ren isac research and education networking information sharing and analysis center n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
REN-ISAC Research and Education Networking Information Sharing and Analysis Center PowerPoint Presentation
Download Presentation
REN-ISAC Research and Education Networking Information Sharing and Analysis Center

Loading in 2 Seconds...

play fullscreen
1 / 23

REN-ISAC Research and Education Networking Information Sharing and Analysis Center - PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on

REN-ISAC Research and Education Networking Information Sharing and Analysis Center. ISACs in General. Mission.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'REN-ISAC Research and Education Networking Information Sharing and Analysis Center' - wirt


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mission
Mission

The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

mission1
Mission

The REN-ISAC mission is to aid and promote cyber securityoperational protection and response

within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

mission2
Mission

The REN-ISAC mission is to aid and promote cyber security operational protection and response within the

higher education and research (R&E) communities.

The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

mission3
Mission

The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions,

and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

mission4
Mission

The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at

member institutions, and in service to the R&E community at-large.

REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

mission5
Mission

The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large.

REN-ISAC serves as the R&E trusted partner

for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

roles
Roles
  • ISAC role: A community formed of trusted security staff at R&E institutions; sharing actionable information for operational protection and response; among the trusted R&E members, cross-sector, and with external trusted partners. Certain services (alerts and notifications) to all of R&E regardless of membership status. REN-ISAC is the R&E “trusted partner” in commercial, governmental, and private security information sharing relationships.
  • CSIRT role: Notifications (>12k/month) regarding compromised systems and other incident involvement; supporting all of US R&E (>1600 institutions notified to-date). SOC for Internet2 network.
ren isac is a cooperative effort
REN-ISAC is a Cooperative Effort
  • Member participation is a cornerstone of REN-ISAC
  • Dedicated resource contributors: IU, LSU, and Internet2
  • In kind contributors: EDUCAUSE, MOREnet
  • Member contributions through participation:
    • Executive Advisory Group
    • Technical Advisory Group
    • Microsoft Analysis Team
    • Membership Committee
    • Services development and operation
    • Systems, tools, etc.
  • Seek mutually beneficial relationships
relationships
Relationships
  • Internet2
  • Internet2 SALSA
  • Internet2 CSI2 Working Group
  • Global Research NOC at IU
  • EDUCAUSE
  • Higher Education Information Security Council
  • Private threat analysis and mitigation efforts
  • Other sector ISACs
  • National ISAC Council
  • DHS/US-CERT and other national CERTS and CSIRTS
  • Vendors (Microsoft)
  • NCFTA (National Cyber-Forensics & Training Alliance)
  • APWG (Anti-Phishing Working Group)
sustainability
Sustainability
  • Hosted by Indiana University
  • Financial contributions from IU, LSU, and Internet2, and in-kind support from EDUCAUSE
  • Member contributions in projects, services, and activities
  • A modest membership fee ($700/$900 per institution per year)
  • Financial Principles, in the Charter:
benefits of membership
Benefits of Membership
  • Receive and share practical and actionable defense information in a private community of trusted members
  • Establish relationships with known and trusted peers
  • Have access to direct security services
  • Benefit from information sharing relationships in the broad security community
  • Benefit from vendor relationships, such as the REN-ISAC and Microsoft Security Cooperation Program relationship
  • Participate in technical educational security webinars
  • Participate in REN-ISAC meetings, workshops, & training
  • Have access to the 24x7 REN-ISAC Watch Desk
  • Have access to threat information resources ("data feeds") that can be used to identify local compromised machines, and to block known threats
information products
Information Products
  • Daily Watch Report provides situational awareness.
  • Alerts provide critical and timely information concerning new or increasing threat.
  • Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites. ~4000 notifications sent per month.
  • Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
  • Advisories inform regarding specific practices or approaches that can improve security posture.
  • TechBurst webcasts provide instruction on technical topics relevant to security protection and response.
  • Monitoring views provide summary views from sensor systems, e.g. traffic patterns on Internet2, useful for situational awareness.
membership
Membership
  • Membership is open to colleges and universities, teaching hospitals, R&E network providers, and government-funded research organizations.
  • The institution is the “member”, and is represented by a management representative who nominates one or more member representatives.
  • Very specific job responsibility requirements define who is eligible to become a member representative.
  • Membership is tiered (General and XSec). The tiers differ in eligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the commitment-level of the institution.
membership and reach
Membership and Reach
  • As of October 2011, there are:
    • 341 members
      • Represented by 858 member representatives
  • A list of member institutions is on the Membership web page
    • http://www.ren-isac.net/cgi-bin/memberlist.cgi
  • Service to R&E beyond just the membership
    • REN-ISAC has communicated with over 1600 EDU institutions, directly and privately, regarding compromised systems (notifications)
    • Episodic public alerts are aimed at R&E security practitioners and CIOs
joining ren isac
Joining REN-ISAC
  • Membership is initiated by a CIO or equivalent, who becomes the “management representative”. During registration the CIO can delegate the management representative role.
  • The management representative nominates “member representatives”
  • Member representatives must be FTE with institution-wide responsibilities for operational security protection and response, etcetera.
  • Tiered membership model
    • First tier (General): nominated by management representative, meets eligibility criteria, and no dings by current members during vetting
    • Second tier (Xsec): has been a General member in good standing for six weeks, meets eligibility requirements, and receives two vouches of personal trust from existing members,
  • http://www.ren-isac.net/membership.html
over the past year
Over the Past Year
  • Membership growth: 301  341 institutions, represented by 730  858 persons (dated October 2011)
  • Relationships growth: US-CERT, NCFTA, APWG
  • Growth in engagement with trusted partners: more information sharing
  • Involvement in strategic industry groups focused at the takedown of specific security threats
  • Advancement of the SES tool (v1  v2), created the Collective Intelligence Framework (CIF): threat data repository, flexible API, support for analyst threat research
  • NSF award OCI-1127425 for development of SES v3, including support for inter-federation, scaling, additional data types, and tool integration.
  • Engagement with the NSF International Research Network Connections, TransPAC3 and America Connects to Europe projects, supporting "community security" activities.
over the past year1
Over the Past Year
  • Partnership with the Multi-State ISAC and SANS to bring an aggressive aggregate buy program for Securing The Human training to EDU.
  • Engagement in international standards work for security incident reporting (IODEF)
  • Handling of 0-day vulnerability communications between members and vendors
  • Increase in number of notifications (more data sources) regarding observed infected EDU-based machine: > 12,000 notifications/month
  • Additional staff, funded by membership fees, permitting substantial strengthening of our infrastructure, and deployment of new services
references
References
  • REN-ISAC Organizational Documents  
    • http://www.ren-isac.net/about/index.html
      • Charter
      • Membership Document
      • Terms and Conditions
      • Fees
      • Information Sharing Policy
      • Disclaimer
  • Overviews
    • http://www.ren-isac.net/about/index.html
      • Flier
      • Executive Overview
  • Joining
    • http://www.ren-isac.net/membership.html
contacts
Contacts

Doug PearsonTechnical Directordodpears@ren-isac.net

http://www.ren-isac.net

24x7 Watch Desk:

soc@ren-isac.net

+1 (317) 278-6630