With the launch of ?TexasOnline? in June 2000, the State of Texas was providing a public portal for everything from renewing car registration to completing public university applications. Texas IT officials pointed out an increased need for proper security measures became necessary as a result of providing more accessible government. This led to Texas requesting the recent completion of the first statewide IT security assessment in the United States.

Texas commissioned Sprint E|Solutions to conduct the analysis. The company evaluated the current status of state security preparedness and proceeded to review the statewide security structure, emphasizing online systems connected to the Internet and the feasibility of consolidating operations for small agencies.

The goal for Texas in requiring the survey was to enable the state to sustain its position as a competitor in the arena of forward-thinking e-government and build citizen trust in the state?s ability to maintain confidential agency and private citizen information. ?The Internet is transforming our economy and has the potential to reform bureaucracy as we know it,? said Carolyn Purcell, executive director of the Texas Department of Information Resources, ?making government more efficient and putting Texans first. As a national leader in the implementation of e-government, we recognized the importance of ensuring that our systems are safe and building public confidence in the security of their information.?

The assessment took a comprehensive look at the existing policies and procedures, network and server configuration, disaster recovery plans, and physical security pertaining to Texas? information systems. Simulated hacker attacks were done to evaluate the existing system?s ability to handle and protect against such real world scenarios.

As a result, there was a recommendation to centralize agency security efforts under an existing state agency. The centralized organization would work with existing state agencies to ensure the full implementation of all necessary security measures. Sprint suggested that, if recommendations were followed, uniform security policies and configuration standards along with periodic process maturity and technology vulnerability assessments would result. Centralized advice and hands-on support in implementing perimeter security, the availability of ongoing statewide security training for management administrators and users as well as the provision of comprehensive incident report communication, threat analysis and response coordination would all be added benefits of having a new centralized security agency.

?We are very happy to have the results of [the] study, and we have been developing a plan to implement the recommendations,? Purcell said as she expressed her satisfaction with the study, ?We plan to increase security measures and have them in place by 2002.?