July 1999 Vol. II No. I
Executive Board Chair
Since our conference in March I have been totally
overtaken by events requiring 150% of my time in activities to help
the Department of Energy "get well". If you haven't read the
newspapers or heard the news about the many problems we are trying to
correct, then you've been in outer space! Anyhow, that's my excuse for
causing this issue of the FISSEA News and Views to be delayed
for so long.
The exciting thing is, we are getting money for training!! The
Secretary of Energy announced we will be training 1000 system
administrators and security personnel by the end of this calendar
year. Now that's a daunting undertaking, but we're going to get it
done, and done well. Hopefully I will be able to share with you in a
future newsletter or at our conference how we accomplished this, why
we have established new requirements, and what assistance we have and
will provide to the field to keep our work force up-to- date and
computer/cyber security savvy. A major part of this initiative to
improve our work force is targeted at all levels of management to
increase their awareness of system vulnerabilities, to emphasize their
responsibilities in managing their information technology resources
(that includes personnel!), and to ensure they are accountable for
their actions, especially in the area of accepting residual risk.
Our new Unclassified Cyber Security Policy, which is being prepared
for submission to a Congressional committee by July 1, 1999, has
incorporated new requirements for system administrators that may lead
to a type of certification for them, but it definitely will influence
the type of training required and the frequency of that training.
More on what's new at DOE, especially as it relates to our training
initiatives, will be in the next issue. We have a development project
underway that may be of interest it's a "system
administrator simulation" dealing with handling attacks. Keep
posted for more news.
In closing, if I rambled, please excuse me. If what I've said isn't
of general enough interest, please let me know that too! And, I thank
the executive Board for once again putting their faith in me to lead
this organization over the next year. Right now, it's very obvious I
couldn't do this without the support of all the Board members, and
especially without the support of the NIST folks.
Philip L. Sibert, CISSP
U. S. Department of Energy
Go to top of page
EDUCATOR OF THE YEAR AWARD
CONGRATULATIONS LOUIS NUMKIN
The 1998 FISSEA Educator of the Year Award was presented to Louis M.
Numkin at the 12th Annual FISSEA Conference held March 9-12, 1999. Mr.
Numkin was nominated by K Rudolph, President of Native Intelligence,
Musings from the Educator of the Year
First, in all sincerity, let me state that it was a wonderful
honor to receive the Educator of the Year award at the last FISSEA
Annual Conference. To be honored by one's peers is perhaps the highest
honor which can be bestowed during our working life.
FISSEA has been a good organization for me to contribute to.
Simply attending the annual conferences, as I've done for many years,
provided me with a lot of ideas and information sources to help in
doing the "awareness, training, and education" phases of my
job. But, this data's value is only slightly ahead of the opportunity
afforded me to interact and communicate with computer security
professionals from other Federal Agencies, Education, and Private
Industry. I have remained close with some of these contacts over the
There is always a potential whether at the Emmy's or other award
shows, that the awardee will neglect to mention the name of someone
who helped along the way. Since this article is short, I can only
mention a few special folks. It was my good fortune to meet this
year's Conference Coordinator (extra ordinaire), Ann Brown, at an
early conference. Her cohort in crime (and current FISSEA Exec Board
Vice Chair), Pauline Bowen, was likewise an early pal. The three of us
have shared a lot of good information over the years. Phil Sibert, the
current Exec Board Chairman, is also the lead Computer Security guy at
DOE - though we work for sister agencies, I really didn't get to know
him well except through FISSEA activities. A non-Board member who it
has been my good fortune to get to know is NativeIntelligence's K
Rudolph. Her giving nature, creativity, and technical ability were
demonstrated during this last conference and will hopefully continue
to make our efforts more dynamic. The rest of the Board has been
supportive and full of energy and ideas to help make our organization
more viable, flexible, and worthwhile... and that I haven't mentioned
all my supporters by name should not be seen as an slight by anyone.
Okay, so you ask, "what does winning the Educator of the
Year award get you?" Well, I took my plaque with me into our
agency cafeteria the other day to get a cup of coffee... and... it
still cost me $.55 for the cup. I went next door and while holding the
plaque, purchased a BigGame lottery ticket... but still only got one
number out of the six possibles. It sat on the table when I ordered
the blue plate special at a local diner... you guessed it... the plate
was blue and so was the food. So, I made an executive decision...
found a nice place for it on my wall... and will admire it, knowing
that it stands for recognition by one's peers... which is something we
don't always receive but which most of us would like to get. Thank you
Go to top of page
RECEIVES FISSEA AWARD
The Honorable Constance A. Morella received the FISSEA First
Meritorious Recognition Award in recognition of outstanding leadership
and dedicated legislative efforts on behalf of information systems
security education. The award was presented at the March 1999
MARK YOUR CALENDARS FOR
The dates for the annual conference were approved at the May meeting
by the Executive Board. The next conference will be held March 14-16,
2000. The conference will take place in three days rather than four
and the exhibitors will set up on March 15th.
