Cybersecurity Incident Management and Reporting

On this page:

Cybersecurity Incident Response and Preparedness Resources

Incident Response Guidance

State Agency and Higher Education Incident Reporting

Texas Volunteer Incident Response Team (VIRT)

Report an Incident

Request assistance from DIR by calling the Incident Response Hotline at (877) DIR-CISO.

Cybersecurity Incident Response and Preparedness Resources  

Texas DIR may provide organizations with incident response support, guidance, and resources, before, during, and after a cybersecurity incident.  

Incident Response Guidance 

Incident Response Guides, Templates, and resources provide organizations with the ability to build a robust incident management and response program.  

PDF (1.15 MB)
Last Updated: 02-17-2021

PDF (154.65 KB)
Last Updated: 01-20-2021

.pdf (106.35 KB)
Last Updated: 08-26-2021

PDF (2.43 MB)
Last Updated: 08-27-2021

CISA_MS-ISAC_Ransomware Guide_S508C

State Agency and Higher Education Incident Reporting 

State agencies and institutions of higher education are required to timely report certain types of security incidents to DIR.  Report an urgent incident via the SPECTRIM portal.

Timely reporting is required (preferably within 24 hours) for incidents that may: 

  • Propagate to other state systems (emergency reporting) OR 

  • Result in criminal violations that shall be reported to law enforcement OR 

  • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information. 

For routine SPECTRIM assistance, email GRC@dir.texas.gov or open a support request in the portal.

State agencies and institutions of higher education must submit a monthly security-related events report to the department, no later than nine (9) calendars days after the end of the month through the SPECTRIM monthly incident reporting system.   

For more information concerning the monthly incident reporting system, please contact GRC@dir.texas.gov.  

Certain businesses and state agencies that experience a data breach of system security that affects 250 or more Texans must contact the Office of the Texas Attorney General

Report suspected phishing emails to the DIR Network Security Operations Center (NSOC) by sending the message as an attachment to security-alerts@dir.texas.gov. NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.  

School District and Local Government Incident/Threat Reporting

School District and Charter School Incident Reporting

To report a cyber attack or cybersecurity incident in accordance with Section 11.175 of the Education Code, submit a School District Incident Report, https://dir.texas.gov/information-security/txisao.  Click “Submit threat report” and select “A school district or charter school reporting a cybersecurity incident, in accordance with Section 11.175 of the Education Code”.

Local Government Threat Reporting

To report a cyber threat for possible research and dissemination, submit an ISAO Threat Report, https://dir.texas.gov/information-security/txisao.  Click “Submit threat report”, and select “Other”. 

Texas Volunteer Incident Response Team (VIRT)

The Texas VIRT is comprised of volunteers with expertise addressing cybersecurity events that support Texas agencies, institutions of higher education, and local government organizations quickly respond to significant cybersecurity events.

Visit the Texas VIRT information page for additional details on services or how to apply to be a volunteer on the incident response team.

Information Security

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.