July 1999 Vol. II No. I


From the Executive Board Chair

Since our conference in March I have been totally overtaken by events requiring 150% of my time in activities to help the Department of Energy "get well". If you haven't read the newspapers or heard the news about the many problems we are trying to correct, then you've been in outer space! Anyhow, that's my excuse for causing this issue of the FISSEA News and Views to be delayed for so long.

The exciting thing is, we are getting money for training!! The Secretary of Energy announced we will be training 1000 system administrators and security personnel by the end of this calendar year. Now that's a daunting undertaking, but we're going to get it done, and done well. Hopefully I will be able to share with you in a future newsletter or at our conference how we accomplished this, why we have established new requirements, and what assistance we have and will provide to the field to keep our work force up-to- date and computer/cyber security savvy. A major part of this initiative to improve our work force is targeted at all levels of management to increase their awareness of system vulnerabilities, to emphasize their responsibilities in managing their information technology resources (that includes personnel!), and to ensure they are accountable for their actions, especially in the area of accepting residual risk.

Our new Unclassified Cyber Security Policy, which is being prepared for submission to a Congressional committee by July 1, 1999, has incorporated new requirements for system administrators that may lead to a type of certification for them, but it definitely will influence the type of training required and the frequency of that training.

More on what's new at DOE, especially as it relates to our training initiatives, will be in the next issue. We have a development project underway that may be of interest – it's a "system administrator simulation" dealing with handling attacks. Keep posted for more news.

In closing, if I rambled, please excuse me. If what I've said isn't of general enough interest, please let me know that too! And, I thank the executive Board for once again putting their faith in me to lead this organization over the next year. Right now, it's very obvious I couldn't do this without the support of all the Board members, and especially without the support of the NIST folks.

Philip L. Sibert, CISSP
U. S. Department of Energy

Go to top of page

horizontal bar


The 1998 FISSEA Educator of the Year Award was presented to Louis M. Numkin at the 12th Annual FISSEA Conference held March 9-12, 1999. Mr. Numkin was nominated by K Rudolph, President of Native Intelligence, Inc.

Musings from the Educator of the Year

First, in all sincerity, let me state that it was a wonderful honor to receive the Educator of the Year award at the last FISSEA Annual Conference. To be honored by one's peers is perhaps the highest honor which can be bestowed during our working life.

FISSEA has been a good organization for me to contribute to. Simply attending the annual conferences, as I've done for many years, provided me with a lot of ideas and information sources to help in doing the "awareness, training, and education" phases of my job. But, this data's value is only slightly ahead of the opportunity afforded me to interact and communicate with computer security professionals from other Federal Agencies, Education, and Private Industry. I have remained close with some of these contacts over the years.

There is always a potential whether at the Emmy's or other award shows, that the awardee will neglect to mention the name of someone who helped along the way. Since this article is short, I can only mention a few special folks. It was my good fortune to meet this year's Conference Coordinator (extra ordinaire), Ann Brown, at an early conference. Her cohort in crime (and current FISSEA Exec Board Vice Chair), Pauline Bowen, was likewise an early pal. The three of us have shared a lot of good information over the years. Phil Sibert, the current Exec Board Chairman, is also the lead Computer Security guy at DOE - though we work for sister agencies, I really didn't get to know him well except through FISSEA activities. A non-Board member who it has been my good fortune to get to know is NativeIntelligence's K Rudolph. Her giving nature, creativity, and technical ability were demonstrated during this last conference and will hopefully continue to make our efforts more dynamic. The rest of the Board has been supportive and full of energy and ideas to help make our organization more viable, flexible, and worthwhile... and that I haven't mentioned all my supporters by name should not be seen as an slight by anyone.

