Educause Security Discussion mailing list archives
Re: Public list?
From: Ben Marsden <bmarsden () SMITH EDU>
Date: Fri, 27 Mar 2015 14:28:44 -0400
Quick clarification, I *am* a member of REN-ISAC, and do find it to be an invaluable resource -- well worth the annual fee. I'd encourage anyone who is looking for a place to engage in discussions with discretion to join. I think it would be difficult to replicate what I think REN-ISAC already does pretty well. another $.02 -- Ben On Fri, Mar 27, 2015 at 1:11 PM, Ben Marsden <bmarsden () smith edu> wrote:
My humble two cents, I think the current list is fine as a public list, and I don't need or want a monthly reminder of that. But, that said, I'd support a separate list that is closed, not logged, and has some form of vetted membership and non-disclosure MOU for more sensitive discussions, to meet the needs requested above. Not sure how feasible it is to set up and manage / monitor such a list though, and I'm surely not volunteering to take that on! -- Ben On Fri, Mar 27, 2015 at 12:55 PM, Matthew Trump <M.Trump () kent ac uk> wrote:Valerie, The UK equivalent is a closed list which is not publically available. Matthew Matthew Trump IT Security Officer | Information Services S.14 Cornwallis South, University of Kent, Canterbury. CT2 7NF Tel: 01227 826522 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel Sent: 27 March 2015 16:31 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Public list? Hi Gary, Kevin, The Security Discussion list is one of many EDUCAUSE Constituent and Discussion Groups. These are open, informal ³communities of practice² and the lists are typically open for anyone to subscribe. The archives are also publicly available, and so they are sometimes collected or shared on sites like seclists.org <http://seclists.org>. As noted on our website, http://www.educause.edu/discuss: "Postings to a Constituent Group listserv are indexed and archived in a publicly searchable format in keeping with the association¹s commitment to open sharing of ideas, issues, and practices involving information technology in higher education. This allows quick review of past discussions.² The suggestion to make the archives private has been raised (and considered) several times in the past by the Higher Education Information Security Council (HEISC) Leadership Team, but we have always determined that leaving the listserv open and the archives publicly accessible were in the best interest of the community. As noted below, the REN-ISAC is one option for a closed, vetted community. We would be happy start a dialog about the pros and cons to our current approach for this listserv. Please feel free to share your thoughts on this thread or contact me directly. Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu <http://educause.edu> On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU> wrote:RI has some additional requirements that make it less accessible to many of us, particularly those more peripherally involved in IT security and at smaller institutions that can't afford or are unwilling the pay the fee. This list has value as an adjunct to RI for those who already have access and a source of information for those who don't. I have to admit my original post here I had intended to send to a state list (oops), but you can't undo e-mail and I figured it was still relevant. I do question if it is in the common interest for this list to be truly public, or at least to publicly available quite so quickly. Anyone interested in taking this issue up with the group sponsors? I'd be particularly interested in hearing the arguments in favor of list archives remaining public. Kevin -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Parker Sent: Friday, March 27, 2015 9:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Public list? It is all publically available on Educause's website as are all educause lists. If you need a private list, look at something likeREN-ISAC.http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Warner Sent: Friday, March 27, 2015 10:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Public list? Is this list INTENDED to be publicly archived and shared? As I was googling about for something that I saw posted here, I found that all of our messages are being shared on seclists.org. Example: http://seclists.org/educause/2015/q1/264 Please use caution when sharing information on-list. Be aware that what you post here is being publicly logged. If this list is NOT supposed to be publicly logged, could we review and address that, please? Thanks! ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and Joint Forensics Research 205.422.2113 gar () cis uab edu ------------------------------------------------------------- ============================================ Ben Marsden : Information Security Director, CISSP/GISP ITS, Stoddard Hall, Smith College, Northampton, MA 01063 bmarsden [at] smith [.] edu 413 [.] 585 [.] 4479 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent!
-- ============================================ Ben Marsden : Information Security Director, CISSP/GISP ITS, Stoddard Hall, Smith College, Northampton, MA 01063 bmarsden [at] smith [.] edu 413 [.] 585 [.] 4479 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent!
Current thread:
- Public list? Gary Warner (Mar 27)
- Re: Public list? Ben Parker (Mar 27)
- Re: Public list? Kevin Halgren (Mar 27)
- Re: Public list? Valerie Vogel (Mar 27)
- Re: Public list? Gary Warner (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 27)
- Re: Public list? Matthew Trump (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? David Lundy (Mar 27)
- Re: Public list? Mike Osterman (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? Ken Connelly (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 28)
- Re: Public list? Kevin Halgren (Mar 27)
- Re: Public list? Ben Parker (Mar 27)
- Re: Public list? Brad Judy (Mar 27)