Incident Response

​DIR provides incident response guidance and may assist with incident response activities in certain cases.  Eligible organizations may also obtain incident response services through DIR's Managed Security Services (MSS) Program.  For more information please contact 

Incident Response Guidance

​The Incident Response Guide is intended to be a framework for organizations in creating their own incident response plans and procedures and should be completed and modified to meet the business needs of the organization.

Incident Response Guide & Templates (PDF | 800 KB)

DIR Incident Response Assistance Overview (PDF | 155 KB)

DIR Guide to Cybersecurity Resources (PDF | 106 KB)

CISA and MS-ISAC Ransomware Guide (PDF|2.43MB)

DIR Cybersecurity Incident Response and Assistance Hotline

If you need to report an urgent security incident or require immediate assistance with a security incident you can contact the Cybersecurity Incident Response and Assistance hotline at (877) DIR-CISO (877-347-2476). 

The phone is answered 24 hours a day, 7 days a week.

State Agency/Higher Education Reporting

Urgent Incident Reporting

TAC §202 requires each state agency and institution of higher education to provide timely reporting of certain types of security incidents to DIR which, depending on the threat or level of risk to the State, could mean emergency reporting.  Timely reporting is required (preferably within 24 hours) for incidents that may:

  • Propagate to other state systems (emergency reporting) OR
  • Result in criminal violations that shall be reported to law enforcement OR
  • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information.

SPECTRIM Portal Login Page

If you cannot log into your SPECTRIM account to log an URGENT security incident, you can contact DIR's Cybersecurity Incident Response and Assistance hotline at  (877) DIR-CISO (877-347-2476). The phone is answered 24 hours a day, 7 days a week. For routine SPECTRIM assistance, please email or open a support request from within the portal.

Monthly Incident Reporting System

TAC RULE §202.23(b)(2) and §202.73(b)(2) requires agencies and institutions of higher education to submit a report of security-related events to the department on a monthly basis no later than nine (9) calendars days after the end of the month.  

These reports are submitted through the SPECTRIM Portal's Monthly Incident Reporting System.  Members of the incident access group with active SPECTRIM accounts will be reminded via system generated notifications prior to the reporting deadline.  For more information concerning the monthly incident reporting system, please see slides 46-50 of the SPECTRIM Incident Management Manual above or contact 

Additional Reporting

Office of the Attorney General Data Breach Reporting

Beginning January 1, 2020, Texas law requires certain businesses that experience a data breach of system security which affects 250 or more Texans to provide notice of that data breach to the Office of the Texas Attorney General.

Report Phishing

The DIR Network Security Operations Center (NSOC) welcomes reporting suspected phishing emails by sending the message as an attachment to  NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.

General Reporting/File a Complaint

Information about file formats