Cybersecurity Incident Management and Reporting

On this page:

Cybersecurity Incident Response and Preparedness Resources

Incident Response Guidance

State Agency and Higher Education Incident Reporting

Report an Incident

Request assistance from DIR by calling the Incident Response Hotline at (877) DIR-CISO.

Cybersecurity Incident Response and Preparedness Resources  

Texas DIR may provide organizations with incident response support, guidance, and resources, before, during, and after a cybersecurity incident.  

Incident Response Guidance 

Incident Response Guides, Templates, and resources provide organizations with the ability to build a robust incident management and response program.  

Incident Response Guide & Template (PDF 800 KB) 

The Texas DIR Incident Response Team Redbook provides policy guidance and includes helpful templates for creating incident response capability in your agency/organization. 

DIR Incident Response Assistance Overview (PDF 155 KB) 

An overview of resources the state can provide to support incident response.  

DIR Guide to Cybersecurity Resources (PDF 106 KB) 

An overview of available cybersecurity resources.  

CISA and MS-ISAC Ransomware Guide (PDF 2.43MB) 

A response guide to ransomware from the MS-ISAC and CISA  

State Agency and Higher Education Incident Reporting 

State agencies and institutions of higher education are required to timely report certain types of security incidents to DIR.  Report an urgent incident via the SPECTRIM portal.

Timely reporting is required (preferably within 24 hours) for incidents that may: 

  • Propagate to other state systems (emergency reporting) OR 

  • Result in criminal violations that shall be reported to law enforcement OR 

  • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information. 

For routine SPECTRIM assistance, email GRC@dir.texas.gov or open a support request in the portal.

State agencies and institutions of higher education must submit a monthly security-related events report to the department, no later than nine (9) calendars days after the end of the month through the SPECTRIM monthly incident reporting system.   

For more information concerning the monthly incident reporting system, please contact GRC@dir.texas.gov.  

Certain businesses and state agencies that experience a data breach of system security that affects 250 or more Texans must contact the Office of the Texas Attorney General

Report suspected phishing emails to the DIR Network Security Operations Center (NSOC) by sending the message as an attachment to security-alerts@dir.texas.gov. NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.  

Information Security

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.