SPECTRIM

Statewide Portal for Enterprise Cybersecurity Threat, Risk, and Incident Management

Annotation 2019-05-23 122705.png

Overview

To help tie together the overall state security program, DIR has implemented a governance, risk, and compliance software tool available to all state agencies and institutions of higher education. The SPECTRIM portal provides tools for managing and reporting security incidents, conducting risk assessments, storing and managing organizational policies, performing assessment and authorization (A&A) on information systems, templates for agency security planning activities, and more. 

Urgent Incident Reporting

TAC §202 requires each state agency and institution of higher education to provide timely reporting of certain types of security incidents to DIR which, depending on the threat or level of risk to the State, could mean emergency reporting.  Timely reporting is required (preferably within 24 hours) for incidents that may:

  1. Propagate to other state systems (emergency reporting) OR
  2. Result in criminal violations that shall be reported to law enforcement OR
  3. Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information.

IMPORTANT: For emergency reporting of security incidents meeting the above criteria, please call DIR's Computer Security Incident Reporting and Assistance Line at (512) 350-3282. The phone is answered 24 hours a day, 7 days a week. The portal also provides comparison statistics for incident management and response. See more information about Incident Reporting.

Additionally, the DIR Network Security Operations Center (NSOC) may be able to provide assistance regarding security incidents.

To report a suspected phishing attempt, send the email as an attachment to security-alerts@dir.texas.gov.  Our NSOC Analysts will review the message and block any identified malicious requests at the perimeter, these contributions go a long way to improving the security of our community as a whole. 

The SPECTRIM Incident Management Manual provides you with step by step instructions for using the Incident Management module. 

Monthly Incident Reporting System

TAC RULE §202.23(b)(2) and §202.73(b)(2) requires agencies and institutions of higher education to submit a report of security-related events to the department on a monthly basis no later than nine (9) calendars days after the end of the month.  These reports are submitted through the SPECTRIM Portal's Monthly Incident Reporting System.  Members of the incident access group with active SPECTRIM accounts will be reminded via system generated notifications prior to the reporting deadline.  For more information concerning the monthly incident reporting system, please see slides 46-50 of the SPECTRIM Incident Management Manual above or contact GRC@dir.texas.gov. 

Policy Management

The policy management solution allows organizations to store, manage, and review their IT and security policies as well as link policy components to applicable security controls. View the SPECTRIM Policy and Security Plan Template Training Slides.

Agencies and institutions of higher education now have the option of participating in the Texas Policy Sharing Group within the portal.  This group allows users to elect to share their policies across organizations with other participating members.  For more information on sharing policies see the Texas Policy Sharing Group Overview

Risk Management

TAC §202 requires that a risk assessment of the organizations' information and information systems shall be performed and documented. To help facilitate this requirement, the portal offers a risk assessment tool with standard questionnaires for application, facilities, organizational, and network assessments.  

  1. The inherent impact will be ranked, at a minimum, as either "High," "Moderate," or "Low".
  2. The frequency of the future risk assessments will be documented.
  3. Risk assessment results, vulnerability reports, and similar information shall be documented and presented to the Information Security Officer or his or her designated representative(s).
  4. Approval of the security risk acceptance, transference, or mitigation decision shall be the responsibility of:
    1. the information security officer or his or her designee(s), in coordination with the information owner, for systems identified with a Low or Moderate residual risk.
    2. the state agency head for all systems identified with a residual High Risk.

The SPECTRIM Risk Manual provides you with step by step instructions for using the Risk Assessment module.

The portal additionally supports a top-down risk assessment approach through the risk register.  The risk register helps organizations track and manage critical risks and risk treatments over their lifecycle.  

Agency Security Plan Template

The Agency Security Plan template gives agencies:

  • A method for reporting on the types of controls they have in place
  • An evaluation of their ability to operate the control environment at their required level
  • A standardized approach for preparing the agency’s ongoing security plan
Visit the agency security plan web page for more information and resources to complete your plan. 

Assessment & Authorization (A&A)

DIR has implemented a solution within the portal for performing information system assessments and authorization based on the NIST Risk Management Framework.  Due to the complexity of this solution, we are asking that interested parties contact GRC@dir.texas.gov to schedule an overview and training session.  

SPECTRIM Resources