Okay, so you ask, "what does winning the Educator of the Year award get you?" Well, I took my plaque with me into our agency cafeteria the other day to get a cup of coffee... and... it still cost me $.55 for the cup. I went next door and while holding the plaque, purchased a BigGame lottery ticket... but still only got one number out of the six possibles. It sat on the table when I ordered the blue plate special at a local diner... you guessed it... the plate was blue and so was the food. So, I made an executive decision... found a nice place for it on my wall... and will admire it, knowing that it stands for recognition by one's peers... which is something we don't always receive but which most of us would like to get. Thank you FISSEA.

Go to top of page

horizontal bar


The Honorable Constance A. Morella received the FISSEA First Meritorious Recognition Award in recognition of outstanding leadership and dedicated legislative efforts on behalf of information systems security education. The award was presented at the March 1999 Conference.

horizontal bar


The dates for the annual conference were approved at the May meeting by the Executive Board. The next conference will be held March 14-16, 2000. The conference will take place in three days rather than four and the exhibitors will set up on March 15th.

Go to top of page

horizontal bar


By Pauline Bowen

After the FISSEA Conference, which was held March 9 - 12, 1999, a self-help study group was formed to help each other study to take the CISSP exam. The group has been meeting in Alexandria, Virginia every Saturday since 3/21/99. We have also created a list serve so that anyone interested can join in the group on-line. Approximately 10 - 13 individuals show up each Saturday in Alexandria to study from 1-3 p.m. The participants take turns presenting the chapters, sharing ideas, test materials (when available) and providing encouragement and inspiration. We have finished domain one and are about ready to wrap up domain two. The web site for the list serve is: We currently have 49 members on the list serve and of these members 10 - 15 members participate in the Saturday study group. The paragraph below sums up our thoughts and feelings about how to accomplish this very important task. Please join us online or in person if you are interested in taking the CISSP exam.

List members participate in a self-help study group for the CISSP exam (see for info). NEW MEMBERS ARE ALWAYS WELCOME. People invest their time and energy, but the study group does not cost any money. The idea is to help each other understand the ten security domains, share experiences, motivate each other, and demonstrate our knowledge by passing the CISSP exam. We plan to meet on Saturdays from 1-3 p.m. If you run out of time during the week, you can still sleep in and read enough to participate on Saturday. If you can't attend one week, come the following week and you won't get far behind. We will exchange emails with any interested people and assist other self-help groups studying for the CISSP exam. Here is the web site for the 1999 handbook we plan to use for primary resource information in our study group.

Go to top of page

horizontal bar


The newly elected Executive Board Officers are:

Philip Sibert, Chair
Pauline Bowen, Assistant Chair
Patricia Black, Co-Conference Director
Lisa Biafore, Co-Conference Director
Louis Numkin, Newsletter Editor

horizontal bar


By Louis Numkin

Mr Tony Galante was selected as the first Chief Information Officer of the Nuclear Regulatory Commission on 3FEB97. During his tenure at our agency, he has supported our Computer Security initiatives by participating in the dry run audience for our all-employee 1998-9 Computer Security Awareness presentation, visiting our Computer Security Awareness Day activities, meeting with the 1998 Middle School Computer Ethics Essay Challenge winners and supporting our 1999 third grader Computer Ethics Poster competition, among other things. Since his tour of duty with the NRC is nearing its completion (1JUL99), I asked him if he would be willing to share some thoughts with our FISSEA readership. Here follow his comments:

"I guess what I try to communicate to people most of the time is we have a different paradigm out there today, one that says the professional person should not necessarily expect cradle to grave type employment anywhere - that's not what it's all about. Today, you're expected to manage your own career and in order to do that you've got to balance education with needs and experience. It is part of the things you put on a scale which you have to keep in balance. You have to be able to read your environment to know what's required of you and what's required of your peer group to remain competitive. And to continue with education in whatever (subject) is appropriate for the particular time.

"At the same time you should constantly take stock in yourself - it's healthy to keep your resume current - it's healthy to periodically go out and take an interview - what's the worst thing that could happen, they could offer you a job! You don't have to accept it but it certainly enlightens you as to what people are looking for in your particular area. It keeps you sharp with respect to your interviewing skills and techniques and it also is sometimes a wake-up call where you feel you are qualified for a particular position but in reality, you're not and you could learn why through a variety of interviews and paying attention to what is going on.