Go to top of page
By Pauline Bowen
After the FISSEA Conference, which was held March 9 - 12, 1999, a
self-help study group was formed to help each other study to take the
CISSP exam. The group has been meeting in Alexandria, Virginia every
Saturday since 3/21/99. We have also created a list serve so that
anyone interested can join in the group on-line. Approximately 10 - 13
individuals show up each Saturday in Alexandria to study from 1-3 p.m.
The participants take turns presenting the chapters, sharing ideas,
test materials (when available) and providing encouragement and
inspiration. We have finished domain one and are about ready to wrap
up domain two. The web site for the list serve is:
We currently have 49 members on the list serve and of these members 10
- 15 members participate in the Saturday study group. The paragraph
below sums up our thoughts and feelings about how to accomplish this
very important task. Please join us online or in person if you are
interested in taking the CISSP exam.
List members participate in a self-help study group for the CISSP
for info). NEW MEMBERS ARE ALWAYS WELCOME. People invest their time
and energy, but the study group does not cost any money. The idea is
to help each other understand the ten security domains, share
experiences, motivate each other, and demonstrate our knowledge by
passing the CISSP exam. We plan to meet on Saturdays from 1-3 p.m. If
you run out of time during the week, you can still sleep in and read
enough to participate on Saturday. If you can't attend one week, come
the following week and you won't get far behind. We will exchange
emails with any interested people and assist other self-help groups
studying for the CISSP exam. Here is the web site for the 1999
handbook we plan to use for primary resource information in our study
Go to top of page
FISSEA EXECUTIVE BOARD
The newly elected Executive Board Officers are:
Philip Sibert, Chair
Pauline Bowen, Assistant Chair
Patricia Black, Co-Conference Director
Lisa Biafore, Co-Conference Director
Louis Numkin, Newsletter Editor
INTERVIEW OF TONY GALANTE,
CIO OF THE NRC, ON 25MAY99
By Louis Numkin
Mr Tony Galante was selected as the first Chief Information Officer
of the Nuclear Regulatory Commission on 3FEB97. During his tenure at
our agency, he has supported our Computer Security initiatives by
participating in the dry run audience for our all-employee 1998-9
Computer Security Awareness presentation, visiting our Computer
Security Awareness Day activities, meeting with the 1998 Middle School
Computer Ethics Essay Challenge winners and supporting our 1999 third
grader Computer Ethics Poster competition, among other things. Since
his tour of duty with the NRC is nearing its completion (1JUL99), I
asked him if he would be willing to share some thoughts with our
FISSEA readership. Here follow his comments:
"I guess what I try to communicate to people most of the time
is we have a different paradigm out there today, one that says the
professional person should not necessarily expect cradle to grave type
employment anywhere - that's not what it's all about. Today, you're
expected to manage your own career and in order to do that you've got
to balance education with needs and experience. It is part of the
things you put on a scale which you have to keep in balance. You have
to be able to read your environment to know what's required of you and
what's required of your peer group to remain competitive. And to
continue with education in whatever (subject) is appropriate for the
"At the same time you should constantly take stock in yourself
- it's healthy to keep your resume current - it's healthy to
periodically go out and take an interview - what's the worst thing
that could happen, they could offer you a job! You don't have to
accept it but it certainly enlightens you as to what people are
looking for in your particular area. It keeps you sharp with respect
to your interviewing skills and techniques and it also is sometimes a
wake-up call where you feel you are qualified for a particular
position but in reality, you're not and you could learn why through a
variety of interviews and paying attention to what is going on.
