1. What is SIRS?
2. Is it a monthly requirement?
3. What defines an incident or event?
4. How and when are critical incidents reported?
5. Are there reporting instructions or user training?
6. Will failure to submit a SIRS report affect my agency’s IRDR?
7. Is SIRS secure?
8. Is the data collected in SIRS confidential?
9. How are user accounts and log in credentials obtained?
10. Can I change my password? What if I forget my password or lock out my account?
11. Is there a way to tell if a submitted report is complete?
12. Are there report generation capabilities in SIRS for my agency?
1. What is SIRS?
The Security Incident Reporting System (SIRS) addresses security incident and event reporting requirements for state agencies and institutions of higher education (IHE), respectively. Each agency and IHE is responsible for assessing the significance of a security incident within their organization and for providing a report to DIR based on the business impact on affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).
2. Is it a monthly requirement?
Yes. TAC 202.26 and 202.76 states "Reports must be sent to the Department (DIR) on a monthly basis no later than the nine (9) calendar days after the end of the month". Information shall be reported in the form and manner specified by the department. The department is defined as DIR.
SIRS will generate email reminders sent to the agency incident reporter, the IRM and DIR if an agency has not reported by the fifth day of the month. This reminder will serve as an opportunity to complete the monthly report. If an agency does not report after the required date, it will be required to include the information in the next month's report and make note of such submission in the Comments section.
3. What defines an incident or event?
Incident - refers to an adverse event in or affecting an information system, network, and/or workstation, or the threat of the occurrence of such an event.
Event - any observable occurrence in a system, network, and/or workstation. Although natural disasters and other non-security related disasters (power outages) are also called events, the reporting requirements are for IT security related events only. A planned outage is NOT considered an incident or event.
4. How and when are critical incidents reported?
Security incidents, which are critical in nature, and have a substantial likelihood of being propagated to other systems beyond the control of the agency, should be reported to DIR within 24 hours (in addition to being included in the monthly SIRS report).
For emergency notifications or initial reporting of security incidents meeting TAC §202 criteria, please call DIR's Computer Security Incident Response Team (CSIRT), 512-350-3282. The phone is answered 24 hours a day, 7 days a week.
5. Are there reporting instructions or user training?
Yes. Reporting instructions can be found upon successful login into SIRS on the left hand navigation bar. Training can be requested by contacting the Security Division.
6. Will failure to submit a SIRS report affect my agency’s IRDR?
Yes. Texas Government Code Section 2054.0965, requires agencies to submit IRDRs to DIR by December 1 of each odd-numbered year. DIR is in turn required to review the IRDR responses of each agency to determine compliance with state technology standards, provisions in the State Strategic Plan, or existing corrective action plans.
DIR will perform this review in the spring of 2010 and notify those agencies found to lack compliance in one or more areas of the need to submit an information resources corrective action plan (IR-CAP). For those agencies with a current IR-CAP in effect, the IRDR will serve as a progress report on compliance.
7. Is SIRS secure?
Yes. Several steps have been taken to ensure the security of the information provided by agencies. The application development team has worked in conjunction with the DIR Security Division to take every reasonable step to secure the system, including performing annual web application vulnerability scans.
8. Is the data collected in SIRS confidential?
Yes. The data collected in SIRS is not shared with other reporting entities. It is also exempt from the Texas Public Information Act. Trending reports and metrics have been submitted for review by the Legislature during the past session. Summaries of the most recently submitted monthly reports are published quarterly here.
9. How are user accounts and log in credentials obtained?
The requesting agency’s Information Resource Manager (IRM) must call or send an email to the Security Division to request an account. Name, title, email address and contact information is required for each account. A maximum of three accounts may be requested by an agency.
10. Can I change my password? What if I forget my password or lock out my account?
Passwords can be changed at any time by clicking on the Change Password link on the left hand navigation bar and following the instructions prompted by the system. The new password must follow the required password format. Locked accounts or forgotten passwords can be reset on the SIRS login page by pressing the Password Reset link on the left hand navigation bar.
11. Is there a quick way to tell if a submitted report is complete?
A completed report should have check marks by each link on the left hand navigation bar. A message will appear on the left hand navigation bar under the report section that states "Your report for the month is complete. See you next month”. If this message does not appear, there is data missing from the report.
12. Are there report generation capabilities in SIRS for my agency?
Yes. There are two report functions - Completion Reports and Reporting. The report links appear on the left hand navigation bar and can be accessed at any time during the month once logged into SIRS.