"When you are gainfully employed in an agency or corporation it's so important to get the training that is required of you to do what is expected in your current position. And I guess I have mentioned in the past that the computer security awareness type courses that you folks offer are successful. But, how do you rate success? I think it's easy in your area because Number One, if there aren't any problems, viruses, breaches, and things like that, it obviously says you are running a good program and people are listening and doing what you want them to do. Number Two, when you offer training and you articulate it and market your training in the context of "this is important" because of the nature of what you're trying to protect - the assets of the agency in the form of documents, intellect (if you will) committed to paper and committed to a digitized format. It's important to stay abreast of understanding how to do that and refresh yourself via the curriculum which you lay out for them.

"Then to open up their eyes as to what happens if you don't do this. I think you guys have been exceptionally successful in getting people to come to you without having had (what I call) a major incident. And I've seen enough folks out there in your role who have difficulty, unless there is a major problem. People don't spend a lot of time worrying about fire protection in their homes until something happens to them or the neighbor next door or they read about someone on the block - then they pay a lot of attention. You want that attention to be addressed the same way here with security. You're fortunate enough to get people to come to you before anything happens and to learn - you can see that from the statistics of your classes - by the way you market your goods, you are creative and people want to see you, they want to come and talk to you, they want to understand. And, then in the process, you also give examples of what can happen if you don't do this. And, those are always eye-opening. I can recall when I wasn't such a good driver and I lost my license due to too many points. In order to get my license back, I had to take some classes, and as part of those classes they had us look at some movies - movies, that they warn you in advance, are going to be a little rough. And when you view those movies and see what can really happen from driving recklessly and not paying attention to speed, without it actually happening to you, is a real awakening - that you get behind the wheel of a car and how dangerous it can be. It literally changed the way I drive because you can see what can in fact happen. And, I think you show and demonstrate that in your program - showing people some minor and some major disasters which occur from not doing the proper security to your respective workstations. And that's good, that has to continue.

"It's a little rough for some people, early on, because they don't know what to expect and they think that they have a lot of work to do when in reality they don't. But, as they get comfortable with your process and understand the message you're trying to communicate - when you walk them through and show them how easy it is, they become believers and it becomes a normal part of their workday. That's when you know you've hit a home run. So, I obviously support what you're doing. I encourage you to continue - it's enlightening to people and it's colorful. That way people do not view it as a technical thing that they have to participate in, they view it more as a learning experience done in a very nice, non-intimidating and comfortable way. And, as for the programs in the schools, start them young and teach them the basic skills before they take on the responsibilities of automation let proper use become second nature to them - it's an excellent program."

Thanks for your thoughtful remarks, Mr Galante. We'll miss you at the NRC.

Go to top of page

horizontal bar


The annual conference held this past March was successful in large part to the capable planning of the Conference Chair, Ann Brown. FISSEA owes a debt a gratitude to Ann for the countless hours she volunteered to make the conference one of the best yet. The theme was Paradigm Shifts for Teaching Computer Security in the New Millennium. There were 84 attendees and for 17, this was their first FISSEA conference.

Some random comments include:

  • Loved the snow!
  • Best conference for the cost!
  • A little expensive but good for 4 days worth of knowledge sharing.
  • Best opportunities to network with other attendees.
  • Audio support worst feature. (note, the Hilton has new management and plans to upgrade the system)
  • Tell presenters to bring handouts prior to presentation.
  • Would like more technical content.
  • Expectations exceeded, useful information.
  • Best feature: Meeting a network of security educators. For a newcomer, it helps with creating a point of contact list.
  • A very good conference overall.
  • Conference offers a wealth of information. The training could be more specific.

