About OCISO

State of Texas Cybersecurity Vision

The State of Texas will use its resources efficiently, collaboratively and effectively to create a risk-aware culture that places high value on protecting information entrusted to the state, and to form a protected and resilient cybersecurity environment. 

The Office of the Chief Information Security Officer

The Office of the Chief Information Security Officer (OCISO) provides statewide information security program guidance to state agencies, institutions of higher education, and other governmental entities.  Led by the State of Texas Chief Information Security Officer, Nancy Rainosek, the team works to set state information security policies and standards, publish guidance on best practices, improve incident response preparedness, monitor and analyze incidents, coordinate security services, and promote information sharing throughout the public sector cybersecurity community. 

If you have any questions or comments about the services we provide, please contact DIRSecurity@dir.texas.gov

OCISO Logo

News & Updates

2018 Cybersecurity Report

Sec. 2054.0591, Government Code requires the Texas Department of Information Resources to publish a biennial report on cybersecurity by November 15th of each even-numbered years.  

View the 2018 Cybersecurity Report (.pdf)

October is Cybersecurity Awareness Month!  

DIR is excited to announce that we will be hosting a cybersecurity awareness PSA competition for Texas high school grades 9-12.  Other events include a cybersecurity presentation at the capitol, and the HHS Cyberfair.  For more information, visit our Cybersecurity Awareness Month webpage

Agency Security Plans Due October 15, 2018

Sec. 2054.133, Government Code, requires each state agency and institution of higher education to develop an information security plan to be submitted no later than October 15 of each even-numbered year to DIR.  DIR has created a Security Plan Template in the SPECTRIM portal as the mechanism for submitting the individual plans.  Notable changes for this iteration of the plan include the inclusion of an executive risk acknowledgement form and four additional security objectives and controls for data security to meet requirements of HB 8, 85(R). More information and resources for completing the plan can be found on our Agency Security Plan webpage

Prioritization of Cybersecurity and Legacy Modernization Projects (PCLS)

SB 1 85(R), Article IX, Section 9.10 (the General Appropriations Act) requires the Department of Information Resources to submit a prioritization of state agencies' cybersecurity projects and projects to modernize or replace legacy systems (as defined in the October 2014 Legacy Systems Study). These projects and their associated prioritization will be considered for funding in the agencies’ related Legislative Appropriation Requests (LAR).   DIR must submit the prioritization report to the Legislative Budget Board by October 1, 2018. To be included in the prioritization effort, agencies must submit information about their requests to DIR through the SPECTRIM portal prior to the agency’s LAR due date and include the associated PCLS tracking key in their LAR submission.  More information about PCLS can be obtained by emailing pcls@dir.texas.gov or visiting the PCLS webpage.

Cybersecurity Continuing Education Guidelines for Information Resources Employees Published

HB 8, 85(R) required DIR to develop continuing education guidelines for information resources employees regarding cybersecurity. The guidelines are intended to assist agencies in developing their cybersecurity training programs.  The guidelines and other resources can be found on our Templates and Guides webpage.

Information Security Site Navigation

About OCISO
Agency Security Plan
Communications
Cyber Awareness Month
​Cybersecurity Strategic Plan
Designate an ISO
Education & Awareness
Information Security Forum
InfoSec Academy
Security Services
​SISAC
SPECTRIM Portal
TAC §202
Templates & Guides
Texas Cybersecurity Council
DIR Home

Information about file formats