Educause Security Discussion mailing list archives

Re: Public list?

From: Brad Judy <brad.judy () CU EDU>
Date: Fri, 27 Mar 2015 17:49:26 +0000

Also keep in mind that direct subscription to this list is not limited to EDU employees either.  I don't see a way to 
readily view the list of subscribers, but there are certainly many private companies on Educause lists.

Brad Judy
 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie 
Vogel
Sent: Friday, March 27, 2015 10:31 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public list?

Hi Gary, Kevin, 

The Security Discussion list is one of many EDUCAUSE Constituent and Discussion Groups. These are open, informal 
³communities of practice² and the lists are typically open for anyone to subscribe. The archives are also publicly 
available, and so they are sometimes collected or shared on sites like seclists.org <http://seclists.org>.

As noted on our website, http://www.educause.edu/discuss: "Postings to a Constituent Group listserv are indexed and 
archived in a publicly searchable format in keeping with the association¹s commitment to open sharing of ideas, issues, 
and practices involving information technology in higher education. This allows quick review of past discussions.²

The suggestion to make the archives private has been raised (and
considered) several times in the past by the Higher Education Information Security Council (HEISC) Leadership Team, but 
we have always determined that leaving the listserv open and the archives publicly accessible were in the best interest 
of the community. As noted below, the REN-ISAC is one option for a closed, vetted community.

We would be happy start a dialog about the pros and cons to our current approach for this listserv. Please feel free to 
share your thoughts on this thread or contact me directly.

Thank you,
Valerie

Valerie Vogel Program Manager

EDUCAUSE
Uncommon Thinking for the Common Good

direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu <http://educause.edu>




On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU> wrote:

RI has some additional requirements that make it less accessible to 
many of us, particularly those more peripherally involved in IT 
security and at smaller institutions that can't afford or are unwilling 
the pay the fee.  This list has value as an adjunct to RI for those who 
already have access and a source of information for those who don't.

I have to admit my original post here I had intended to send to a state 
list (oops), but you can't undo e-mail and I figured it was still 
relevant.

I do question if it is in the common interest for this list to be truly 
public, or at least to publicly available quite so quickly.  Anyone 
interested in taking this issue up with the group sponsors?

I'd be particularly interested in hearing the arguments in favor of 
list archives remaining public.

Kevin


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Parker
Sent: Friday, March 27, 2015 9:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public list?

It is all publically available on Educause's website as are all 
educause lists. If you need a private list, look at something like REN-ISAC.

http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Warner
Sent: Friday, March 27, 2015 10:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Public list?

Is this list INTENDED to be publicly archived and shared?

As I was googling about for something that I saw posted here, I found 
that all of our messages are being shared on seclists.org.

Example:  

   http://seclists.org/educause/2015/q1/264


Please use caution when sharing information on-list.  Be aware that 
what you post here is being publicly logged.

If this list is NOT supposed to be publicly logged, could we review and 
address that, please?

Thanks!



----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics The University of Alabama at 
Birmingham Center for Information Assurance and Joint Forensics 
Research
205.422.2113
gar () cis uab edu

-----------------------------------------------------------

Current thread:

Re: Public list?, (continued)
- - - Re: Public list? Kyle Kniffin (Mar 27)
    - Re: Public list? Matthew Trump (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? David Lundy (Mar 27)
    - Re: Public list? Mike Osterman (Mar 27)
    - Re: Public list? Kyle Kniffin (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? Ken Connelly (Mar 27)
    - Re: Public list? Kyle Kniffin (Mar 28)
    - Re: Public list? Brad Judy (Mar 27)