Educause Security Discussion mailing list archives

Re: Membership in REN-ISAC

From: "Herring, Todd William" <therring () IU EDU>
Date: Tue, 11 Oct 2016 17:00:33 +0000

Thanks for your endorsement of REN-ISAC, Aaron and Mike.  It's always nice to hear.

Adam, if you'd like more information, feel free to contact me offline.

Todd

Todd Herring
Membership Services Director, REN-ISAC
therring () ren-isac net<mailto:therring () ren-isac net>
Office:  317.278.5387
http://www.ren-isac.net
-------------------------------------------------
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Baillio, 
Aaron
Sent: Tuesday, October 11, 2016 10:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Membership in REN-ISAC

I'd have to concur with the statements already made.  For a nominal fee, it's a wealth of intelligence.  We get just as 
much, if not more benefit, from the "HUMINT" or human intelligence we get through the ISAC than we do from the 
professional threat intelligence we pay for.  For us, and me personally, it's been one of the best investments we've 
made and there is absolutely no obligation to contribute though I do think there is added benefit to engaging in some 
of the conversations.

Finally, if nothing else, I've found it's a great way to network and to get ideas from the successes of other academic 
institutions.

B. Aaron Baillio, Sec+, CEH, CISSP
University of Oklahoma, Information Technology
Managing Director, Security Operations and Architecture
O: 405-325-7948
C: 254-400-6404



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hart, 
Mike
Sent: Tuesday, October 11, 2016 8:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Membership in REN-ISAC

Adam,
                I've been a member for a few years.  I haven't ever felt like I was expected to contribute in order to 
receive.  I see 100 or so emails every week (some weeks are double or triple if something major is brewing.)  A small 
amount of the emails are requests for information from the ISAC, but the majority are responses to these requests, or 
just general updates about issues and concerns.

                I'd strongly recommend membership.  I have seen a number of benefits for my team and myself, including:


1)      Assistance in responding to an incident on campus, with helpful suggestions and references.

2)      Input on vendors and solutions we're either evaluating or are currently using.

3)      News on critical security incidents that are not yet in the news, and behind the scenes information about items 
we're only seeing general information on via other sources.

4)      Alerts on password dumps and pastes that I'm not seeing from other sources.

5)      Heads-up on bad actors - alerts on domains and IPs that are seen attacking other institutions so I can block in 
advance.

6)      Great conversations about security and other IT related topics.  We don't always agree on how to approach every 
topic, but it's great to see input from a wide variety of individuals with different viewpoints and levels of expertise.

7)      Daily and weekly summaries of events so you don't have to necessarily stay on top of the emails real-time.


Mike Hart  | CISO, Director of ITS Security, Infrastructure, and Networking
Metropolitan State University of Denver
Information Technology Services

mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | 
www.msudenver.edu/technology<http://www.msudenver.edu/technology>
[University_Formal_2CPos[1]]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam 
Maynard
Sent: Tuesday, October 11, 2016 7:13 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Membership in REN-ISAC

ALL,

                We're considering applying for REN-ISAC Membership. I've only been in the Higher Ed world for a short 
time.

Some folks above me believe that you need to "give" in order to "receive". Other than more sensitive data being 
restricted to trusted members, can anyone tell me what obligations are required, or how open the data is to members?

V/R,
Adam Maynard
Information Security Analyst
Office: (508) 793-7473 | Mobile: (508) 414-9906

Current thread:

Membership in REN-ISAC Adam Maynard (Oct 11)
- Re: Membership in REN-ISAC Kevin Wilcox (Oct 11)
  - Re: Membership in REN-ISAC Adam Maynard (Oct 11)
- Re: Membership in REN-ISAC Hart, Mike (Oct 11)
  - Re: Membership in REN-ISAC Baillio, Aaron (Oct 11)
- <Possible follow-ups>
- Re: Membership in REN-ISAC Herring, Todd William (Oct 11)