"When you are gainfully employed in an agency or corporation
it's so important to get the training that is required of you to do
what is expected in your current position. And I guess I have
mentioned in the past that the computer security awareness type
courses that you folks offer are successful. But, how do you rate
success? I think it's easy in your area because Number One, if there
aren't any problems, viruses, breaches, and things like that, it
obviously says you are running a good program and people are listening
and doing what you want them to do. Number Two, when you offer
training and you articulate it and market your training in the context
of "this is important" because of the nature of what you're
trying to protect - the assets of the agency in the form of documents,
intellect (if you will) committed to paper and committed to a
digitized format. It's important to stay abreast of understanding how
to do that and refresh yourself via the curriculum which you lay out
"Then to open up their eyes as to what happens if you don't do
this. I think you guys have been exceptionally successful in getting
people to come to you without having had (what I call) a major
incident. And I've seen enough folks out there in your role who have
difficulty, unless there is a major problem. People don't spend a lot
of time worrying about fire protection in their homes until something
happens to them or the neighbor next door or they read about someone
on the block - then they pay a lot of attention. You want that
attention to be addressed the same way here with security. You're
fortunate enough to get people to come to you before anything happens
and to learn - you can see that from the statistics of your classes -
by the way you market your goods, you are creative and people want to
see you, they want to come and talk to you, they want to understand.
And, then in the process, you also give examples of what can happen if
you don't do this. And, those are always eye-opening. I can recall
when I wasn't such a good driver and I lost my license due to too many
points. In order to get my license back, I had to take some classes,
and as part of those classes they had us look at some movies - movies,
that they warn you in advance, are going to be a little rough. And
when you view those movies and see what can really happen from driving
recklessly and not paying attention to speed, without it actually
happening to you, is a real awakening - that you get behind the wheel
of a car and how dangerous it can be. It literally changed the way I
drive because you can see what can in fact happen. And, I think you
show and demonstrate that in your program - showing people some minor
and some major disasters which occur from not doing the proper
security to your respective workstations. And that's good, that has to
"It's a little rough for some people, early on, because they
don't know what to expect and they think that they have a lot of work
to do when in reality they don't. But, as they get comfortable with
your process and understand the message you're trying to communicate -
when you walk them through and show them how easy it is, they become
believers and it becomes a normal part of their workday. That's when
you know you've hit a home run. So, I obviously support what you're
doing. I encourage you to continue - it's enlightening to people and
it's colorful. That way people do not view it as a technical thing
that they have to participate in, they view it more as a learning
experience done in a very nice, non-intimidating and comfortable way.
And, as for the programs in the schools, start them young and teach
them the basic skills before they take on the responsibilities of
automation let proper use become second nature to them - it's an
Thanks for your thoughtful remarks, Mr Galante. We'll miss you at
Go to top of page
The annual conference held this past March was successful in large
part to the capable planning of the Conference Chair, Ann Brown.
FISSEA owes a debt a gratitude to Ann for the countless hours she
volunteered to make the conference one of the best yet. The theme was
Paradigm Shifts for Teaching Computer Security in the New Millennium.
There were 84 attendees and for 17, this was their first FISSEA
Some random comments include:
- Loved the snow!
- Best conference for the cost!
- A little expensive but good for 4 days worth of knowledge
- Best opportunities to network with other attendees.
- Audio support worst feature. (note, the Hilton has new
management and plans to upgrade the system)
- Tell presenters to bring handouts prior to presentation.
- Would like more technical content.
- Expectations exceeded, useful information.
- Best feature: Meeting a network of security educators. For a
newcomer, it helps with creating a point of contact list.
- A very good conference overall.
- Conference offers a wealth of information. The training could
be more specific.
Go to top of page
NIAP OFFERS PUBLIC CLASSES
By: L. Arnold Johnson (NIST), Peggy Himes (NIST) and
Marvella Towns (NSA)
NIAP1(see end of this article below)
developed and offers training classes in the use and application of
the Final Draft International Standard (FDIS) 15408 Common Criteria
for Information Technology Security Evaluation (CC). The CC provides a
comprehensive, rigorous method for specifying Information Technology
(IT) functional and assurance requirements for products, or classes of
products, in the form of Protection Profiles (PPs). It also provides
an internationally recognized basis for specifying and testing a wide
range of security technology, from components to products and systems.
NIAP intends to offer a series of training classes on the CC. These
classes will review the contents of the CC standard and describe how
it can be used for specifying IT security requirements and for
evaluating security-enhanced IT products and systems. Below is a
description of the first two available classes. A third class on the
Common Evaluation Methodology (CEM) for the CC is currently under
Class #1, "Common Criteria: Designing a Protection Profile":
This four-day class provides introductory information to IT
product developers, evaluators, and consumers on the use and
application of the CC in the development of Protection Profiles (PP)
and Security Targets (ST). Students are introduced to the naming
conventions and the concepts of the CC, and obtain hands-on experience
in defining IT security requirements and developing PPs and STs using
practical, real-world examples. Students learn how a PP is evaluated
and validated. The fee for this four-day class is $850 per student.
