FISSEA Members' E-Mail List:

FISSEA Members' E-Mail List: The NIST Computer Security Division is hosting the FISSEA membership e-mail list in support of FISSEA and the federal IT security community. The list is not moderated; any FISSEA member subscribed to the list can post a message directly to the list. However, to help ensure that this service does not become a free-for-all . . . an example of anarchism in action . . . we are asking for your help in following the guidance in this note. For example, there is a correct way to ask to be removed from the list, a way that does not result in every other member on the list hearing a "get me off this list" request, and inflaming the entire membership in the process. This issue is addressed in detail below.

Why A FISSEA Membership List?:

Why a list? This list will allow you to converse with other IT security professionals who have an interest in awareness, training, and education issues. Any issue related to federal IT security awareness, training, and education is fair game for this list. It can be used to ask for help from the many veterans in FISSEA who have experience designing, developing, implementing, and maintaining awareness and training programs.

Why a list? Do you have an awareness program, but need to develop a training course for a particular audience? Chances are that some other FISSEA members have already developed this for their agencies. Ask if anyone would send you their material, or an outline, if you just need to get started. Are you considering hiring a contractor to develop awareness or training material? Would you like input from people who can recommend someone? Would you like to know what material is out there for the taking? DISA (do you know who they are?), Department of Energy, and other agencies have material you can download. I'm sure you will find other reasons to use the list . . . just ask.

To Post A Message To The FISSEA List:

To post a message to the list, send it to:

fissea@nist.gov

The list is not moderated, in that neither Peggy Himes nor I review each message before it is allowed to hit the list.

Controls On The FISSEA List:

Only people who have been subscribed (added) to the list by Peggy or I can post messages to the list. The upside is that we should not see spam from outside the list. The downside is that even though you are a FISSEA list member, if you attempt to send a message to the list from an address that is not on the list (e.g., your home account, a secondary work account) the e-mail list server here at NIST will not allow your message to be posted. For example, I am known to the FISSEA list as mark.wilson@nist.gov. However, if my e-mail package knows me as mwilson@nist.gov and identifies outgoing messages as such, this address will not be recognized by the FISSEA list. Make sure that the address that your e-mail package assigns to your outgoing messages is the same as the address you provided us when you joined FISSEA.

If you want to be able to send messages to the list from an account other than the one you are using now, let Peggy know. If you send a message to:

fisseamembership@nist.gov

To Unsubscribe From The FISSEA List:

To get our attention to remove your address from the list, send a message to:

fisseamembership@nist.gov

Do not send a message to the list asking to be removed. The last time this occurred there were so many "get me off this list" follow-up requests that we had to shut the list down for an extended period of time until we sorted through all of these requests and updated the subscriber list. Some of these requests were from members who were perfectly content with the flurry of messages on the list that dealt with awareness, training, and education, but were quickly disillusioned by the "get me off . . ." messages sent to the entire membership.

Your List And Attached Files:

Please do not send attached files to the list. If, during the course of corresponding to fellow list members about an awareness or training course or module that you have developed, someone asks for it, send it to them, not to the list. If there is significant interest in material that you are developing, we would encourage (beg) you to send it to us (Peggy or me) and let us post it on our Awareness, Training, and Education pages of our Computer Security Resource Center (CSRC) - http://csrc.nist.rip/ATE/. If you send a file to the list, we will provide one reminder. If you send a second file we will remove you from the list.

Your List And Replying To A Message:

If you reply to a message from someone on the list, your reply should go only to the sender, not to everyone on the list. When you begin to reply, check the address that appears in the "To:" block of your soon-to-be-outgoing message; make sure it is to the sender and not the list. Keep in mind that the list has several hundred members. Determine before you send your reply if your message would be of value to many of the list members, or to just the sender to whom you are replying. If your e-mail package's default is set to "reply to sender" (the entire FISSEA list) or "reply to all" please change the default, or change the address that your mailer places in the "To:" line to the individual who should receive your reply.

Your List And "Me Too" Messages:

Please avoid sending "me too" agreement messages to the list. If you would like a copy or follow-up information related to something that a member has posted, send a message to that individual, not to the entire membership.

Your List And Advertisements:

Advertisements will not be posted to the list. During the March 2002 FISSEA Conference business meeting, we discussed the practice of posting advertisements to the list. Since May 2001, we have posted ads to the list. However, we have noticed that the frequency of ads appearing on the list has increased, while the frequency of messages that would inspire an exchange of information - the purpose for the list - has decreased. Following discussion during the 2002 Conference, the membership decided that ads should not be posted to the list.

If a FISSEA member sends a message to the list, asking for help in creating awareness or training material, vendors on the list may reply, but must do so privately . . . not to the list.

Providers of awareness, training, and education material and related services may have their company or school listed on the NIST Computer Security Resource Center (CSRC) website, on the appropriate awareness, training, education (ATE), and professional development page(s). If your business or school is not already listed in the ATE pages on CSRC, let me know. The ATE pages are at:

http://csrc.nist.rip/ATE

Within reason, we will mention upcoming events on CSRC's Events page, which can be found at:

http://csrc.nist.rip/events/

One Last Word On Advertisements:

If you reply to a query sent to the list (asking for sources of training or material, for example), ensure that your reply is not a thinly veiled ad. One way to avoid this possibility is by replying directly to the individual who is asking for assistance, not to the entire membership. If you send such an ad to the list, you will hear from us. A second occurrence will result in removal of your e-mail address from the FISSEA e-mail list. (You would continue to be a FISSEA member, but would not be on the membership's e-mail list.)

Thanks, and enjoy your list. Please contact me if you have any questions or concerns.

Mark Wilson
NIST/FISSEA Liaison
(301) 975-3870
mark.wilson@nist.gov

(last updated on March 12, 2002)