[unisog] REN-ISAC membership

steve.smith at gcmail.maricopa.edu steve.smith at gcmail.maricopa.edu
Thu Jul 3 18:51:17 GMT 2008


Doug,

Thanks for your quick reply, I appreciate it. REN-ISAC, and Educause in general
are a sore subject with me at the moment. I've been denied funding for training
or to attend Blackhat/Defcon since I'm "obviously" not making an effort to
become involved with those fine organizations.

If you look back to the archives (Feb 20-ish 2008, for example) at previous
discussions you'll invariably see advice from members to "go to an Educause
event, chat with some people, and you'll get your two vouches!". 

Having previously held a Top Secret clearance from the Army and working at
the same campus for 20 years doesn't make me "trusted", but some yahoo's
snap judgement in a hallway apparently does. As I've mentioned in years past,
"there's a problem there".

I do hope that change is in the works. I'd also point out, though, that you
told me nearly the same thing last July, so I'm not holding my breath just
yet.

Thanks,

Steve
>-- Original Message --
>Date: Thu, 03 Jul 2008 12:12:12 -0400
>From: Doug Pearson <dodpears at indiana.edu>
>To: UNIversity Security Operations Group <unisog at lists.dshield.org>
>Subject: Re: [unisog] REN-ISAC membership
>Reply-To: dodpears at indiana.edu,
>        UNIversity Security Operations Group <unisog at lists.dshield.org>
>
>
>Steve,
>
>We're on track to implement changes to the membership model this summer,
>
>but before I go into that, just to set the record straight, "exchanged 
>business cards [...] outside a poster session" doesn't meet our 
>expectation of the necessary knowledge and relationship that can lead to
>
>a vouch of personal trust - as required for membership.
>
>About the upcoming changes, I don't want to go into all the details just
>
>yet, we'll be talking it up officially very soon, but the essence is 
>that there will be a tiered membership. At the first tier, a CIO or 
>equivalent can point at a person who meets the job profile and say 
>"that's my REN-ISAC 'General' member". The second tier ('XSec') requires
>
>expression of personal trust from existing members, similar to today. 
>Information sharing will be conducted appropriate to the level of trust

>in each tier.
>
>Hope that helps. Expect to see much more on this very soon.
>
>Regards,
>
>Doug Pearson
>Technical Director, REN-ISAC
>http://www.ren-isac.net
>24x7 Watch Desk +1(317)278-6630
>
>
>Steve Smith wrote:
>> Howdy, all
>> 
>> I haven't seen any mention on the list since February. I was wondering
>
>> if there have been any updates on the membership ritual for REN-ISAC?
>> 
>> I'd like to suggest that years of service as the person in charge of 
>> security at an institution could better qualify one as "tightly-vetted"
>
>> than having exchanged business cards with two people outside of a poster
>
>> session, but there is obviously room for argument.
>> 
>> --
>> Steve Smith
>> Information Security Administrator
>> Glendale Community College, Maricopa Community College District
>> Glendale, AZ. http://www.gccaz.edu
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>_______________________________________________
>unisog mailing list
>unisog at lists.dshield.org
>https://lists.sans.org/mailman/listinfo/unisog





More information about the unisog mailing list