Text Size:   A+ A- A   •   Text Only
Site Image
State Incident Response Team

Roles and Responsibilities

The State Incident Response Team (SIRT) responds to information security incidents that potentially impact multiple agencies or which pose a significant threat to the State of Oregon. The SIRT is responsible for coordinating interagency security incident response resources and communications during or about an information security incident that impacts multiple agencies. The SIRT collects, classifies and catalogs all reported information security incidents. When an information security incident occurs that does not require SIRT involvement, the SIRT may assist agencies in responding to an information security incident upon request. The SIRT maintains confidentiality in accordance with agency policy, rules and legal requirements on all information security incidents reported to it.
DAS, through the Enterprise Security Office, has authority and responsibility for the statewide incident response program. The program establishes enterprise procedures, standards and guidelines for statewide and agency-level information security incident response. The ESO maintains a forensics program capable of assisting agencies.
The State Data Center has responsibility for monitoring the state network and, in conjunction with the SIRT, responds to incidents affecting the state network infrastructure or data center equipment.
State agencies establish their own information security incident response programs and define response capabilities. Upon identification of a potential incident, agencies immediately initiate their incident response plan. Each agency designates a point of contact to communicate information security incidents to the SIRT and supports the SIRT in its response.
Every employee is responsible for escalating potential information security incidents according to agency response plans, policies and procedures.

Back to Top

State Incident Response Team

SIRT Resources
  • SIRT Response Plan - This plan is the State Incident Response Team's plan for responding to incidents, provided for reference.
  • Rules of Engagement - When responding to an incident with an agency, these are rules of engagement between SIRT and agencies.
  •  SIRT Incident Report - This is the SIRT's incident report form. Agencies are not required to use this form and may develop their own form that best meets their needs. This is provided as an example of what information the SIRT may gather from agencies.

Back to Top

Point of Contact Tools

Each Agency is required to provide a Point of Contact (POC) for SIRT. POC are responsible to report incidents to SIRT within 24 hours of discovery. The SIRT may also contact the agency POC to communicate alerts or other incident information.

  • Incident Reporting Hotline: (503)378-5930 –This number is active 24 hours a day. Only agency POC should report incidents to SIRT.
  • Business Card - This business card has the Incident Response Hotline number and key information to report.
  • Agency Initial Incident Report – This form contains the only information an agency POC will provide when first reporting an incident. Only provide additional details to a SIRT member if they request it.

Back to Top

Agency Resources and Tools

  • Incident Response Plan Template - This template is to assist agencies in writing their incident response plan. Agencies are not required to use this template.

Back to Top

Agency Provided Material


Back to Top