[unisog] REN-ISAC membership [was RE: Worm exploiting Symantec client defect?????]

Doug Pearson dodpears at indiana.edu
Tue Nov 28 04:18:06 GMT 2006

> From: unisog-bounces at lists.dshield.org  
> [mailto:unisog-bounces at lists.dshield.org]  
> On Behalf Of Bill McCarty  
> Sent: Monday, November 27, 2006 6:12 PM  
> To: UNIversity Security Operations Group  
> Subject: Re: [unisog] Worm exploiting Symantec client defect?????  
> REN-ISAC's membership criteria, by design, exclude all but  
> those who have organization-wide responsibility for security.  
> In a decentralized organization, many of us fail to meet those  
> criteria despite being in a position of mutual benefit with  
> respect to REN-ISAC.  
Correct that the Membership Criteria[1] indicate "organization-wide"
responsibility. Accommodation for exceptional circumstances is described in
the Criteria, but the operative word is "exceptional". We're thinking about
making certain information products available for broader distribution, but
that's not soup yet, and membership will remain geared for individuals who
have organization-wide responsibility. When broader-scoped information
product becomes available we'll be sure to bring that news to the UNISOG
> Adding insult to injury, those who do have organization-wide  
> responsibility are often uninterested, or even disinterested,  
> in tactical information such as that disseminated by REN-ISAC.  
I'm surprised to hear this, and not just because my experience is skewed to
those who are REN-ISAC members, but based on the good work in unisog@,
security@, the EDUCAUSE Security Task Force, the Security Professionals
Conference, private mitigation communities, Internet2 Members Meetings, etc.

In addition to the organization-wide requirement for membership there's a
requirement for two vouches from existing members. When applications are put
out for the 2-vouch but don't receive, we haven't always got word back to
the applicant in proper fashion. My apologies for that and a promise to make
that better.  
As with UNISOG, the REN-ISAC is very much a product of its members - what we
accomplish together. I invite folks to explore what the REN-ISAC community
is doing[2] and join if appropriate.  
[1] http://www.ren-isac.net/membership.html  
[2] http://www.ren-isac.net/docs/ren-isac.pdf  
Doug Pearson  
Technical Director, REN-ISAC  
24x7 Watch Desk +1(317)278-6630  

More information about the unisog mailing list