![Page 1: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/1.jpg)
REN-ISACCommunity for Cyber Security
Protection and ResponseEDUCAUSE Live
November 10, 2008
![Page 2: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/2.jpg)
Presentation Outline
• List the focus areas of a HE institution’s security office / team
• List community-based organizations in HE security space
• Map the focus areas to the community-based organizations
• Describe the REN-ISAC organization
• Describe how to join REN-ISAC
2
![Page 3: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/3.jpg)
3
![Page 4: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/4.jpg)
4
![Page 5: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/5.jpg)
5
![Page 6: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/6.jpg)
6
![Page 7: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/7.jpg)
7
+ outreach awareness and training
+ policy development and enforcement
+ situational awareness
+ monitor for threat and infected systems
+ protect systems & users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ security reviews and consulting
+ risk assessment
+ report to management
+ interface with law enforcement
+ continuing education of staff
+ evaluate security products and services
+ compliance monitoring
![Page 8: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/8.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
8
![Page 9: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/9.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
9
Regional and StateCommunities
![Page 10: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/10.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
10
Regional and StateCommunities
![Page 11: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/11.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
11
Regional and StateCommunities
![Page 12: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/12.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
12
Regional and StateCommunities
![Page 13: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/13.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
13
Regional and StateCommunities
![Page 14: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/14.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
14
![Page 15: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/15.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
15
![Page 16: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/16.jpg)
+ promote awareness
+ policy development and enforcement
+ monitor for threat and infected systems
+ protect systems and users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ consult on secure dev and admin
+ risk assessment
+ report to management
+ interface with law enforcement
+ security office staff education
16
+ outreach awareness and training
+ policy development and enforcement
+ situational awareness
+ monitor for threat and infected systems
+ protect systems & users from active threat
+ vulnerability scanning
+ incident response
+ data and privacy protection
+ security reviews and consulting
+ risk assessment
+ report to management
+ interface with law enforcement
+ continuing education of staff
+ evaluate security products and services
+ compliance monitoring
![Page 17: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/17.jpg)
Things a security office/team does:
outreach awareness and training policy development and enforcement situational awareness monitor for threat and infected systems protect systems and users from active threat vulnerability scanning incident response data and privacy protection internal security reviews and consulting
risk assessment report to management interface with law enforcement continuing education of staff evaluate security products and services compliance monitoring
Rg/St
17
![Page 18: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/18.jpg)
Things a security office/team does:
outreach awareness and training policy development and enforcement situational awareness monitor for threat and infected systems protect systems and users from active threat vulnerability scanning incident response data and privacy protection internal security reviews and consulting
risk assessment report to management interface with law enforcement continuing education of staff evaluate security products and services compliance monitoring
Rg/St
18
The EDUCAUSE and Internet2 Security Task
Force focuses on strategy and planning, serving to coordinate collaboration
across people, processes, and technologies.
The EDUCAUSE and Internet2 Security Task
Force focuses on strategy and planning, serving to coordinate collaboration
across people, processes, and technologies.
![Page 19: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/19.jpg)
Things a security office/team does:
outreach awareness and training policy development and enforcement situational awareness monitor for threat and infected systems protect systems and users from active threat vulnerability scanning incident response data and privacy protection internal security reviews and consulting
risk assessment report to management interface with law enforcement continuing education of staff evaluate security products and services compliance monitoring
Rg/St
19
REN-ISAC addressesreal-time operational
protection and response matters, within the context of a private
information sharing trust community.
REN-ISAC addressesreal-time operational
protection and response matters, within the context of a private
information sharing trust community.
![Page 20: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/20.jpg)
Things a security office/team does:
outreach awareness and training policy development and enforcement situational awareness monitor for threat and infected systems protect systems and users from active threat vulnerability scanning incident response data and privacy protection internal security reviews and consulting
risk assessment report to management interface with law enforcement continuing education of staff evaluate security products and services compliance monitoring
Rg/St
20
![Page 21: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/21.jpg)
REN-ISAC Goal
The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through :
•the exchange of sensitive actionable information within a private trust community,
•the provision of direct security services, and
•serving as the R&E trusted partner within the formal ISAC community.
