What are the responsibilities of the Management Representative?
The Management Representative has 3 main responsibilities:
- Maintain the institution’s membership roster and to make timely adjustments when adding and removing member representatives.
- Provide billing information and to ensure payment when invoices are sent.
- Act as a point of contact for REN-ISAC administration.
Instructions on how to meet those responsibilities are provided in this document. Should you have any questions that are not addressed here, feel free to email REN-ISAC Member Services and Support.
Section 1. Maintaining your REN-ISAC Roster
When you first logon you are looking at the Home Screen. There are 5 sections described below, and each is labeled in Figure 1.
- Navigation Pane: allows you to look at the roster of other institutions, link to our Members Wiki, and more
- Member Info Pane: The name of your institution, how you are classified for billing, and more
- Management Rep Pane: Information about the primary Management Representative
- Billing Information Pane: Billing contact information, billing status, and PO number
- Member Roster: Shows active and deleted member reps, allows you to nominate and delete reps
Only a Management Representative can nominate a new member representative. Follow these instructions to make a nomination from our registry.
- Click here to visit our Registry.
- Enter your email address as your username. If you need a password reset, click the “Forgot Password?” link on the log-in page.
- Once logged in, you will see your institution's home screen, including a list of people at the bottom of the screen. To make a nomination, click the red ADD button on the left.
- Add the new member’s name and choose the appropriate community for them:
- OPS (Security Operations) – For individuals with hands-on security protection responsibilities and/or involvement with incident response for the entire institution.
- GENERAL – For practitioners whose operational security responsibilities are associated with specific enterprise applications; or, whose responsibilities aren't strictly "security operational," such as risk, compliance, and IAM; or, whose security responsibilities are not institution-wide.
- OFFICER – For executives with information security responsibilities.
- Once submitted, the nominated person will need to fill out a profile and sign the Information Sharing Policy agreement.
- The nomination will be forwarded to the community for a vetting period of six business days.
Note: Screen resolution is very important for being able to see and access all options in the Registry. Your browser screen resolution should be set to so you can see the full width of the page. You can verify this by checking whether you see the Add and Remove buttons at the far right of the home screen. See the images below.
Member representative nominations and deletions can be made via your Registry account. It’s important to keep your roster up to date, so follow these instructions to make changes:
- Visit our Registry.
- Enter your email address as your username. If you need a password reset, click the “Forgot Password?” link on the log-in page.
- Once logged in, you will see your institution's home screen, including a list of people at the bottom of the screen.
- To remove a member representative, click the Remove button (the trash bin icon) next to their record.
- You will be prompted for the "standing" of the person you are deleting (see next section for an explanation)
- The individual’s status will change to "deleted," but their record will still show up on your roster. Once in "deleted" status, the person's access to REN-ISAC resources will be removed.
We ask on behalf of our community members because REN-ISAC is a trust community. When a Member Rep leaves REN-ISAC, we announce to the membership whether the departure was in "good standing" or "undeclared standing." As part of the trust community, members have extended trust to the person by virtue of their participation in REN-ISAC. When a member leaves REN-ISAC, we need to indicate if there is a reason to reconsider, or to re-establish, that trust in a different context.
Please note, "undeclared standing" means the institution is unable to provide a declaration either due to institutional policy, an unknown reason, or unresponsiveness to our requests. Undeclared standing is not itself a trust indicator; however, if members extended trust to the person by virtue of REN-ISAC membership, that trust may need to be re-established in another context.
Yes, you can! In fact, we encourage it. To do so, send a request to membership@ren-isac.net and let us know with whom you would like to share this responsibility. The person must be a member representative. If they aren’t already, please nominate them (see eligibility information below).
Membership eligibility is extended to all full-time employees of a member institution who are involved with information security. For those that are devoted to information security, and who have hands-on responsibility for defensive systems and response actions there is a more action-focused community called Security Operations, or OPS. These are the folks who manage and configure firewalls, intrusion detection/prevention systems, vulnerability scanners, and other security systems, as well as those involved with incident response.
For other types of security professionals, such as those involved with identity and access management, risk compliance, internal audit, ERP system admins, we have the General community. Members of the General community share a mailing list with the OPS folks, where they can share recommendations, ideas, and much more.
For those executives who have some involvement with information security, we have the Officers community, which allows those executives to stay involved with what is happening at REN-ISAC without the large volume of email that the OPS and General communities generate.
Email REN-ISAC Member Services and Support explaining the change and providing the full name, job title, and email address of the person taking over the Management Rep role.
Section 2. Billing Contact Information
We encourage you to verify your billing information at least once a year. Here’s how:
- Visit our Registry.
- Enter your email address as your username. If you need a password reset, click the “Forgot Password?” link on the log-in page.
- Once logged in, you will see your institution's home screen. Information about your institution will be on the left side of the screen.
- To edit your billing information, click the three dots circled in the screen shot below and then choose “Modify.”
- Once you’ve completed your changes, be sure to click the “Update Member” button at the bottom of the screen.
Current members will receive an invoice sometime in May or June each year. A PDF of the invoice is sent by email to the Management Representative. A copy is sent to the secondary email address listed in the Billing Information. We encourage all member institutions to provide a secondary billing contact besides the management representative.
No, unfortunately the way our system works we cannot issue invoices outside of the May/June timeframe. The only exception to this is a new institution joining for the first time, when we issue an invoice after the institution is a full, active member.
Email billing@ren-isac.net for billing-related questions.
Section 3. Being our point of contact
There are times when we may need to contact a decision-maker at your institution. As a Management Representative, you are expected to pay attention to email received from @REN-ISAC.NET addresses.
To help ensure you don’t miss important information from us, here are some general guidelines:
- Do not create rules based solely on "@REN-ISAC.NET"
- Base your rules on the list address or subject line (see below)
- Make a special exception for RI-ANNOUNCE
- Be sure REN-ISAC email is whitelisted at your institution
For further information, please visit The Hub.
Section 4. Other Information
The Registry is our database of member institutions and representatives. Currently, it can be used to manage your membership information and roster of member representatives. We are continuing to develop the Registry and will be adding new features in the coming months and years.
The Hub is a member's only platform that will enable you and your organization to easily access timely alerts, maintain situational awareness, and share and receive sector-specific threat information. The Hub can be accessed through a web or mobile app.
Active members can request a password reset by visiting our Registry and clicking the “Forgot Password” link. A reset link will be sent to your email address. Should you continue to have difficulty logging in, you can email our SOC or call 317-274-7228.
Reset requests made during normal business hours (US Eastern) will usually be answered within 15 minutes. Requests made during off-hours will require additional response time. If you have a timesensitive or critical need for a reset, please call 317-274-7228.