Go to top of page

horizontal bar


By: L. Arnold Johnson (NIST), Peggy Himes (NIST) and Marvella Towns (NSA)

NIAP1(see end of this article below) developed and offers training classes in the use and application of the Final Draft International Standard (FDIS) 15408 Common Criteria for Information Technology Security Evaluation (CC). The CC provides a comprehensive, rigorous method for specifying Information Technology (IT) functional and assurance requirements for products, or classes of products, in the form of Protection Profiles (PPs). It also provides an internationally recognized basis for specifying and testing a wide range of security technology, from components to products and systems.

NIAP intends to offer a series of training classes on the CC. These classes will review the contents of the CC standard and describe how it can be used for specifying IT security requirements and for evaluating security-enhanced IT products and systems. Below is a description of the first two available classes. A third class on the Common Evaluation Methodology (CEM) for the CC is currently under development.

Class Descriptions:

Class #1, "Common Criteria: Designing a Protection Profile": This four-day class provides introductory information to IT product developers, evaluators, and consumers on the use and application of the CC in the development of Protection Profiles (PP) and Security Targets (ST). Students are introduced to the naming conventions and the concepts of the CC, and obtain hands-on experience in defining IT security requirements and developing PPs and STs using practical, real-world examples. Students learn how a PP is evaluated and validated. The fee for this four-day class is $850 per student. The dates and locations of upcoming public classes are:

August 24-27 - NIST, Gaithersburg, MD
September 21-24 - NIST, Gaithersburg, MD

Class #2, "Familiarization with the Common Criteria": This one-day seminar provides a management overview of the CC. It focuses on the general model of the CC, basic terminology, and some of the fundamental usage concepts associated with the criteria such as Protection Profile and Security Target development. The fee for this one-day class is $250 per student. The date and location of the next public class is:

July 13 - NIST, Gaithersburg, MD

NIAP Web-site:
Other dates and venues are announced on the web-site under Events.

Contact Information:
For further information regarding NIAP Classes, call 410- 854-4458, ask for the CC Class Training Coordinator. To register for the classes, please contact the NIST Class Fee Coordinator at 301-975-2489 or

1 The National Information Assurance Partnership (NIAP) is a partnership between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) along with several industry supporters. The purpose of the partnership is to provide a means for enhancing the quality of information security products and to increase consumer confidence in those products that have been independently evaluated. NIAP's goals are to develop security test methods, extol the benefits of independent testing and validation, and encourage establishment of a robust commercial security testing industry. The internationally developed Common Criteria is the focus of much of NIAP's work.

Go to top of page

horizontal bar


The National Institute of Standards and Technology (NIST) requests computer security training and awareness materials for inclusion in the Federal Computer Security Training Resource Center web site repository. Materials covering the following areas of interest are: Laws/Policies/Regulations, Guidance, Procedures, Awareness, and Technical (both foundation and specifics)

Materials submitted will be made available to the general public and should be applicable for use by a broad range of Federal employees. Interested parties should contact Pat Toth 301-975-5140 or

horizontal bar


(Please note bios were submitted by individual board members)

LISA BIAFORE, Co-Conference Director
PATTI BLACK, Co-Conference Director
PAULINE BOWEN, Assistant Chair
LOUIS NUMKIN, Newsletter Editor

Lewis Baskerville
Department of Agriculture

Lewis Baskerville is employed by the Department of Agriculture, Farm Service Agency as an Information Systems Security Officer. Other than his ISSP duties, he represents the Agency at IRM, ADP, IT meetings and conferences such as USDA Departmental Councils, Interagency IRM Planning Groups, ISSP Security Committees and Data Management Working Groups. He works closely with various regulatory Agencies, such as NIST, NSA, OMB, GSA, OPM, and USDA to comply with their ADP/ISSP regulations and to satisfy their reporting requirements in the areas of Program Management, Information Management, Hardware, Software, and Electronic Transmission Services.

