[unisog] Aw, doodoo. was: Re: REN-ISAC membership
steve.smith at gcmail.maricopa.edu
Fri Jul 4 00:59:48 GMT 2008
Howdy again, all
I need to apologize personally to Doug, and any other list members whom
I may have slighted in my mini-tantrum.
As many times as I've warned people not to "email when angry", I should
have known better. I did that, and the classic error of not reading the
header before hitting 'send'. I assumed that I was participating in a
private conversation rather than a list submission. D'oh.
I understand that developing a trusted network is extremely difficult. I
really don't mean to undervalue the effort and personal time that Doug
and others have put into developing the REN-ISAC infrastructure; if I
didn't think that it was a valuable resource, it wouldn't torque me so
much not to have it.
I hope you all have a great 4th, and a restful long weekend.
steve.smith at gcmail.maricopa.edu wrote:
> Thanks for your quick reply, I appreciate it. REN-ISAC, and Educause in general
> are a sore subject with me at the moment. I've been denied funding for training
> or to attend Blackhat/Defcon since I'm "obviously" not making an effort to
> become involved with those fine organizations.
> If you look back to the archives (Feb 20-ish 2008, for example) at previous
> discussions you'll invariably see advice from members to "go to an Educause
> event, chat with some people, and you'll get your two vouches!".
> Having previously held a Top Secret clearance from the Army and working at
> the same campus for 20 years doesn't make me "trusted", but some yahoo's
> snap judgement in a hallway apparently does. As I've mentioned in years past,
> "there's a problem there".
> I do hope that change is in the works. I'd also point out, though, that you
> told me nearly the same thing last July, so I'm not holding my breath just
>> -- Original Message --
>> Date: Thu, 03 Jul 2008 12:12:12 -0400
>> From: Doug Pearson <dodpears at indiana.edu>
>> To: UNIversity Security Operations Group <unisog at lists.dshield.org>
>> Subject: Re: [unisog] REN-ISAC membership
>> Reply-To: dodpears at indiana.edu,
>> UNIversity Security Operations Group <unisog at lists.dshield.org>
>> We're on track to implement changes to the membership model this summer,
>> but before I go into that, just to set the record straight, "exchanged
>> business cards [...] outside a poster session" doesn't meet our
>> expectation of the necessary knowledge and relationship that can lead to
>> a vouch of personal trust - as required for membership.
>> About the upcoming changes, I don't want to go into all the details just
>> yet, we'll be talking it up officially very soon, but the essence is
>> that there will be a tiered membership. At the first tier, a CIO or
>> equivalent can point at a person who meets the job profile and say
>> "that's my REN-ISAC 'General' member". The second tier ('XSec') requires
>> expression of personal trust from existing members, similar to today.
>> Information sharing will be conducted appropriate to the level of trust
>> in each tier.
>> Hope that helps. Expect to see much more on this very soon.
>> Doug Pearson
>> Technical Director, REN-ISAC
>> 24x7 Watch Desk +1(317)278-6630
>> Steve Smith wrote:
>>> Howdy, all
>>> I haven't seen any mention on the list since February. I was wondering
>>> if there have been any updates on the membership ritual for REN-ISAC?
>>> I'd like to suggest that years of service as the person in charge of
>>> security at an institution could better qualify one as "tightly-vetted"
>>> than having exchanged business cards with two people outside of a poster
>>> session, but there is obviously room for argument.
>>> Steve Smith
>>> Information Security Administrator
>>> Glendale Community College, Maricopa Community College District
>>> Glendale, AZ. http://www.gccaz.edu
>>> unisog mailing list
>>> unisog at lists.dshield.org
>> unisog mailing list
>> unisog at lists.dshield.org
> unisog mailing list
> unisog at lists.dshield.org
More information about the unisog