecurity coordinator information and plans to roll this change into production in the next week. Superintendents will be notified as soon as it is available.

Determining cybersecurity risk is best accomplished by using the Texas Cybersecurity Framework Control Objectives and Definitions. These were developed by DIR and use a common language to address and manage cybersecurity risk. The template is divided into five concurrent and continuous functions, which are the same as the National Institute of Standards and Technology (NIST): Identify, Protect, Detect, Respond, and Recover.

Finally, Frosty Walker, the CISO for TEA, has created a series of webinars around cybersecurity. Visit the Cybersecurity Tips and Tools site on Texas Gateway for a list of upcoming webinar dates as well as an archive of previous webinars, including one this week specifically addressing SB820 and HB3834.

We are here to assist.

David Mendez
Information Security Manager
Technology & Data Services - Office: 972.348.1172
Region 10 Education Service Center
400 E. Spring Valley Road • Richardson, TX 75081

 

Upcoming Events

  • No Upcoming Events

Contacts