The SPECTRIM Portal

Statewide Portal for Enterprise Cybersecurity Threat, Risk and Incident Management

Note: The name SPECTRIM was adopted April 2016. The portal was formerly known as Archer.

To help tie together the overall state security program, DIR has implemented a governance, risk and compliance software tool available to all state agencies and institutions of higher education. The SPECTRIM portal provides incident management and analysis, risk assessment analysis and agency security plan template preparation.

Incident Management and Analysis

TAC §202 requires each state agency and institution of higher education to provide timely reporting of certain types of security incidents to DIR which, depending on the threat or level of risk to the State, could mean emergency reporting.  Timely reporting is required (preferably within 24 hours) for incidents that may:

  1. Propagate to other state systems (emergency reporting)

  2. Result in criminal violations that shall be reported to law enforcement 

  3. Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information

IMPORTANT: For emergency reporting of security incidents meeting the above criteria, please call DIR's Computer Security Incident Response Team (CSIRT) at (512) 350-3282. The phone is answered 24 hours a day, 7 days a week.

The portal also provides comparison statistics for incident management and response. See more information about Incident Reporting

The SPECTRIM Incident Management Manual provides you with step by step instructions for using the Incident Management module.

Please  use the SPECTRIM Portal to record the applicable details of a reportable security incident.

You are about to connect to a state-authorized incident reporting system. Site access is for official state business only. Before proceeding, be aware that users may be monitored. Except as otherwise provided by applicable privacy laws, there is no expectation of privacy in the use of this site.

Risk Assessment Analysis

TAC §202 requires that a risk assessment of the organizations' information and information systems shall be performed and documented.

  1. The inherent impact will be ranked, at a minimum, as either "High," "Moderate," or "Low".

  2. The frequency of the future risk assessments will be documented.

  3. Risk assessment results, vulnerability reports, and similar information shall be documented and presented to the Information Security Officer or his or her designated representative(s).

  4. Approval of the security risk acceptance, transference, or mitigation decision shall be the responsibility of:
    (A) the information security officer or his or her designee(s), in coordination with the information owner, for systems identified with a Low or Moderate residual risk.
    (B) The state agency head for all systems identified with a residual High Risk.

Please use the SPECTRIM Portal to assess risks for your overall security program and information systems.

You are about to connect to a state-authorized incident reporting system. Site access is for official state business only. Before proceeding, be aware that users may be monitored. Except as otherwise provided by applicable privacy laws, there is no expectation of privacy in the use of this site.

The SPECTRIM Risk Manual provides you with step by step instructions for using the Risk Assessment module.

SPECTRIM Risk Changes Front End User - Risk updates for March 2016

Agency Security Plan Template

 

The Agency Security Plan template gives agencies:

  • A method for reporting on the types of controls they have in place
  • An evaluation of their ability to operate the control environment at their required level
  • A standardized approach for preparing the agency’s ongoing security plan

Please  use the SPECTRIM Portal to record the applicable details of a your security plan template.

SPECTRIM Training

Archer GRC Incidents Training Class

  1. Click the link above and  select “Save as” to download the zip file to your desktop.

  2. Once downloaded, right-click the zip file and select “extract files” to your desktop.

  3. Double-Click the presentation.html5 file to launch the training.

  4. You need Adobe Shockwave to run this file.  Click here to download Shockwave:  http://get.adobe.com/shockwave/

  5. If you have any issues running the file, please contact the SPECTRIM Team at GRC@dir.texas.gov

Archer GRC Risk Assessment Training Class

Policy and Security Plan Template Training

  1. Click the link above and  select “Save as” to download the zip file to your desktop.

  2. Once downloaded, right-click the zip file and select “extract files” to your desktop.

  3. Double-Click the player.html file to launch the training.

  4. You need Adobe Shockwave to run this file.  Click here to download Shockwave:  http://get.adobe.com/shockwave/

  5. If you have any issues running the file, please contact the SPECTRIM Team at GRC@dir.texas.gov

Webinars