He has almost 30 years of Management Information Systems (MIS) experience (Government and Private Industry) as a Contractor/Consultant, Information Systems Security Officer (ISSO) and Administrator, IRM Strategic Planning, Contract, Project and Program Management, System Design and Development, Developing and Coordinating Computer Security Training, and Facilitating Management Retreats. He has a Graduate Certificate in Management Information Systems and a Bachelor of Science degree in Technology of Management and Administration from American University, two Associates of Applied Science degrees in Business Management and Computer Science from the University of the District of Columbia.

Lisa Biafore
Integrated Management Services, Inc.

Lisa Biafore is a Project Manager with Integrated Management Services, Inc. (IMSI) located in Arlington, VA. In the past 6 years she has worked with many of the Federal government agencies as well as a few commercial companies. With 15 years experience in computer security, Biafore has a varied background that includes security training, risk analysis, program and policy development, disaster recovery planning, compliance reviews, and the like. Prior to her employment with IMSI, Biafore worked as a Senior Security Analyst at Campbell Soup Company in New Jersey. Biafore earned a BS in Business from Glassboro State College and an MBA from Drexel University.

Patricia Black
Department of the Treasury

Patti Black organized and began managing the Departmental Systems Security Awareness and Training Program in 1986. She established and chairs Treasury's Systems Security Training Forum which is composed of representatives from all Treasury bureaus. As part of the awareness program, she established and managed Treasury's Telecommunications and Information Systems Security Awards Program from 1992-1996. As the Systems Security Training Manager, Patti represents the Treasury Department on various national level interagency training working groups including NSTISSC Education Training and Awareness Issues Group, Federal Information Systems Security Education Association, and the NIST Computer Security Program Manager's Forum. Patti has participated in numerous national-level systems security training activities with the goal of improving training standards and availability throughout the government. Patti received her bachelor degree from George Mason University in 1980.

Pauline Bowen
Food and Drug Administration

Pauline Bowen has been in the federal sector since being hired by the Federal Energy Regulatory Commission (FERC) in 1984. She was hired by the Food and Drug Administration (FDA) as an Information Systems Security Officer (ISSO) for the Agency in May 1991. During the 14 years at both FERC and FDA, she gained valuable experience as a systems administration and a information systems security program manager. She received her B.A. in Applied Behavioral Sciences from National-Louis University in 1989.

In January 1993 she was promoted to a computer specialist and became the FDA's Computer Security Program Manager for the Agency-wide Information Technology Security Program. In 1995 and 1996 she participated in the Computer Security Program Managers' Forum Workgroup on Automated Information System Security Plans Development. She has presented AIS security training instruction at the Indian Health Services's Annual ISSO Conference on several occasions and the 1998 Geologics Information Security Conference in Richmond. She regularly participates in the Federal Computer Security Program Managers' Forum, and she has been a member of FISSEA since 1992.

Blaine Burnham
Georgia Tech

Dr. Blaine Burnham joined Georgia Tech on December 14, 1998 as a Principal Research Scientist in the College of Computing to serve as the Director of the Georgia Tech Information Security Center (GTISC).

He most recently served as program manager for the National Security Agency (NSA) at Ft. Meade, Maryland. While at NSA Dr. Burnham established, promoted and sustained the Information Security Research Council for the Department of Defense as well as the intelligence community as a whole. He also achieved an operational prototype of a trusted client/server operation system; created and developed the Product Security Profile (PSP); and directed the Infosec Criteria and Guidelines organization that published half of the guideline documents, the Rainbow Series, and crafted the Federal Criteria. Dr. Burnham also did stints on the technical staffs of the Los Alamos National Laboratory and Sandia National Laboratory developing tools and techniques for achieving higher levels of information security.

Dr. Burnham received his Ph.D. and masters in Mathematics from Arizona State University and a B.S. in Mathematics from Idaho State University.

Barbara Cuffie
Social Security Administration

Barbara Cuffie was a secondary teacher in Baltimore public schools before starting her career with the Social Security Administration (SSA) over 32 years ago. She is Chief of the Security and Integrity Branch in the Office of Systems Planning and Integration and has served in that position since 1986.