21
![Page 22: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/22.jpg)
Information Sharing
• REN-ISAC is a private trust community for sharing sensitive information.
• The private and trusted character of the membership
– provides a safe zone for the sharing of organizational incident experience – information which otherwise would not be shared,
– protects information about our methods and sources, and
– protects information which if publicly disclosed would abet our adversaries.
22
![Page 23: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/23.jpg)
REN-ISAC is a Cooperative Effort
• Member participation is a cornerstone of REN-ISAC
• Advisory Groups
– Executive Advisory Group: IU, LSU, Oakland U, Reed College, U Mass, UMBC, Internet2, and EDUCAUSE
– Technical Advisory Group: Cornell, IU, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI
• Analysis Teams
– Microsoft Analysis Team: IU, NYU, U Washington
• Service development teams
– Numerous contributors
• Dedicated resource contributors: IU, LSU, Internet2
• Other major contributions (systems, tools, coordination, etc.)
– Buffalo, Brandeis, WPI, MOREnet, and EDUCAUSE
23
![Page 24: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/24.jpg)
Benefits of Membership
• Receive and share actionable defense information
• Receive protection and response information products, e.g. Daily Watch Report, Alerts, Advisories, etc.
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
24
![Page 25: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/25.jpg)
Benefits of Membership
• Receive and share actionable defense information
• Receive protection and response information products, e.g. Daily Watch Report, Alerts, Advisories, etc.
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
25
![Page 26: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/26.jpg)
Receive and share actionable defense information
• Information resources include:
– REN-ISAC members
– External information sharing relationships
– Results of direct reconnaissance
– Other sector ISACs
– Global Research NOC at IU (R&E backbone networks)
– Vendor relationships
– Network instrumentation and sensors operated by REN-ISAC
26
![Page 27: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/27.jpg)
Receive and share actionable defense information
• Information resources include:
– REN-ISAC members
– External information sharing relationships
– Results of direct reconnaissance
– Other sector ISACs
– Global Research NOC at IU (R&E backbone networks)
– Vendor relationships
– Network instrumentation and sensors operated by REN-ISAC
27
![Page 28: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/28.jpg)
Receive and share actionable defense informationExample: REN-ISAC members sharing
28
Subject: Dear Iu.edu SubscriberDate: Mon, 31 Mar 2008 08:46:09 +1300From: IU.EDU SUPPORT TEAM <[email protected]>Reply-To: [email protected]: undisclosed-recipients: ;
IMPORTANT NOTICE FROM THE IU.EDU SUPPORT TEAM
Dear Iu.edu Subscriber,
To complete your Iu.edu account and enable us upgrade our system so as to serve you better, you must reply to this emailimmediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated from our database.
You can also confirm your email address by logging into your Iu account at https://webmail.iu.edu/horde/imp/login.php
Thank you for using IU.EDU!!THE IU.EDU TEAM
Subject: Dear Iu.edu SubscriberDate: Mon, 31 Mar 2008 08:46:09 +1300From: IU.EDU SUPPORT TEAM <[email protected]>Reply-To: [email protected]: undisclosed-recipients: ;
IMPORTANT NOTICE FROM THE IU.EDU SUPPORT TEAM
Dear Iu.edu Subscriber,
To complete your Iu.edu account and enable us upgrade our system so as to serve you better, you must reply to this emailimmediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated from our database.
You can also confirm your email address by logging into your Iu account at https://webmail.iu.edu/horde/imp/login.php
Thank you for using IU.EDU!!THE IU.EDU TEAM
![Page 29: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/29.jpg)
web mail account credential phishing – poll of REN-ISAC member experience
• Conducted April 7 & 8, 2008
• Limitations of the poll:
– <~ 50% of the community responded (a short response window).
– Motivations to respond may be different between those who received the phish and those who didn't.
– Membership is moderately skewed to large and advanced degree institutions.
