Texas Security and Risk Management

8.0 Information Systems With Public Access Components

Copyright(c), 1995 - Management Analytics - All Rights Reserved

This section provides guidelines for reviewing automated information systems that include public access capabilities. These systems must incorporate security procedures and controls to ensure data integrity and the protection of confidential information. For all systems with existing public access capabilities, the risk analysis should pay particular attention to the vulnerabilities associated with such capabilities.

All proposals for the acquisition of new systems or upgrades to existing systems should be accompanied by a complete and thorough feasibility study justifying such acquisition or upgrades. In addressing the functional requirements of the system or upgrades, the feasibility study should identify the security measures necessary to maintain data integrity and to satisfy confidentiality and security requirements. Risk analysis provides the basis for meeting these functional criteria. Below are special topics that agencies should address in feasibility studies proposing public access capabilities.

8.1 Risk Analysis

Identify the vulnerabilities associated with the existing or proposed system, including its public access capabilities. If the public access component of the system maintains sensitive information, identify the consequences of disseminating inaccurate or incomplete information. Identify the security procedures and controls that exist or that must be implemented to maintain the required standards of information integrity and access.

If the system maintains confidential information, identify the design features or security controls that must be incorporated to prevent public access to the confidential information.

8.2 Feasibility Study

In conducting the feasibility study for a system incorporating public access capabilities, address the following: