The State Incident Response Team
(SIRT) responds to information security incidents that potentially impact multiple agencies or which pose a significant threat to the State of Oregon. The SIRT is responsible for coordinating interagency security incident response resources and communications during or about an information security incident that impacts multiple agencies. The SIRT collects, classifies and catalogs all reported information security incidents. When an information security incident occurs that does not require SIRT involvement, the SIRT may assist agencies in responding to an information security incident upon request. The SIRT maintains confidentiality in accordance with agency policy, rules and legal requirements on all information security incidents reported to it.
DAS, through the Enterprise Security Office
, has authority and responsibility for the statewide incident response program. The program establishes enterprise procedures, standards and guidelines for statewide and agency-level information security incident response. The ESO maintains a forensics program capable of assisting agencies.
The State Data Center
has responsibility for monitoring the state network and, in conjunction with the SIRT, responds to incidents affecting the state network infrastructure or data center equipment.
establish their own information security incident response programs and define response capabilities. Upon identification of a potential incident, agencies immediately initiate their incident response plan. Each agency designates a point of contact to communicate information security incidents to the SIRT and supports the SIRT in its response.
is responsible for escalating potential information security incidents according to agency response plans, policies and procedures.