Educause Security Discussion mailing list archives
Re: Public list?
From: Kyle Kniffin <kyle () POLK EDU>
Date: Sat, 28 Mar 2015 13:57:24 +0000
Thank you all for the great feedback on REN-ISAC, it was very helpful. Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: Ken Connelly [ken.connelly () UNI EDU] Received: Saturday, 28 Mar 2015, 12:24AM To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU] Subject: Re: [SECURITY] Public list? You've probably already found the REN-ISAC web site, but if not, do take a look at the public portions available at http://www.ren-isac.net. The "about REN-ISAC" page, in particular, describes a number of the offerings. There is also a stated list of benefits at http://www.ren-isac.net/docs/membership.html#benefits. The biggest "win" is that REN-ISAC is a trust organization comprised of security-focused people at (mostly) higher education institutions. Information sharing guidelines apply to all REN-ISAC communication and vetting of all new nominees is done throughout the community. As a result, members are willing to share information and experiences with the group that they would not even consider disclosing on a public list. - ken On 3/27/15 7:12 PM, Kyle Kniffin wrote:
Out of curiosity, what are the real benefits from joining that can be used for selling the importance of REN-ISAC to upper management? Besides a non-public group, what tangible ongoing benefits are provided making it worth the cost? Appreciate the feedback. Sent from my Android phone using TouchDown (www.nitrodesk.com<http://www.nitrodesk.com>) -----Original Message----- From: David Lundy [dlundy () PACIFIC EDU] Received: Friday, 27 Mar 2015, 2:46PM To: SECURITY () LISTSERV EDUCAUSE EDU [SECURITY () LISTSERV EDUCAUSE EDU] Subject: Re: [SECURITY] Public list? +1 REN-ISAC is more than a private discussion list, but is a resource that is the research and higher education’s community for shared operational information for IT security. It is well worth the membership. David Lundy ----------------------------------- David Lundy Assistant IT Security Officer University of the Pacific Stockton, CA 95211 Email: dlundy () pacific edu<mailto:dlundy () pacific edu> Voice: 209-946-3951 Fax: 209-946-2898 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Marsden Sent: Friday, March 27, 2015 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Public list? Quick clarification, I *am* a member of REN-ISAC, and do find it to be an invaluable resource -- well worth the annual fee. I'd encourage anyone who is looking for a place to engage in discussions with discretion to join. I think it would be difficult to replicate what I think REN-ISAC already does pretty well. another $.02 -- Ben On Fri, Mar 27, 2015 at 1:11 PM, Ben Marsden <bmarsden () smith edu<mailto:bmarsden () smith edu>> wrote: My humble two cents, I think the current list is fine as a public list, and I don't need or want a monthly reminder of that. But, that said, I'd support a separate list that is closed, not logged, and has some form of vetted membership and non-disclosure MOU for more sensitive discussions, to meet the needs requested above. Not sure how feasible it is to set up and manage / monitor such a list though, and I'm surely not volunteering to take that on! -- Ben On Fri, Mar 27, 2015 at 12:55 PM, Matthew Trump <M.Trump () kent ac uk<mailto:M.Trump () kent ac uk>> wrote: Valerie, The UK equivalent is a closed list which is not publically available. Matthew Matthew Trump IT Security Officer | Information Services S.14 Cornwallis South, University of Kent, Canterbury. CT2 7NF Tel: 01227 826522 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Valerie Vogel Sent: 27 March 2015 16:31 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Public list? Hi Gary, Kevin, The Security Discussion list is one of many EDUCAUSE Constituent and Discussion Groups. These are open, informal ³communities of practice² and the lists are typically open for anyone to subscribe. The archives are also publicly available, and so they are sometimes collected or shared on sites like seclists.org<http://seclists.org> <http://seclists.org>. As noted on our website, http://www.educause.edu/discuss: "Postings to a Constituent Group listserv are indexed and archived in a publicly searchable format in keeping with the association¹s commitment to open sharing of ideas, issues, and practices involving information technology in higher education. This allows quick review of past discussions.² The suggestion to make the archives private has been raised (and considered) several times in the past by the Higher Education Information Security Council (HEISC) Leadership Team, but we have always determined that leaving the listserv open and the archives publicly accessible were in the best interest of the community. As noted below, the REN-ISAC is one option for a closed, vetted community. We would be happy start a dialog about the pros and cons to our current approach for this listserv. Please feel free to share your thoughts on this thread or contact me directly. Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374<tel:202.331.5374> | main: 202.872.4200<tel:202.872.4200> | twitter: @HEISCouncil | educause.edu<http://educause.edu> <http://educause.edu> On 3/27/15, 7:51 AM, "Kevin Halgren" <kevin.halgren () WASHBURN EDU<mailto:kevin.halgren () WASHBURN EDU>> wrote:RI has some additional requirements that make it less accessible to many of us, particularly those more peripherally involved in IT security and at smaller institutions that can't afford or are unwilling the pay the fee. This list has value as an adjunct to RI for those who already have access and a source of information for those who don't. I have to admit my original post here I had intended to send to a state list (oops), but you can't undo e-mail and I figured it was still relevant. I do question if it is in the common interest for this list to be truly public, or at least to publicly available quite so quickly. Anyone interested in taking this issue up with the group sponsors? I'd be particularly interested in hearing the arguments in favor of list archives remaining public. Kevin -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Ben Parker Sent: Friday, March 27, 2015 9:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Public list? It is all publically available on Educause's website as are all educause lists. If you need a private list, look at something like REN-ISAC. http://listserv.educause.edu/cgi-bin/wa.exe?A0=SECURITY -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Gary Warner Sent: Friday, March 27, 2015 10:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Public list? Is this list INTENDED to be publicly archived and shared? As I was googling about for something that I saw posted here, I found that all of our messages are being shared on seclists.org<http://seclists.org>. Example: http://seclists.org/educause/2015/q1/264 Please use caution when sharing information on-list. Be aware that what you post here is being publicly logged. If this list is NOT supposed to be publicly logged, could we review and address that, please? Thanks! ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham Center for Information Assurance and Joint Forensics Research 205.422.2113<tel:205.422.2113> gar () cis uab edu<mailto:gar () cis uab edu> ------------------------------------------------------------- ============================================ Ben Marsden : Information Security Director, CISSP/GISP ITS, Stoddard Hall, Smith College, Northampton, MA 01063 bmarsden [at] smith [.] edu 413 [.] 585 [.] 4479 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent! -- ============================================ Ben Marsden : Information Security Director, CISSP/GISP ITS, Stoddard Hall, Smith College, Northampton, MA 01063 bmarsden [at] smith [.] edu 413 [.] 585 [.] 4479 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent! ________________________________ Please Note: Due to Florida's very broad public records law, most written communications to or from College employees regarding College business are public records, available to the public and media upon request. Therefore, this email communication may be subject to public disclosure. Save a tree - Think before you print this email
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent! ________________________________ Please Note: Due to Florida's very broad public records law, most written communications to or from College employees regarding College business are public records, available to the public and media upon request. Therefore, this email communication may be subject to public disclosure. Save a tree - Think before you print this email
Current thread:
- Re: Public list?, (continued)
- Re: Public list? Gary Warner (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 27)
- Re: Public list? Matthew Trump (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? David Lundy (Mar 27)
- Re: Public list? Mike Osterman (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 27)
- Re: Public list? Ben Marsden (Mar 27)
- Re: Public list? Ken Connelly (Mar 27)
- Re: Public list? Kyle Kniffin (Mar 28)
- Re: Public list? Brad Judy (Mar 27)