Information Security Officers (ISOs) Resources
On this page:
Communication and Mail Lists
What is SPECTRIM?
What are the reporting requirements for ISOs?
IT Purchasing Options
Communication and Mail Lists
As an Information Security Officer, you will be DIR’s main contact for cybersecurity topics at your agency. And at DIR, you should reach out to the Office of the Chief Information Security Officer (OCISO) for questions or concerns.
Here are some tips and tools to help you perform your role as ISO effectively.
The OCISO holds two meetings each month to communicate information on services, statewide cybersecurity legislation updates, Network Security Operations Center data findings, and other topics of interest. The first is the Monthly Security Meeting – this is held on the second Thursday of each month and is focused on services for state agencies, public universities, and junior colleges. Request a monthly security meeting invitation.
The second meeting is a monthly Texas Information Sharing and Analysis Organization (TX-ISAO) meeting. This meeting is held on the third Tuesday of each month and is geared towards Texas local government and private organizations – although state-level organizations also attend. These meetings discuss statewide initiatives, educational topics from UT San Antonio, and updated threat information from Texas A&M. Join the TX-ISAO to get the monthly meeting invite.
This is the official email discussion list for ISOs. You automatically become a member when you are designated in your role. DIR uses this mailing list to send out official communications, but you can use it to network with your fellow ISOs.
To post a message to this list, simply send an email to: [email protected].
In addition, you can sign up for news from the TX-ISAO – this will ensure you receive bulletins and notices that are important to you and your specific organization.
DIR also offers other mail lists that focus on various other topics. You can view and sign up for the lists here.
The Statewide Portal for Enterprise Cybersecurity, Threat, Risk, and Incident Management (SPECTRIM) portal provides security incident management and analysis, risk assessment analysis and a security plan template to state agencies, public universities, and junior colleges. New ISOs will automatically be added as a user for their organization when designated. You can learn more about SPECTRIM’s functionality, review educational webinars, and access the SPECTRIM portal.
How to Report Urgent Incidents
State agencies must immediately report any incident that may:
Propagate to other state systems,
Result in criminal violations that shall be reported to law enforcement, OR
Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information
Report an Emergency
Call DIR's Incident Reporting Assistance Line. The phone is answered 24/7. You may also enter the emergency info into the SPECTRIM portal. In any event, the incident must be reported through the SPECTRIM portal.
Monthly Incident Reporting
Effective November 16, 2023, monthly summary security incident reports are no longer required to be provided to DIR. TAC §202.23 (agencies) and §202.73 (higher ed) have been updated to exclude this requirement. Please disregard automated reminder notifications you may receive during this phase-out period.
Security Plan (Every Two Years)
Biennial security plans must be submitted by June 1 each even-numbered year - e.g., 2022, 2024, etc. These security plans must be completed in the SPECTRIM portal.
DIR negotiates contracts with providers and vendors, using the purchasing power of the State of Texas. Visit the Cooperative Contracts page to learn more about the process and how you can use it at your agency. (State agencies are required to use this service unless they seek and receive an exemption).
Office of the Chief Information Security Officer (OCISO)
The OCISO team is standing by to help you fulfill your responsibilities as your agency’s ISO. Some of the services we provide include:
DIR-funded network penetration tests and security assessments to help agencies meet legislative requirements
The InfoSec Academy program offers free certification preparation training, secure application developer training, and provides vouchers upon request for certification exams
End user security awareness training and phishing simulation platforms
Visit the OCISO website to learn more.