Cybersecurity Incident Management and Reporting
On this page:
Cybersecurity Incident Response and Preparedness Resources
Incident Response Guidance
State Agency and Higher Education Incident Reporting
Texas Volunteer Incident Response Team (VIRT)
Report an Incident
Request assistance from DIR by calling the Incident Response Hotline at (877) DIR-CISO.
Cybersecurity Incident Response and Preparedness Resources
Texas DIR may provide organizations with incident response support, guidance, and resources, before, during, and after a cybersecurity incident.
Incident Response Guidance
Incident Response Guides, Templates, and resources provide organizations with the ability to build a robust incident management and response program.
Procedures and plans for responding to and processing a privacy or information security incident.
CISA_MS-ISAC_Ransomware Guide_S508C
State Agency and Higher Education Incident Reporting
State agencies and institutions of higher education are required to timely report certain types of security incidents to DIR. Report an urgent incident via the SPECTRIM portal.
Timely reporting is required (preferably within 24 hours) for incidents that may:
-
Propagate to other state systems (emergency reporting) OR
-
Result in criminal violations that shall be reported to law enforcement OR
-
Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information.
For routine SPECTRIM assistance, email [email protected] or open a support request in the portal.
State agencies and institutions of higher education must submit a monthly security-related events report to the department, no later than nine (9) calendars days after the end of the month through the SPECTRIM monthly incident reporting system.
For more information concerning the monthly incident reporting system, please contact [email protected]
Certain businesses and state agencies that experience a data breach of system security that affects 250 or more Texans must contact the Office of the Texas Attorney General.
Report suspected phishing emails to the DIR Network Security Operations Center (NSOC) by sending the message as an attachment to [email protected]. NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.
School District and Local Government Incident/Threat Reporting
School District and Charter School Incident Reporting
To report a cyber attack or cybersecurity incident in accordance with Section 11.175 of the Education Code, submit a School District Incident Report, https://dir.texas.gov/information-security/txisao. Click “Submit threat report” and select “A school district or charter school reporting a cybersecurity incident, in accordance with Section 11.175 of the Education Code”.
Local Government Threat Reporting
To report a cyber threat for possible research and dissemination, submit an ISAO Threat Report, https://dir.texas.gov/information-security/txisao. Click “Submit threat report”, and select “Other”.
Texas Volunteer Incident Response Team (VIRT)
The Texas VIRT is comprised of volunteers with expertise addressing cybersecurity events that support Texas agencies, institutions of higher education, and local government organizations quickly respond to significant cybersecurity events.
Visit the Texas VIRT information page for additional details on services or how to apply to be a volunteer on the incident response team.