Today Barbara finds it difficult to recall a time when she did not love her job in security and the variety of challenges and opportunities she experiences in the workplace daily. She wears a number of different hats with a wide range of responsibilities. She is now an Internal Control Officer, a Component Security Officer, a Property Management Officer, a Principle Security Officer, a project manager and a branch chief. She considers herself fortunate to have the support of an excellent staff, coworkers and her management. She is a past president of the Baltimore Metropolitan Chapter of ISSA and encourages her peers to participate in professional organizations like ISSA. She was particularly pleased when she became a CISSP in 1998.

Deborah Hefner
Bureau of the Public Debt

Debbie Hefner is a computer specialist in the Office of Information Technology at the Bureau of the Public Debt, Parkersburg, West Virginia. She is a member of the Security Evaluation Assistance Team (SEAT) that is responsible for providing policy and program development and oversight for security of IT resources on behalf of the CIO. They conduct security reviews of all sensitive systems and act as consultants to assist program offices in developing security plans for their sensitive systems as part of the accreditation process. Other responsibilities include the IT security training program at Public Debt and the incident response capability for computer security incidents. Debbie has 18 years of federal service with the past 3 devoted to IT security.

Louis Numkin
Nuclear Regulatory Commission

Louis Numkin is a senior computer security specialist in the Office of the Chief Information Officer at the US Nuclear Regulatory Commission. His duties relate to computer security awareness training, anti-virus activities, classified inspections of nuclear plants, disaster recovery planning, computer security plan review and approval, risk assessment, and the like. Prior to joining the NRC, Louis performed computer security for GSA on the FTS2000. Outside of the office, Numkin volunteers in an agency outreach program to provide computer security sessions for schools (elementary through high school) and for senior citizen centers, especially dealing in the area of Computer Ethics. Numkin's Bachelor's of Science Degree is in Business Administration and his Masters Degree is in Technology of Management (majoring in Management Information Systems and Computer Systems), both from the American University. Louis Numkin was awarded the FISSEA Educator of the Year Award for 1998.

Philip Sibert
Department of Energy

Phil Sibert has been in the federal sector since being hired by the Social Security Administration as a programmer trainee in June 1967. Over the next 18 ½ years at SSA he gained valuable experience as a programmer, social insurance systems analyst, and computer specialist. He has worked with IBM, Amdahl, and Univac mainframe computers, and various mini- and micro-computers during his career. In 1983 Phil began working in computer security related areas at SSA, working with TopSecret implementation and doing risk analyses.

In January 1986 he changed jobs to move full time into computer security at the U. S. Department of Energy headquarters facility located in Germantown, Maryland. In 1988 Phil became the Department's Computer Security Program Manager for the unclassified computer security program. In 1989 Phil was instrumental in establishing the first federal civilian agency computer incident response capability for DOE, called the Computer Incident Advisory Capability (CIAC). In 1996 Phil was instrumental in having CIAC become one of the core partners in the Federal Computer Incident Response Capability (FedCIRC).

Phil has been active in various government-wide working groups since 1983, having participated in the first Security Educator's Symposium convened at the Fort Meade Officer's Club in 1984, a precursor to today's Federal Information Systems Security Educators' Association. He was chosen to serve on the first Federal Computer Security Program Managers Forum steering committee, his term lasting nearly three years. Phil has also served on the FISSEA steering committee the past three years. Phil joined the Baltimore Chapter of the Information Systems Security Association in 1988 and has served on the Board of Directors in various capacities. He is a Certified Information Systems Security Professional, having passed the examination for that certification in 1996.

Caren Williams
Department of Justice

Caren Williams has been in the information systems security field since 1990. Ms. Williams is currently employed by the U.S. Department of Justice, where she manages the Department's security awareness and training program. She received her B.S. in information systems management from the University of Maryland University College.

Go to top of page

horizontal bar


Membership is open to information systems security professionals, trainers, educators, and managers who are responsible for information systems security training programs in federal agencies. Contractors of these agencies and faculty members of accredited educational institutions are also welcome.

