Re: Membership in REN-ISAC?

["Fletcher, Robert" <Robert_Fletcher () BROWN EDU>]

I don't speak for REN-ISAC but I think the difference they are trying to
illustrate comes down to this.

A System Administrator responsible for the institution's email systems which
includes various security responsibilities would probably not be eligible;
whereas, an Information Security Engineer who spends most of his/her time
focusing on email related issues would probably be eligible.

A System Administrator for mail services is not usually a security
professional and probably doesn't report to the CISO. The bulk of the other
responsibilities of the System Administrator are unlikely to be security
related. An information security professional may spend most of his/her time
working on email issues but other tasks assigned to him/her are more likely
to be security related.

Is your position subordinate to the CISO (or CSO) of your organization?

Bob Fletcher
(401) 863-7290


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson
Sent: Monday, January 04, 2010 1:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Membership in REN-ISAC?

I interpreted what you wrote as this.

this is OK:
"security position that deals primarily with e-mail things"

but this isn't:
"e-mail position that deals primarily with security things"

Forgive me if I don't understand the difference.

Regardless, if "email security" isn't discussed on REN-ISAC, then I'm
not interested in joining.

Jesse

On 1/4/2010 12:02 PM, Ken Connelly wrote:
> The criteria I mentioned earlier may not copy/paste very well, but I'll
try:
> 8.1.1    The institution must be a college or university, teaching
> hospital, research and education network provider, or government-funded
> research organization.
> 8.1.2    The individual must be full-time permanent staff and have or
> share principal responsibility for security protection and response at
> the institution.
> 8.1.3    The individual must have institution or organization-wide
> responsibility, that is, the individual must represent security for the
> institution. Responsibility for a single campus of a multi-campus system
> is okay. Individuals with responsibility within a division, such as a
> department or school, don't qualify for membership unless by exception
> (section 8.4).
>
> The focus is on "operational security for the institution", but you're
> really better off to look here:
> http://www.ren-isac.net/docs/membership.html#criteria (and throughout
> the entire document).  If the security aspects of the position you
> mention are incidental to a general role of "postmaster" or "e-mail
> system admin", then this is probably not a fit for REN-ISAC.  On the
> other hand, if the position is a security position that deals primarily
> with e-mail things, then it may be a fit.
>
> - ken
>
> Jesse Thompson wrote:
> > Would they give access to someone who only deals with one specific
> > area of security for an organization, specifically email
> > anti-spam/malware/phishing?  Is email security discussed enough to be
> > worth my effort to try to join?
> >
> > Jesse
> >
> > On 1/4/2010 8:31 AM, Vik Solem wrote:
> > > I recommend wording your job descriptions very carefully with an eye on
> > > the requirements for ren-isac. I've seen ren-isac refuse membership for
> > > some because they didn't agree that the person should have access, based
> > > on their job description. ymmv
> > >
> > > -Vik
> > >
> > >
> > > On Dec 29, 2009, at 14:02 , Bob Bayn wrote:
> > >
> > > > Thanks, Joel (and everybody else). I guess we'll sign up. Happy new
> > > > year to all.
> > > >
> > > > Sounds like they honor the Chatham House Rule like at the NetFocus
> > > > conference.
> > > >
> > > > Bob Bayn (435)797-2396 Security Team coordinator
> > > > Don't let hackers use your computer when you aren't.
> > > > Turn off your computer at the end of your work day.
> > > > Office of Information Technology at Utah State University
> > > > ________________________________________
> > > > From: Joel Rosenblatt [joel () columbia edu]
> > > > Sent: Tuesday, December 29, 2009 11:28 AM
> > > > To: The EDUCAUSE Security Constituent Group Listserv
> > > > Cc: Bob Bayn
> > > > Subject: Re: [SECURITY] Membership in REN-ISAC?
> > > >
> > > > Hi Bob,
> > > >
> > > > I would highly recommend that you join if you can - there is
> > > > information and resources that will enhance your ability to secure
> > > > your University. The only
> > > > caution is also a benefit in that the information is shared in a
> > > > closed community and you need to be aware of where you are when you
> > > > answer questions :-)
> > > >
> > > > IHTH
> > > >
> > > > Joel Rosenblatt
> > > >
> > > > Joel Rosenblatt, Manager Network&  Computer Security
> > > > Columbia Information Security Office (CISO)
> > > > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> > > > http://www.columbia.edu/~joel
> > > >
> > > >
> > > > --On Tuesday, December 29, 2009 11:18 AM -0700 Bob Bayn
> > > > <bob.bayn () USU EDU>  wrote:
> > > >
> > > > > Any recommendations or cautions about joining REN-ISAC?
> > > > >
> > > > > http://www.ren-isac.net/
> > >
> > > -Vik
> > >
> > > Vik Solem
> > > Sr. Applications Risk Consultant
> > > Information Security
> > > Tufts University UIT / 617-627-4326
> > >
> > > Check Out the UIT Information Security Team blog
> > > http://blogs.uit.tufts.edu/infosecteamblog/

--
   Jesse Thompson
   Division of Information Technology, University of Wisconsin-Madison
   Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: