Information Security
Cybersecurity Incident Management and Reporting
On this page:
Cybersecurity Incident Response and Preparedness Resources
Incident Response Guidance
State Agency and Higher Education Incident Reporting
Texas Volunteer Incident Response Team (VIRT)
Report an Incident
Call the Incident Response Hotline at (877) DIR-CISO.
SPECTRIM (for state agencies and higher education)
Archer Engage Local Incident Reporting Form
Cybersecurity Incident Response and Preparedness Resources
Texas DIR may provide organizations with incident response support, guidance, and resources, before, during, and after a cybersecurity incident.
Incident Response Guidance
Incident Response Guides, Templates, and resources provide organizations with the ability to build a robust incident management and response program.
Procedures and plans for responding to and processing a privacy or information security incident.
CISA_MS-ISAC_Ransomware Guide_S508C
State Agency and Higher Education Incident Reporting
State agencies and institutions of higher education are required to timely report certain types of security incidents to DIR. Report an urgent incident via the SPECTRIM portal.
Timely reporting is required (preferably within 24 hours) for incidents that may:
-
Propagate to other state systems (emergency reporting) OR
-
Result in criminal violations that shall be reported to law enforcement OR
-
Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information.
For routine SPECTRIM assistance, email [email protected] or open a support request in the portal.
State agencies and institutions of higher education must submit a monthly security-related events report to the department, no later than nine (9) calendars days after the end of the month through the SPECTRIM monthly incident reporting system.
For more information concerning the monthly incident reporting system, please contact [email protected].
Certain businesses and state agencies that experience a data breach of system security that affects 250 or more Texans must contact the Office of the Texas Attorney General.
Report suspected phishing emails to the DIR Network Security Operations Center (NSOC) by sending the message as an attachment to [email protected]. NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.
New Local Government Incident Reporting Requirement
As of September 1, 2023, local governments are required to report security incidents (i.e. breaches or suspected breaches) to DIR, within 48 hours of discovery. Report an incident via the Archer Engage secure webform.
For detailed instructions, please click here.
School District and Charter School Incident Reporting
To report a cyber-attack or cybersecurity incident in accordance with Section 11.175 of the Education Code, submit a Local Government Incident Report. for detailed instructions, please click here.
Cybersecurity Threat Reporting
TX-ISAO Threat Reporting
To report a cyber threat for possible research and dissemination, submit an ISAO Threat Report, https://dir.texas.gov/information-security/txisao. Click “Submit threat report” and select “Other”.
Texas Volunteer Incident Response Team (VIRT)
The Texas VIRT is comprised of volunteers with expertise addressing cybersecurity events that support Texas agencies, institutions of higher education, and local government organizations quickly respond to significant cybersecurity events.
Visit the Texas VIRT information page for additional details on services or how to apply to be a volunteer on the incident response team.