The dates and locations of upcoming public classes are:
August 24-27 - NIST, Gaithersburg, MD
September 21-24 - NIST, Gaithersburg, MD
Class #2, "Familiarization with the Common Criteria":
This one-day seminar provides a management overview of the CC. It
focuses on the general model of the CC, basic terminology, and some of
the fundamental usage concepts associated with the criteria such as
Protection Profile and Security Target development. The fee for this
one-day class is $250 per student. The date and location of the next
public class is:
July 13 - NIST, Gaithersburg, MD
Other dates and venues are announced on the web-site
For further information regarding NIAP Classes, call 410-
854-4458, ask for the CC Class Training Coordinator. To register for
the classes, please contact the NIST Class Fee Coordinator at
301-975-2489 or firstname.lastname@example.org.
|1 The National Information Assurance
Partnership (NIAP) is a partnership between the National Institute
of Standards and Technology (NIST) and the National Security
Agency (NSA) along with several industry supporters. The purpose
of the partnership is to provide a means for enhancing the quality
of information security products and to increase consumer
confidence in those products that have been independently
evaluated. NIAP's goals are to develop security test methods,
extol the benefits of independent testing and validation, and
encourage establishment of a robust commercial security testing
industry. The internationally developed Common Criteria is the
focus of much of NIAP's work.
Go to top of page
REQUEST FOR INFORMATION
The National Institute of Standards and Technology (NIST) requests
computer security training and awareness materials for inclusion in
the Federal Computer Security Training Resource Center web site
repository. Materials covering the following areas of interest are:
Laws/Policies/Regulations, Guidance, Procedures, Awareness, and
Technical (both foundation and specifics)
Materials submitted will be made available to the general public and
should be applicable for use by a broad range of Federal employees.
Interested parties should contact Pat Toth 301-975-5140 or
INTRODUCTION OF EXECUTIVE
(Please note bios were submitted by individual
Department of Agriculture
Lewis Baskerville is employed by the Department of Agriculture,
Farm Service Agency as an Information Systems Security Officer. Other
than his ISSP duties, he represents the Agency at IRM, ADP, IT
meetings and conferences such as USDA Departmental Councils,
Interagency IRM Planning Groups, ISSP Security Committees and Data
Management Working Groups. He works closely with various regulatory
Agencies, such as NIST, NSA, OMB, GSA, OPM, and USDA to comply with
their ADP/ISSP regulations and to satisfy their reporting requirements
in the areas of Program Management, Information Management, Hardware,
Software, and Electronic Transmission Services.
He has almost 30 years of Management Information Systems (MIS)
experience (Government and Private Industry) as a
Contractor/Consultant, Information Systems Security Officer (ISSO) and
Administrator, IRM Strategic Planning, Contract, Project and Program
Management, System Design and Development, Developing and Coordinating
Computer Security Training, and Facilitating Management Retreats. He
has a Graduate Certificate in Management Information Systems and a
Bachelor of Science degree in Technology of Management and
Administration from American University, two Associates of Applied
Science degrees in Business Management and Computer Science from the
University of the District of Columbia.
Integrated Management Services, Inc.
Lisa Biafore is a Project Manager with Integrated Management
Services, Inc. (IMSI) located in Arlington, VA. In the past 6 years
she has worked with many of the Federal government agencies as well as
a few commercial companies. With 15 years experience in computer
security, Biafore has a varied background that includes security
training, risk analysis, program and policy development, disaster
recovery planning, compliance reviews, and the like. Prior to her
employment with IMSI, Biafore worked as a Senior Security Analyst at
Campbell Soup Company in New Jersey. Biafore earned a BS in Business
from Glassboro State College and an MBA from Drexel University.
Department of the Treasury
Patti Black organized and began managing the Departmental Systems
Security Awareness and Training Program in 1986. She established and
chairs Treasury's Systems Security Training Forum which is composed of
representatives from all Treasury bureaus. As part of the awareness
program, she established and managed Treasury's Telecommunications and
Information Systems Security Awards Program from 1992-1996. As the
Systems Security Training Manager, Patti represents the Treasury
Department on various national level interagency training working
groups including NSTISSC Education Training and Awareness Issues
Group, Federal Information Systems Security Education Association, and
the NIST Computer Security Program Manager's Forum. Patti has
participated in numerous national-level systems security training
activities with the goal of improving training standards and
availability throughout the government. Patti received her bachelor
degree from George Mason University in 1980.
