Re: Public list?

[Kyle Kniffin <kyle () POLK EDU>]

Out of curiosity, what are the real benefits from joining that can be used for selling the importance of REN-ISAC to 
upper management?

Besides a non-public group, what tangible ongoing benefits are provided making it worth the cost?

Appreciate the feedback.

Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: David Lundy [dlundy () PACIFIC EDU]
Received: Friday, 27 Mar 2015, 2:46PM
To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU]
Subject: Re: [SECURITY] Public list?

+1
REN-ISAC is more than a private discussion list, but is a resource that is the research and higher education’s 
community for shared operational information for IT security.  It is well worth the membership.

David Lundy
-----------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu<mailto:dlundy () pacific edu>
Voice: 209-946-3951
Fax: 209-946-2898



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben 
Marsden
Sent: Friday, March 27, 2015 11:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public list?

Quick clarification,  I *am* a member of REN-ISAC, and do find it to be an invaluable resource -- well worth the annual 
fee.  I'd encourage anyone who is looking for a place to engage in discussions with discretion to join.  I think it 
would be difficult to replicate what I think REN-ISAC already does pretty well.

  another $.02

-- Ben


On Fri, Mar 27, 2015 at 1:11 PM, Ben Marsden <bmarsden () smith edu<mailto:bmarsden () smith edu>> wrote:
My humble two cents,  I think the current list is fine as a public list, and I don't need or want a monthly reminder of 
that.  But, that said, I'd  support a separate list that is closed, not logged, and has some form of vetted membership 
and non-disclosure MOU for more sensitive discussions, to meet the needs requested above.

Not sure how feasible it is to set up and manage / monitor such a list though, and I'm surely not volunteering to take 
that on!

-- Ben


On Fri, Mar 27, 2015 at 12:55 PM, Matthew Trump <M.Trump () kent ac uk<mailto:M.Trump () kent ac uk>> wrote:
Valerie,

The UK equivalent is a closed list which is not publically available.

Matthew

Matthew Trump
IT Security Officer  |  Information Services
S.14 Cornwallis South, University of Kent, Canterbury. CT2 7NF
Tel: 01227 826522





-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Valerie Vogel
Sent: 27 March 2015 16:31
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Public list?

Hi Gary, Kevin,

The Security Discussion list is one of many EDUCAUSE Constituent and Discussion Groups. These are open, informal 
³communities of practice² and the lists are typically open for anyone to subscribe. The archives are also publicly 
available, and so they are sometimes collected or shared on sites like seclists.org<http://seclists.org> 
<http://seclists.org>.

As noted on our website, http://www.educause.edu/discuss: "Postings to a Constituent Group listserv are indexed and 
archived in a publicly searchable format in keeping with the association¹s commitment to open sharing of ideas, issues, 
and practices involving information technology in higher education. This allows quick review of past discussions.²

The suggestion to make the archives private has been raised (and
considered) several times in the past by the Higher Education Information Security Council (HEISC) Leadership Team, but 
we have always determined that leaving the listserv open and the archives publicly accessible were in the best interest 
of the community. As noted below, the REN-ISAC is one option for a closed, vetted community.

We would be happy start a dialog about the pros and cons to our current approach for this listserv. Please feel free to 
share your thoughts on this thread or contact me directly.

Thank you,
Valerie

Valerie Vogel Program Manager

EDUCAUSE
Uncommon Thinking for the Common Good

direct: 202.331.5374<tel:202.331.5374> | main: 202.872.4200<tel:202.872.4200> | twitter: @HEISCouncil | 
educause.edu<http://educause.edu> <http://educause.edu>




On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU<mailto:kevin.halgren () WASHBURN EDU>> wrote:

> RI has some additional requirements that make it less accessible to
> many of us, particularly those more peripherally involved in IT
> security and at smaller institutions that can't afford or are unwilling
> the pay the fee.  This list has value as an adjunct to RI for those who
> already have access and a source of information for those who don't.
>
> I have to admit my original post here I had intended to send to a state
> list (oops), but you can't undo e-mail and I figured it was still
> relevant.
>
> I do question if it is in the common interest for this list to be truly
> public, or at least to publicly available quite so quickly.  Anyone
> interested in taking this issue up with the group sponsors?
>
> I'd be particularly interested in hearing the arguments in favor of
> list archives remaining public.
>
> Kevin
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Ben Parker
> Sent: Friday, March 27, 2015 9:38 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: Re: [SECURITY] Public list?
>
> It is all publically available on Educause's website as are all
> educause lists. If you need a private list, look at something like REN-ISAC.
>
> http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Gary Warner
> Sent: Friday, March 27, 2015 10:35 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: [SECURITY] Public list?
>
> Is this list INTENDED to be publicly archived and shared?
>
> As I was googling about for something that I saw posted here, I found
> that all of our messages are being shared on seclists.org<http://seclists.org>.
>
> Example:
>
>    http://seclists.org/educause/2015/q1/264
>
>
> Please use caution when sharing information on-list.  Be aware that
> what you post here is being publicly logged.
>
> If this list is NOT supposed to be publicly logged, could we review and
> address that, please?
>
> Thanks!
>
>
>
> ----------------------------------------------------------
>
> Gary Warner
> Director of Research in Computer Forensics The University of Alabama at
> Birmingham Center for Information Assurance and Joint Forensics
> Research
> 205.422.2113<tel:205.422.2113>
> gar () cis uab edu<mailto:gar () cis uab edu>
>
> -----------------------------------------------------------



--
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!



--
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!

________________________________

Please Note: Due to Florida's very broad public records law, most written communications to or from College employees 
regarding College business are public records, available to the public and media upon request. Therefore, this email 
communication may be subject to public disclosure.

Save a tree - Think before you print this email