Educause Security Discussion mailing list archives
Re: Membership in REN-ISAC?
From: "Fletcher, Robert" <Robert_Fletcher () BROWN EDU>
Date: Mon, 4 Jan 2010 13:49:41 -0500
I don't speak for REN-ISAC but I think the difference they are trying to illustrate comes down to this. A System Administrator responsible for the institution's email systems which includes various security responsibilities would probably not be eligible; whereas, an Information Security Engineer who spends most of his/her time focusing on email related issues would probably be eligible. A System Administrator for mail services is not usually a security professional and probably doesn't report to the CISO. The bulk of the other responsibilities of the System Administrator are unlikely to be security related. An information security professional may spend most of his/her time working on email issues but other tasks assigned to him/her are more likely to be security related. Is your position subordinate to the CISO (or CSO) of your organization? Bob Fletcher (401) 863-7290 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson Sent: Monday, January 04, 2010 1:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Membership in REN-ISAC? I interpreted what you wrote as this. this is OK: "security position that deals primarily with e-mail things" but this isn't: "e-mail position that deals primarily with security things" Forgive me if I don't understand the difference. Regardless, if "email security" isn't discussed on REN-ISAC, then I'm not interested in joining. Jesse On 1/4/2010 12:02 PM, Ken Connelly wrote:
The criteria I mentioned earlier may not copy/paste very well, but I'll
try:
8.1.1 The institution must be a college or university, teaching hospital, research and education network provider, or government-funded research organization. 8.1.2 The individual must be full-time permanent staff and have or share principal responsibility for security protection and response at the institution. 8.1.3 The individual must have institution or organization-wide responsibility, that is, the individual must represent security for the institution. Responsibility for a single campus of a multi-campus system is okay. Individuals with responsibility within a division, such as a department or school, don't qualify for membership unless by exception (section 8.4). The focus is on "operational security for the institution", but you're really better off to look here: http://www.ren-isac.net/docs/membership.html#criteria (and throughout the entire document). If the security aspects of the position you mention are incidental to a general role of "postmaster" or "e-mail system admin", then this is probably not a fit for REN-ISAC. On the other hand, if the position is a security position that deals primarily with e-mail things, then it may be a fit. - ken Jesse Thompson wrote:Would they give access to someone who only deals with one specific area of security for an organization, specifically email anti-spam/malware/phishing? Is email security discussed enough to be worth my effort to try to join? Jesse On 1/4/2010 8:31 AM, Vik Solem wrote:I recommend wording your job descriptions very carefully with an eye on the requirements for ren-isac. I've seen ren-isac refuse membership for some because they didn't agree that the person should have access, based on their job description. ymmv -Vik On Dec 29, 2009, at 14:02 , Bob Bayn wrote:Thanks, Joel (and everybody else). I guess we'll sign up. Happy new year to all. Sounds like they honor the Chatham House Rule like at the NetFocus conference. Bob Bayn (435)797-2396 Security Team coordinator Don't let hackers use your computer when you aren't. Turn off your computer at the end of your work day. Office of Information Technology at Utah State University ________________________________________ From: Joel Rosenblatt [joel () columbia edu] Sent: Tuesday, December 29, 2009 11:28 AM To: The EDUCAUSE Security Constituent Group Listserv Cc: Bob Bayn Subject: Re: [SECURITY] Membership in REN-ISAC? Hi Bob, I would highly recommend that you join if you can - there is information and resources that will enhance your ability to secure your University. The only caution is also a benefit in that the information is shared in a closed community and you need to be aware of where you are when you answer questions :-) IHTH Joel Rosenblatt Joel Rosenblatt, Manager Network& Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Tuesday, December 29, 2009 11:18 AM -0700 Bob Bayn <bob.bayn () USU EDU> wrote:Any recommendations or cautions about joining REN-ISAC? http://www.ren-isac.net/-Vik Vik Solem Sr. Applications Risk Consultant Information Security Tufts University UIT / 617-627-4326 Check Out the UIT Information Security Team blog http://blogs.uit.tufts.edu/infosecteamblog/
-- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description:
Current thread:
- Re: Membership in REN-ISAC? Vik Solem (Jan 04)
- <Possible follow-ups>
- Re: Membership in REN-ISAC? Matthew Wollenweber (Jan 04)
- Re: Membership in REN-ISAC? Ken Connelly (Jan 04)
- Re: Membership in REN-ISAC? Wes Young (Jan 04)
- Re: Membership in REN-ISAC? Doug Pearson (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Ken Connelly (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Fletcher, Robert (Jan 04)
- Re: Membership in REN-ISAC? Vik Solem (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Russell Fulton (Jan 08)