Re: Public list?

[Ben Marsden <bmarsden () SMITH EDU>]

My humble two cents,  I think the current list is fine as a public list,
and I don't need or want a monthly reminder of that.  But, that said, I'd
 support a separate list that is closed, not logged, and has some form of
vetted membership and non-disclosure MOU for more sensitive discussions, to
meet the needs requested above.

Not sure how feasible it is to set up and manage / monitor such a list
though, and I'm surely not volunteering to take that on!

-- Ben


On Fri, Mar 27, 2015 at 12:55 PM, Matthew Trump <M.Trump () kent ac uk> wrote:

> Valerie,
>
> The UK equivalent is a closed list which is not publically available.
>
> Matthew
>
> Matthew Trump
> IT Security Officer  |  Information Services
> S.14 Cornwallis South, University of Kent, Canterbury. CT2 7NF
> Tel: 01227 826522
>
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel
> Sent: 27 March 2015 16:31
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Public list?
>
> Hi Gary, Kevin,
>
> The Security Discussion list is one of many EDUCAUSE Constituent and
> Discussion Groups. These are open, informal ³communities of practice² and
> the lists are typically open for anyone to subscribe. The archives are also
> publicly available, and so they are sometimes collected or shared on sites
> like seclists.org <http://seclists.org>.
>
> As noted on our website, http://www.educause.edu/discuss: "Postings to a
> Constituent Group listserv are indexed and archived in a publicly
> searchable format in keeping with the association¹s commitment to open
> sharing of ideas, issues, and practices involving information technology in
> higher education. This allows quick review of past discussions.²
>
> The suggestion to make the archives private has been raised (and
> considered) several times in the past by the Higher Education Information
> Security Council (HEISC) Leadership Team, but we have always determined
> that leaving the listserv open and the archives publicly accessible were in
> the best interest of the community. As noted below, the REN-ISAC is one
> option for a closed, vetted community.
>
> We would be happy start a dialog about the pros and cons to our current
> approach for this listserv. Please feel free to share your thoughts on this
> thread or contact me directly.
>
> Thank you,
> Valerie
>
> Valerie Vogel Program Manager
>
> EDUCAUSE
> Uncommon Thinking for the Common Good
>
> direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil |
> educause.edu <http://educause.edu>
>
>
>
>
> On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU> wrote:
>
> > RI has some additional requirements that make it less accessible to
> > many of us, particularly those more peripherally involved in IT
> > security and at smaller institutions that can't afford or are unwilling
> > the pay the fee.  This list has value as an adjunct to RI for those who
> > already have access and a source of information for those who don't.
> >
> > I have to admit my original post here I had intended to send to a state
> > list (oops), but you can't undo e-mail and I figured it was still
> > relevant.
> >
> > I do question if it is in the common interest for this list to be truly
> > public, or at least to publicly available quite so quickly.  Anyone
> > interested in taking this issue up with the group sponsors?
> >
> > I'd be particularly interested in hearing the arguments in favor of
> > list archives remaining public.
> >
> > Kevin
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Parker
> > Sent: Friday, March 27, 2015 9:38 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Public list?
> >
> > It is all publically available on Educause's website as are all
> > educause lists. If you need a private list, look at something like
> REN-ISAC.
> > http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY
> >
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Warner
> > Sent: Friday, March 27, 2015 10:35 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Public list?
> >
> > Is this list INTENDED to be publicly archived and shared?
> >
> > As I was googling about for something that I saw posted here, I found
> > that all of our messages are being shared on seclists.org.
> >
> > Example:
> >
> >    http://seclists.org/educause/2015/q1/264
> >
> >
> > Please use caution when sharing information on-list.  Be aware that
> > what you post here is being publicly logged.
> >
> > If this list is NOT supposed to be publicly logged, could we review and
> > address that, please?
> >
> > Thanks!
> >
> >
> >
> > ----------------------------------------------------------
> >
> > Gary Warner
> > Director of Research in Computer Forensics The University of Alabama at
> > Birmingham Center for Information Assurance and Joint Forensics
> > Research
> > 205.422.2113
> > gar () cis uab edu
> >
> > -----------------------------------------------------------



-- 
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!