Food and Drug Administration
Pauline Bowen has been in the federal sector since being hired by
the Federal Energy Regulatory Commission (FERC) in 1984. She was hired
by the Food and Drug Administration (FDA) as an Information Systems
Security Officer (ISSO) for the Agency in May 1991. During the 14
years at both FERC and FDA, she gained valuable experience as a
systems administration and a information systems security program
manager. She received her B.A. in Applied Behavioral Sciences from
National-Louis University in 1989.
In January 1993 she was promoted to a computer specialist and became
the FDA's Computer Security Program Manager for the Agency-wide
Information Technology Security Program. In 1995 and 1996 she
participated in the Computer Security Program Managers' Forum
Workgroup on Automated Information System Security Plans Development.
She has presented AIS security training instruction at the Indian
Health Services's Annual ISSO Conference on several occasions and the
1998 Geologics Information Security Conference in Richmond. She
regularly participates in the Federal Computer Security Program
Managers' Forum, and she has been a member of FISSEA since 1992.
Dr. Blaine Burnham joined Georgia Tech on December 14, 1998 as a
Principal Research Scientist in the College of Computing to serve as
the Director of the Georgia Tech Information Security Center (GTISC).
He most recently served as program manager for the National Security
Agency (NSA) at Ft. Meade, Maryland. While at NSA Dr. Burnham
established, promoted and sustained the Information Security Research
Council for the Department of Defense as well as the intelligence
community as a whole. He also achieved an operational prototype of a
trusted client/server operation system; created and developed the
Product Security Profile (PSP); and directed the Infosec Criteria and
Guidelines organization that published half of the guideline
documents, the Rainbow Series, and crafted the Federal Criteria. Dr.
Burnham also did stints on the technical staffs of the Los Alamos
National Laboratory and Sandia National Laboratory developing tools
and techniques for achieving higher levels of information security.
Dr. Burnham received his Ph.D. and masters in Mathematics from
Arizona State University and a B.S. in Mathematics from Idaho State
Social Security Administration
Barbara Cuffie was a secondary teacher in Baltimore public
schools before starting her career with the Social Security
Administration (SSA) over 32 years ago. She is Chief of the Security
and Integrity Branch in the Office of Systems Planning and Integration
and has served in that position since 1986.
Today Barbara finds it difficult to recall a time when she did not
love her job in security and the variety of challenges and
opportunities she experiences in the workplace daily. She wears a
number of different hats with a wide range of responsibilities. She is
now an Internal Control Officer, a Component Security Officer, a
Property Management Officer, a Principle Security Officer, a project
manager and a branch chief. She considers herself fortunate to have
the support of an excellent staff, coworkers and her management. She
is a past president of the Baltimore Metropolitan Chapter of ISSA and
encourages her peers to participate in professional organizations like
ISSA. She was particularly pleased when she became a CISSP in 1998.
Bureau of the Public Debt
Debbie Hefner is a computer specialist in the Office of
Information Technology at the Bureau of the Public Debt, Parkersburg,
West Virginia. She is a member of the Security Evaluation Assistance
Team (SEAT) that is responsible for providing policy and program
development and oversight for security of IT resources on behalf of
the CIO. They conduct security reviews of all sensitive systems and
act as consultants to assist program offices in developing security
plans for their sensitive systems as part of the accreditation
process. Other responsibilities include the IT security training
program at Public Debt and the incident response capability for
computer security incidents. Debbie has 18 years of federal service
with the past 3 devoted to IT security.
Nuclear Regulatory Commission
Louis Numkin is a senior computer security specialist in the
Office of the Chief Information Officer at the US Nuclear Regulatory
Commission. His duties relate to computer security awareness training,
anti-virus activities, classified inspections of nuclear plants,
disaster recovery planning, computer security plan review and
approval, risk assessment, and the like. Prior to joining the NRC,
Louis performed computer security for GSA on the FTS2000. Outside of
the office, Numkin volunteers in an agency outreach program to provide
computer security sessions for schools (elementary through high
school) and for senior citizen centers, especially dealing in the area
of Computer Ethics. Numkin's Bachelor's of Science Degree is in
Business Administration and his Masters Degree is in Technology of
Management (majoring in Management Information Systems and Computer
Systems), both from the American University. Louis Numkin was awarded
the FISSEA Educator of the Year Award for 1998.
