Educause Security Discussion mailing list archives

Re: Public list?

From: Kyle Kniffin <kyle () POLK EDU>
Date: Sat, 28 Mar 2015 13:57:24 +0000

Thank you all for the great feedback on REN-ISAC, it was very helpful.

Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: Ken Connelly [ken.connelly () UNI EDU]
Received: Saturday, 28 Mar 2015, 12:24AM
To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU]
Subject: Re: [SECURITY] Public list?

You've probably already found the REN-ISAC web site, but if not, do take
a look at the public portions available at http://www.ren-isac.net.  The
"about REN-ISAC" page, in particular, describes a number of the
offerings.  There is also a stated list of benefits at
http://www.ren-isac.net/docs/membership.html#benefits.

The biggest "win" is that REN-ISAC is a trust organization comprised of
security-focused people at (mostly) higher education institutions.
Information sharing guidelines apply to all REN-ISAC communication and
vetting of all new nominees is done throughout the community.  As a
result, members are willing to share information and experiences with
the group that they would not even consider disclosing on a public list.

- ken

On 3/27/15 7:12 PM, Kyle Kniffin wrote:

Out of curiosity, what are the real benefits from joining that can be used for selling the importance of REN-ISAC to 
upper management?

Besides a non-public group, what tangible ongoing benefits are provided making it worth the cost?

Appreciate the feedback.

Sent from my Android phone using TouchDown (www.nitrodesk.com<http://www.nitrodesk.com>)

-----Original Message-----
From: David Lundy [dlundy () PACIFIC EDU]
Received: Friday, 27 Mar 2015, 2:46PM
To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU]
Subject: Re: [SECURITY] Public list?

+1
REN-ISAC is more than a private discussion list, but is a resource that is the research and higher education’s 
community for shared operational information for IT security.  It is well worth the membership.

David Lundy
-----------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu<mailto:dlundy () pacific edu>
Voice: 209-946-3951
Fax: 209-946-2898



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben 
Marsden
Sent: Friday, March 27, 2015 11:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public list?

Quick clarification,  I *am* a member of REN-ISAC, and do find it to be an invaluable resource -- well worth the 
annual fee.  I'd encourage anyone who is looking for a place to engage in discussions with discretion to join.  I 
think it would be difficult to replicate what I think REN-ISAC already does pretty well.

  another $.02

-- Ben


On Fri, Mar 27, 2015 at 1:11 PM, Ben Marsden <bmarsden () smith edu<mailto:bmarsden () smith edu>> wrote:
My humble two cents,  I think the current list is fine as a public list, and I don't need or want a monthly reminder 
of that.  But, that said, I'd  support a separate list that is closed, not logged, and has some form of vetted 
membership and non-disclosure MOU for more sensitive discussions, to meet the needs requested above.

Not sure how feasible it is to set up and manage / monitor such a list though, and I'm surely not volunteering to 
take that on!

-- Ben


On Fri, Mar 27, 2015 at 12:55 PM, Matthew Trump <M.Trump () kent ac uk<mailto:M.Trump () kent ac uk>> wrote:
Valerie,

The UK equivalent is a closed list which is not publically available.

Matthew

Matthew Trump
IT Security Officer  |  Information Services
S.14 Cornwallis South, University of Kent, Canterbury. CT2 7NF
Tel: 01227 826522





-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Valerie Vogel
Sent: 27 March 2015 16:31
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Public list?

Hi Gary, Kevin,

The Security Discussion list is one of many EDUCAUSE Constituent and Discussion Groups. These are open, informal 
³communities of practice² and the lists are typically open for anyone to subscribe. The archives are also publicly 
available, and so they are sometimes collected or shared on sites like seclists.org<http://seclists.org> 
<http://seclists.org>.

As noted on our website, http://www.educause.edu/discuss: "Postings to a Constituent Group listserv are indexed and 
archived in a publicly searchable format in keeping with the association¹s commitment to open sharing of ideas, 
issues, and practices involving information technology in higher education. This allows quick review of past 
discussions.²

The suggestion to make the archives private has been raised (and
considered) several times in the past by the Higher Education Information Security Council (HEISC) Leadership Team, 
but we have always determined that leaving the listserv open and the archives publicly accessible were in the best 
interest of the community. As noted below, the REN-ISAC is one option for a closed, vetted community.

We would be happy start a dialog about the pros and cons to our current approach for this listserv. Please feel free 
to share your thoughts on this thread or contact me directly.

Thank you,
Valerie

Valerie Vogel Program Manager

EDUCAUSE
Uncommon Thinking for the Common Good

direct: 202.331.5374<tel:202.331.5374> | main: 202.872.4200<tel:202.872.4200> | twitter: @HEISCouncil | 
educause.edu<http://educause.edu> <http://educause.edu>




On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU<mailto:kevin.halgren () WASHBURN EDU>> wrote:

RI has some additional requirements that make it less accessible to
many of us, particularly those more peripherally involved in IT
security and at smaller institutions that can't afford or are unwilling
the pay the fee.  This list has value as an adjunct to RI for those who
already have access and a source of information for those who don't.

I have to admit my original post here I had intended to send to a state
list (oops), but you can't undo e-mail and I figured it was still
relevant.

I do question if it is in the common interest for this list to be truly
public, or at least to publicly available quite so quickly.  Anyone
interested in taking this issue up with the group sponsors?

I'd be particularly interested in hearing the arguments in favor of
list archives remaining public.

Kevin


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Ben Parker
Sent: Friday, March 27, 2015 9:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Public list?

It is all publically available on Educause's website as are all
educause lists. If you need a private list, look at something like REN-ISAC.

http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Gary Warner
Sent: Friday, March 27, 2015 10:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Public list?

Is this list INTENDED to be publicly archived and shared?

As I was googling about for something that I saw posted here, I found
that all of our messages are being shared on seclists.org<http://seclists.org>.

Example:

   http://seclists.org/educause/2015/q1/264


Please use caution when sharing information on-list.  Be aware that
what you post here is being publicly logged.

If this list is NOT supposed to be publicly logged, could we review and
address that, please?

Thanks!



----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics The University of Alabama at
Birmingham Center for Information Assurance and Joint Forensics
Research
205.422.2113<tel:205.422.2113>
gar () cis uab edu<mailto:gar () cis uab edu>

-----------------------------------------------------------



--
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!



--
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!

________________________________

Please Note: Due to Florida's very broad public records law, most written communications to or from College employees 
regarding College business are public records, available to the public and media upon request. Therefore, this email 
communication may be subject to public disclosure.

Save a tree - Think before you print this email


--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!

________________________________

Please Note: Due to Florida's very broad public records law, most written communications to or from College employees 
regarding College business are public records, available to the public and media upon request. Therefore, this email 
communication may be subject to public disclosure.

Save a tree - Think before you print this email

Current thread:

Re: Public list?, (continued)
- - - Re: Public list? Gary Warner (Mar 27)
    - Re: Public list? Kyle Kniffin (Mar 27)
    - Re: Public list? Matthew Trump (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? David Lundy (Mar 27)
    - Re: Public list? Mike Osterman (Mar 27)
    - Re: Public list? Kyle Kniffin (Mar 27)
    - Re: Public list? Ben Marsden (Mar 27)
    - Re: Public list? Ken Connelly (Mar 27)
    - Re: Public list? Kyle Kniffin (Mar 28)
    - Re: Public list? Brad Judy (Mar 27)