Presentation is loading. Please wait.

Presentation is loading. Please wait.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "REN-ISAC Research and Education Networking Information Sharing and Analysis Center."— Presentation transcript:

1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center

2 ISACs in General

3

4 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

5 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

6 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

7 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

8 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

9 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

10 Roles ISAC role: A community formed of trusted security staff at R&E institutions; sharing actionable information for operational protection and response; among the trusted R&E members, cross- sector, and with external trusted partners. Certain services (alerts and notifications) to all of R&E regardless of membership status. REN-ISAC is the R&E “trusted partner” in commercial, governmental, and private security information sharing relationships. CSIRT role: Notifications (>12k/month) regarding compromised systems and other incident involvement; supporting all of US R&E (>1600 institutions notified to-date). SOC for Internet2 network.

11 REN-ISAC is a Cooperative Effort Member participation is a cornerstone of REN-ISAC Dedicated resource contributors: IU, LSU, and Internet2 In kind contributors: EDUCAUSE, MOREnet Member contributions through participation: – Executive Advisory Group – Technical Advisory Group – Microsoft Analysis Team – Membership Committee – Services development and operation – Systems, tools, etc. Seek mutually beneficial relationships 11

12 Advisory Groups, Analysis Teams, and Services Executive Advisory Group Technical Advisory Group Membership Committee Microsoft Analysis Team Services BardArbor NetworksEmoryIUMOREnet EDUCAUSEBaylorIASNYU Internet2CornellIUUAB IUInternet2LSUU Washington LBLIUScranton OaklandTeam CymruUT Dallas Reed CollegeU Mass Amherst UMBCWPI UMD

13 Relationships Internet2 Internet2 SALSA Internet2 CSI2 Working Group Global Research NOC at IU EDUCAUSE Higher Education Information Security Council Private threat analysis and mitigation efforts Other sector ISACs National ISAC Council DHS/US-CERT and other national CERTS and CSIRTS Vendors (Microsoft) NCFTA (National Cyber-Forensics & Training Alliance) APWG (Anti-Phishing Working Group)

14 Sustainability Hosted by Indiana University Financial contributions from IU, LSU, and Internet2, and in-kind support from EDUCAUSE Member contributions in projects, services, and activities A modest membership fee ($700/$900 per institution per year) Financial Principles, in the Charter: 7.3.1 REN-ISAC will not be operated to generate and disseminate profit, but also cannot be a cost center of any particular sponsoring or supporting organization. 7.3.2 The fundamental financial goal of the REN-ISAC is to cover all costs through a combination of tangible sponsorship, support, or other philanthropic revenue and fees, and given the expense parameters and the fiscal environment in which the REN-ISAC operates.

15 Benefits of Membership Receive and share practical and actionable defense information in a private community of trusted members Establish relationships with known and trusted peers Have access to direct security services Benefit from information sharing relationships in the broad security community Benefit from vendor relationships, such as the REN-ISAC and Microsoft Security Cooperation Program relationship Participate in technical educational security webinars Participate in REN-ISAC meetings, workshops, & training Have access to the 24x7 REN-ISAC Watch Desk Have access to threat information resources ("data feeds") that can be used to identify local compromised machines, and to block known threats

16 Information Products Daily Watch Report provides situational awareness. Alerts provide critical and timely information concerning new or increasing threat. Notifications identify specific sources and targets of active threat or incident involving R&E. Sent directly to contacts at involved sites. ~4000 notifications sent per month. Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc. Advisories inform regarding specific practices or approaches that can improve security posture. TechBurst webcasts provide instruction on technical topics relevant to security protection and response. Monitoring views provide summary views from sensor systems, e.g. traffic patterns on Internet2, useful for situational awareness.

17 Membership Membership is open to colleges and universities, teaching hospitals, R&E network providers, and government-funded research organizations. The institution is the “member”, and is represented by a management representative who nominates one or more member representatives. Very specific job responsibility requirements define who is eligible to become a member representative. Membership is tiered (General and XSec). The tiers differ in eligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the commitment-level of the institution.

