As an Information Security Officer, you will be DIR’s main contact for cybersecurity-related issues at your agency. And at DIR, you should reach out to theOffice of the Chief Information Security Officer (OCISO)for questions or concerns.
Here are some tips and tools to help you perform your role as ISO effectively:
Security Officer Mailing Lists
This is the official email discussion list for ISO.You’reautomatically a member. DIR uses this mailing list to make official communications, but you can use it to network with your fellow ISOs.
To post a message to this list, simply send an email to:[emailprotected].
Other Mailing Lists
[emailprotected] –A mailing list dedicated to security-related issues.Seek advice from other state government IT staff.Receive updates on current security alerts. Discuss technical issues. Request referrals or opinions about IT security products and services. Share resources and expertise.
[emailprotected] –A list dedicated to general technology conversations. Seek advice from other government IT staff. Post training opportunities. Discuss technical issues. Request referrals or opinions about IT products and services. Share resources and expertise.
[emailprotected] –A list for questions about training. Seek advice and referrals from other government staff.Post training opportunities or needs. Discuss issues involving training, education, e-learning, etc. Request referrals or opinions about products and services. Share resources and expertise. Announce meetings and events.
Emergencies: How to Report
Youmust immediately reportany incident that may:
Propagate to other state systems
Result in criminal violations that shall be reported to law enforcement
Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information
Report an Emergency
CallDIR's Incident Reporting Assistance Line.The phone is answered24/7. You may also enter the emergency info into theSPECTRIMportal.In any event, the incident must be reported through the SPECTRIM portal.
DIR Incident Reporting Assistance
(877)DIR CISO
(877-347-2476)
Monthly Incident Reporting
Effective November 16, 2023, monthly summary security incident reports are no longer required to be provided to DIR. TAC §202.23 (agencies) and TAC §202.73 (higher education) have been updated to exclude this requirement. Please disregard automated reminder notifications you may receive during this phase-out period.
Security Plan(Every Two Years)
Biennial security plans must be submitted by June 1 each even-numbered year—e.g., 2022, 2024, etc. These security plans must be completed in theSPECTRIM portal.
SPECTRIM Portal
The SPECTRIM portal provides security incident management and analysis, risk assessment analysis and a security plan template. You canvisit the SPECTRIM portal here:https://dir.archerirm.us/Default.aspx
IT Purchasing
DIR negotiates contracts with providers and vendors, using the purchasing power of the State of Texas. Visit theCooperative Contracts pageto learn more about the process and how you can use it at your agency. (State agencies are required to use this service unless they seek and receive an exemption.)
Office of the Chief Information Security Officer (OCISO)
TheOCISOis standing by to help you fulfill your responsibilities as your agency’s ISO. Among our services and resources are:
Testing and assessments of your information security systems
InfoSec Academy offers free certification preparation training, along withgeneral technology and business skills classes
“Information Security Forum”is an annual conference that focuses on current information security topics