Fiscal impact
reports (FIRs) are prepared by the Legislative Finance Committee (LFC) for
standing finance committees of the NM Legislature. The LFC does not assume
responsibility for the accuracy of these reports if they are used for other
purposes.
Current FIRs (in
HTML & Adobe PDF formats) are available on the NM Legislative Website (legis.state.nm.us). Adobe PDF versions include all attachments,
whereas HTML versions may not.
Previously issued FIRs and attachments may also be obtained from the LFC
in
|
SPONSOR |
Rodella |
DATE TYPED |
|
HB |
190 |
||
|
SHORT
TITLE |
State Network |
SB |
|
||||
|
|
ANALYST |
Paz |
|||||
APPROPRIATION
|
Appropriation
Contained |
Estimated
Additional Impact |
Recurring or
Non-Rec |
Fund Affected |
||
|
FY04 |
FY05 |
FY04 |
FY05 |
||
|
|
$1,000.0 |
|
|
Non-recurring |
General
Fund |
|
|
|
|
|
|
|
(Parenthesis
( ) Indicate Expenditure Decreases)
Responses
Received From
Office
of the Chief Information Officer
SUMMARY
Synopsis of Bill
House Bill 190
appropriates $1 million from the general fund to the Office of the Chief Information
Officer to develop
an enterprise information security program for the state network.
An assessment and
strategic plan published by the Office of the Chief Information Officer in
September 2003 recommended the state implement an enterprise information
security program to include a single security architecture with common goals,
methods, standards and policies.
Significant Issues
The state does not have a mechanism for
coordinating agency information security requirements.
Information security
activities at various agencies lack oversight and guidance. Risks to the state include the loss of
information, integrity of information and systems, which could ultimately result
in many state agencies failure to continue operations for a significant period
of time in the even of a breach in security.
According to the
Office of the CIO, the state remains highly vulnerable to both external and internal
intrusions, resulting in continued risk of denial of service and fraud, as well
as growing operation costs while efficiency decreases.
PERFORMANCE IMPLICATIONS
According to the Office of the CIO, the information security program will enhance the performance of the state computer network and mitigate risks to the confidentiality, integrity and availability of information assets.
Performance metrics will be required to measure the success of this program in the following areas:
· Computer incident response
· Threat and vulnerability reduction
· Audits and assessments
· Information security awareness
ADMINISTRATIVE IMPLICATIONS
According to the Office of the CIO, this program will require a new security administration model, new security workflow and management.
An information security taskforce will need to be established through the Office of Homeland Security and coordinated with the Office of the CIO and the General Services Department.
FISCAL IMPLICATIONS
The appropriation of $1
million contained in this bill is a non-recurring expense to the general
fund. Any unexpended or unencumbered
balance remaining at the end of Fiscal Year 2005 shall revert to the general
fund.
Ongoing
support of this program will require a recurring general fund appropriation of
approximately $500 to the base budget of either the Office of the Chief
Information Officer or the General Services Department.
CONFLICTS, DUPLICATION
House Bill 2 includes a similar special
information technology appropriation of $1 million for this program.
TECHNICAL ISSUES
According to the
Office of the CIO, this program requires development of enterprise security
management processes, policies, enterprise security model, selection of both
external experts, and best of breed technologies. This program should be integrated into
enterprise architecture and include wireless, client/server and mainframe
environments.
This program should
make use of the expertise and capabilities of the New Mexico Institute of
Mining and Technology, which has a nationally recognized program in Information
Assurance.
EP/njw