18 Membership and Reach As of October 2011, there are: – 341 members Represented by 858 member representatives A list of member institutions is on the Membership web page – http://www.ren-isac.net/cgi-bin/memberlist.cgi http://www.ren-isac.net/cgi-bin/memberlist.cgi Service to R&E beyond just the membership – REN-ISAC has communicated with over 1600 EDU institutions, directly and privately, regarding compromised systems (notifications) – Episodic public alerts are aimed at R&E security practitioners and CIOs

19 Joining REN-ISAC Membership is initiated by a CIO or equivalent, who becomes the “management representative”. During registration the CIO can delegate the management representative role. The management representative nominates “member representatives” Member representatives must be FTE with institution-wide responsibilities for operational security protection and response, etcetera. Tiered membership model – First tier (General): nominated by management representative, meets eligibility criteria, and no dings by current members during vetting – Second tier (Xsec): has been a General member in good standing for six weeks, meets eligibility requirements, and receives two vouches of personal trust from existing members, http://www.ren-isac.net/membership.html

20 Over the Past Year Membership growth: 301  341 institutions, represented by 730  858 persons (dated October 2011) Relationships growth: US-CERT, NCFTA, APWG Growth in engagement with trusted partners: more information sharing Involvement in strategic industry groups focused at the takedown of specific security threats Advancement of the SES tool (v1  v2), created the Collective Intelligence Framework (CIF): threat data repository, flexible API, support for analyst threat research NSF award OCI-1127425 for development of SES v3, including support for inter-federation, scaling, additional data types, and tool integration. Engagement with the NSF International Research Network Connections, TransPAC3 and America Connects to Europe projects, supporting "community security" activities.

21 Over the Past Year Partnership with the Multi-State ISAC and SANS to bring an aggressive aggregate buy program for Securing The Human training to EDU. Engagement in international standards work for security incident reporting (IODEF) Handling of 0-day vulnerability communications between members and vendors Increase in number of notifications (more data sources) regarding observed infected EDU-based machine: > 12,000 notifications/month Additional staff, funded by membership fees, permitting substantial strengthening of our infrastructure, and deployment of new services

22 References REN-ISAC Organizational Documents – http://www.ren-isac.net/about/index.html http://www.ren-isac.net/about/index.html Charter Membership Document Terms and Conditions Fees Information Sharing Policy Disclaimer Overviews – http://www.ren-isac.net/about/index.html http://www.ren-isac.net/about/index.html Flier Executive Overview Joining – http://www.ren-isac.net/membership.html http://www.ren-isac.net/membership.html

23 Contacts Doug Pearson Technical Director dodpears@ren-isac.net http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1 (317) 278-6630

Download ppt "REN-ISAC Research and Education Networking Information Sharing and Analysis Center."

Similar presentations

MASFAA Strategic Plan 2002-2007. Mission Statement The Massachusetts Association of Student Financial Aid Administrators empowers its members to be educated,

MASFAA Strategic Plan Mission Statement The Massachusetts Association of Student Financial Aid Administrators empowers its members to be educated,
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.

REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.
Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI

Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
1 Presentation Ivy Tech Community College Terre Haute, IN Jackie McCracken April 21, 2007.

1 Presentation Ivy Tech Community College Terre Haute, IN Jackie McCracken April 21, 2007.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
© IDEAS IDEAS-RELAC Joint Conference Bogotá, Colombia May 2007 Development evaluation: meeting the challenges of learning, ownership, accountability and.

© IDEAS IDEAS-RELAC Joint Conference Bogotá, Colombia May 2007 Development evaluation: meeting the challenges of learning, ownership, accountability and.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.

Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
Security Professionals Conference May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within.

Security Professionals Conference May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within.
Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey

Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey

Similar presentations

Ads by Google