• 107 institutions responded to the poll,
– 86 sites reported receiving the phish,
– 61 reported that someone at the institution fell for the attack, and
– 42 reported that compromised credentials were used by the attacker
• The distribution of last time the phish was observed is:
Dec: 3 Jan: 1 Feb: 6 Mar:37 Apr: 34 (by Apr 8)
29
![Page 30: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/30.jpg)
web mail account credential phishing – information sharing among members
30
DateInstitutionMessage CountFrom AddressReply-to addressEmail Source IPStolen Login IPSubject line
![Page 31: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/31.jpg)
web mail account credential phishing – protection and response
• Members used the shared information in protection and response actions
• Overall collected data, with permissions of each contributing member, was taken to law enforcement
31
![Page 32: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/32.jpg)
Benefits of Membership
• Receive and share actionable defense information
• Receive protection and response information products, e.g. Daily Watch Report, Alerts, Advisories, etc.
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
32
![Page 33: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/33.jpg)
Information Products
• Daily Watch Report provides situational awareness.
• Alerts provide critical and timely information concerning new or increasing threat.
• Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites.
• Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
• Advisories inform regarding specific practices or approaches that can improve security posture.
• TechBurst webcasts provide instruction on technical topics relevant to security protection and response.
• Monitoring views provide summary views from sensor systems, useful for situational awareness.
33
![Page 34: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/34.jpg)
Information Products
• Daily Watch Report provides situational awareness.
• Alerts provide critical and timely information concerning new or increasing threat.
• Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites.
• Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
• Advisories inform regarding specific practices or approaches that can improve security posture.
• TechBurst webcasts provide instruction on technical topics relevant to security protection and response.
• Monitoring views provide summary views from sensor systems, useful for situational awareness.
34
![Page 35: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/35.jpg)
Alert SampleStorm Worm DDoS Threat to EDU; Aug 2007
35
Issue
Prevention
Mitigation
Don’ts
References
![Page 36: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/36.jpg)
Information Products
• Daily Watch Report provides situational awareness.
• Alerts provide critical and timely information concerning new or increasing threat.
• Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites.
• Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
• Advisories inform regarding specific practices or approaches that can improve security posture.
• TechBurst webcasts provide instruction on technical topics relevant to security protection and response.
• Monitoring views provide summary views from sensor systems, useful for situational awareness.
36
![Page 37: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/37.jpg)
Notifications Sent
37
![Page 38: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/38.jpg)
Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications
38
![Page 39: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/39.jpg)
Benefits of Membership
• Receive and share actionable defense information
• Receive protection and response information products, e.g. Daily Watch Report, Alerts, Advisories, etc.
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
39
![Page 40: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/40.jpg)
TechBurst Webcasts
• DNSSEC• RENOIR• Routing: Protocols, Operation and Security for the R&E Community• Teredo (IPv6)• FBI and Cybercrime reporting• REN-ISAC Online Communities• Bro-IDS == IDS++• Attacking Embedded Devices• Determining "Reasonable Belief" during incident response• DNS Intel• Snort• Forensic Computer Investigations, Part II• Forensic Computer Investigations, Part I• Nepenthes• Reverse Engineering Malware• Spam zombies dissected• Shared Darknet Project• DNS: Protocols, Operation and Security for the R&E Community - Part II of II• DNS: Protocols, Operation and Security for the R&E Community - Part I of II• NetFlow Advanced Topics• Introduction to NetFlow• Botnet Detection Using DNS Methods
40
![Page 41: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/41.jpg)
Benefits of Membership
• Receive and share actionable defense information
• Receive protection and response information products, e.g. Daily Watch Report, Alerts, Advisories, etc.
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
41
![Page 42: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/42.jpg)
Membership
• Membership is open to:
– institutions of higher education,
– teaching hospitals,
– research and education network providers, and
– government-funded research organizations;
– international, although focused on U.S.
• Membership is currently free, but necessary growth and value to the community is not sustainable.
• Beginning July 1, 2009 a nominal membership fee will be instituted. The fee is not finalized, but the yearly per-institution cost will be kept very low.
– The fee will be per-institution, irrespective of the number of REN-ISAC member representatives from the institution.