There are no membership fees; all that is required is a willingness to share your products, information, and experiences. Send an e-mail to to join or call 301-975-2489.

horizontal bar


Submitted by Ann Brown

  1. DELETE it. (Don't let e-mail accumulate.)
  2. ALWAYS use the SUBJECT line. (Identify and keep to ONE topic per message.)
  3. Keep messages SHORT. (Don't over-use attachments.)
  4. CHILL before sending. (Don't FLAME.) There is NO PRIVACY in E-mail.
  5. BREAK the chain letters. (Be courageous and DELETE the DISALLOWED nonsense.)
  6. Be wary of ‘WARNINGS.' (Ask your ISSO to check its validity. The ISSO and LAN Administrator are the proper personnel to broadcast any legitimate warnings.)
  7. Be RESERVED in e-mail use. (Never substitute e-mail when a personal meeting, call, or touch, is needed, e.g., when reprimanding, rewarding, or releasing someone.)
  8. Learn and USE all security features (e.g. encryption, digital signatures, and password protected screen savers) otherwise there is NO PRIVACY on the Internet
  9. Label message as high priority ONLY when it is truly URGENT.
  10. Do unto others (Etiquette and manners are required, because on the Agency/ Company system YOU are representing the Agency/Company.)

Go to top of page

horizontal bar


The Good
Why we love E-mail/Internet:

  • E-mail gives us immediate documentation, that is time and date stamped.
  • E-mail is less intrusive than interruptions by telephone or personal visits.
  • We get to choose when we will put our attention to e-mail.
  • Sometimes it cuts the other person's verbosity and makes them organized.
  • We can organize our thoughts better and have the spell- checker at hand.
  • We can receive and send the same information to many others all at once.
  • We can write things up as we think about them; getting it off our mind and desk without having to find a time that is convenient for others. They do that.
  • We can even ignore e-mail. It is OK to throw out junk mail in any form.
  • Messages can be flagged high priority. (Just save that for the truly urgent!)
  • E-mail can be encrypted and certified when received/read.
  • We can find so much useful information on the Internet.
  • The Internet connects us to the whole world.

The Bad
Why we hate them:

  • E-mail is not private, neither is the Internet.
  • Copies can be found in the backups of many servers along the way.
  • E-mail can get misdirected (the wrong person selected from the directory).
  • It is sometimes embarrassing if we accidentally hit ‘reply all.'
  • There are ‘chain letters' forwarded in spite of requirements to the contrary.
  • Unprofessional or offensive jokes are easily and frequently circulated.
  • Once an e-mail is sent it can not be called back.
  • We can't prevent our message(s) being forwarded.
  • Attachments are not always easy to open and read.
  • People send us too many (and too bulky) e-messages.
  • We can find much incorrect information on the Internet.
  • The laws in other countries vary extensively from USA laws.

The Ugly
Why it is dangerous for us to use them:

  • They are logged and can be used against us in a court of law.
  • We leave a trail everywhere we travel on the Internet.
  • We can stumble onto a pornography site and our log will show it!
  • Downloading files of child pornography is a severely punished crime in the USA and Government employees have lost jobs and served jail time for it.
  • We come to work, read our e-mail, respond to it, and then its time to go home!
  • It is too easy to send a ‘hot' message back before we ‘cool' down.
  • They are addictive and, more and more, of our times being taken up by surfing the Internet and sending e- mail.
  • Copyright laws still may apply to some items found on the Internet.
  • On-line gambling and investing may hook a surfer.
  • Users must beware of non-reviewed sources and misleading/phony web sites.
  • One's address book can be wiped out when the software is updated.
  • Malicious Macros like ‘Melissa' DO exist!

Go to top of page

horizontal bar

Back arrow Back to FISSEA Homepage back arrow Back to Newsletter Index back arrow Back to CSRC Homepage

Please send comments or suggestions to
Last Modified: July 25, 2001.