42
![Page 43: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/43.jpg)
Membership
People
Orgs
43
![Page 44: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/44.jpg)
How to Join (in the past and currently)
• Paraphrased, the individual must
– must have organization-wide responsibilities for cyber security protection and response,
– at an institution of higher education, teaching hospital, research and education network provider, or government-funded research organization,
– must be permanent staff, and
– must be vouched-for (personal trust) by 2 existing members.
• http://www.ren-isac.net/membership.html
44
![Page 45: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/45.jpg)
Revised Membership Model
• In November 2008, REN-ISAC will implement a revised membership model. Objectives of the new model are to:
– Retain a strongly trusted information sharing environment
– Extend the reach of REN-ISAC more broadly in the R&E community
– Align “membership” directly with the institution
– Set a base for a long-term sustainable business model
45
![Page 46: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/46.jpg)
Revised Membership Model
• Vastly oversimplified descriptions of the current and revised membership models are:
– Current model: Individuals join. The individual must meet a specific work profile and receive two vouches of personal trust from existing REN-ISAC members. The individual joins to "represent [his or her] institution".
– Revised model: Institutions and organizations join. A CIO or designee joins on behalf of the institution. That person assumes the ongoing responsibility of "management representative", and nominates one or more "member representatives" who participate in the operational information sharing. Two tiers of participation are differentiated in the degree of vetting of the prospective member and the classification of sensitive information shared in the tier.
46
![Page 47: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/47.jpg)
Revised Membership Model: Two-Tiered
• “General” membership = the entry-level tier
– A CIO (or equivalent/designee) appoints General members – one or more full-time staff who meet eligibility requirements. Personal trust vouches are not required, but nominations are open to dispute by existing members
• “XSec” membership = the e(X)tra (Sec)ure tier
– Additional membership criteria, and two vouches of personal trust are required from existing XSec members
• XSec has its own community-plumbing for sharing extra-sensitive information, and additional services available.
• Two tiers = extend reach of REN-ISAC benefits in the R&E sector, while still retaining a strong-trust core
47
![Page 48: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/48.jpg)
Revised Membership Model
• Two important aspects of the revised model are:
– it appropriately aligns membership with the institution rather than the individual, and
– it creates an entry-level membership tier that doesn't have the hurdle of two vouches of personal trust from current members.
• Details regarding the current and revised membership models are at:
– Current: http://www.ren-isac.net/membership.html
– Revised: http://www.indiana.edu/~ishare/membership.shtml
48
![Page 49: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/49.jpg)
How to Join (Revised Membership Model)
• Process:
– Institutional membership is applied for by the CIO, local equivalent, or a designee of the same.• Requiring CIO or eq. involvement gives us a tractable point of reference for
confirming identity, and identifies institutional commitment
– The person identified above becomes the ‘management representative’ and nominates one or more ‘member representatives’ who participate in the operational information sharing.
• The ‘process’ will come online in November. In the meantime, we suggest that you (CIOs or local equivalents) register your intent to join, and we’ll contact you when revised model is implemented.
• Register intent at: http://www.ren-isac.net/join
49
![Page 50: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/50.jpg)
In the works: Development Projects
Not in priority order:
• Scanning Service
• Sensor projects in conjunction with commercial and non-commercial partners
• Security Event System (SES) in cooperation with Internet2 and Argonne National Laboratory
• Incident Information Sharing System (RENOIR), in cooperation with Internet2 and Worcester Polytechnic Institute
50
![Page 51: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/51.jpg)
Priorities for the Coming Year
Not in priority order:
• Membership growth
• Implement the two-tiered membership model
• Implement a sustainability & growth business plan
• Facilitate member involvement and contribution
• Development of additional information sharing relationships, and care and feeding of existing relationships
• Assessment of current services and member needs
• Aforementioned development projects
51
![Page 52: REN-ISAC Community for Cyber Security Protection and Response](https://reader030.vdocuments.mx/reader030/viewer/2022032708/56812e47550346895d93d9b0/html5/thumbnails/52.jpg)
Contacts
http://www.ren-isac.net
24x7 Watch Desk:
+1(317)278-6630
Doug Pearson, Technical Director
Mark Bruhn, Executive Director
Gabriel Iovino, Principal Security Engineer
52