Department of Energy
Phil Sibert has been in the federal sector since being hired by
the Social Security Administration as a programmer trainee in June
1967. Over the next 18 ½ years at SSA he gained valuable
experience as a programmer, social insurance systems analyst, and
computer specialist. He has worked with IBM, Amdahl, and Univac
mainframe computers, and various mini- and micro-computers during his
career. In 1983 Phil began working in computer security related areas
at SSA, working with TopSecret implementation and doing risk analyses.
In January 1986 he changed jobs to move full time into computer
security at the U. S. Department of Energy headquarters facility
located in Germantown, Maryland. In 1988 Phil became the Department's
Computer Security Program Manager for the unclassified computer
security program. In 1989 Phil was instrumental in establishing the
first federal civilian agency computer incident response capability
for DOE, called the Computer Incident Advisory Capability (CIAC). In
1996 Phil was instrumental in having CIAC become one of the core
partners in the Federal Computer Incident Response Capability
Phil has been active in various government-wide working groups since
1983, having participated in the first Security Educator's Symposium
convened at the Fort Meade Officer's Club in 1984, a precursor to
today's Federal Information Systems Security Educators' Association.
He was chosen to serve on the first Federal Computer Security Program
Managers Forum steering committee, his term lasting nearly three
years. Phil has also served on the FISSEA steering committee the past
three years. Phil joined the Baltimore Chapter of the Information
Systems Security Association in 1988 and has served on the Board of
Directors in various capacities. He is a Certified Information Systems
Security Professional, having passed the examination for that
certification in 1996.
Department of Justice
Caren Williams has been in the information systems security field
since 1990. Ms. Williams is currently employed by the U.S. Department
of Justice, where she manages the Department's security awareness and
training program. She received her B.S. in information systems
management from the University of Maryland University College.
Go to top of page
Membership is open to information systems security professionals,
trainers, educators, and managers who are responsible for information
systems security training programs in federal agencies. Contractors of
these agencies and faculty members of accredited educational
institutions are also welcome.
There are no membership fees; all that is required is a willingness
to share your products, information, and experiences. Send an e-mail
to email@example.com to
join or call 301-975-2489.
TOP 10 RULES FOR USE OF E-MAIL
Submitted by Ann Brown
- DELETE it. (Don't let e-mail accumulate.)
- ALWAYS use the SUBJECT line. (Identify and keep to ONE topic per
- Keep messages SHORT. (Don't over-use attachments.)
- CHILL before sending. (Don't FLAME.) There is NO PRIVACY in
- BREAK the chain letters. (Be courageous and DELETE the DISALLOWED
- Be wary of WARNINGS.' (Ask your ISSO to check its validity.
The ISSO and LAN Administrator are the proper personnel to broadcast
any legitimate warnings.)
- Be RESERVED in e-mail use. (Never substitute e-mail when a
personal meeting, call, or touch, is needed, e.g., when
reprimanding, rewarding, or releasing someone.)
- Learn and USE all security features (e.g. encryption, digital
signatures, and password protected screen savers) otherwise there is
NO PRIVACY on the Internet
- Label message as high priority ONLY when it is truly URGENT.
- Do unto others (Etiquette and manners are required, because on
the Agency/ Company system YOU are representing the Agency/Company.)
Go to top of page
E-MAIL/INTERNET, THE GOOD, THE BAD,
AND THE UGLY, BY THE DOZENS!
Why we love E-mail/Internet:
- E-mail gives us immediate documentation, that is time and date
- E-mail is less intrusive than interruptions by telephone or
- We get to choose when we will put our attention to e-mail.
- Sometimes it cuts the other person's verbosity and makes them
- We can organize our thoughts better and have the spell- checker
- We can receive and send the same information to many others all
- We can write things up as we think about them; getting it off our
mind and desk without having to find a time that is convenient for
others. They do that.
- We can even ignore e-mail. It is OK to throw out junk mail in any
- Messages can be flagged high priority. (Just save that for the
- E-mail can be encrypted and certified when received/read.
- We can find so much useful information on the Internet.
- The Internet connects us to the whole world.
Why we hate them:
- E-mail is not private, neither is the Internet.
- Copies can be found in the backups of many servers along the way.
- E-mail can get misdirected (the wrong person selected from the
- It is sometimes embarrassing if we accidentally hit reply
- There are chain letters' forwarded in spite of requirements
to the contrary.
- Unprofessional or offensive jokes are easily and frequently
- Once an e-mail is sent it can not be called back.
- We can't prevent our message(s) being forwarded.
- Attachments are not always easy to open and read.
- People send us too many (and too bulky) e-messages.
- We can find much incorrect information on the Internet.
- The laws in other countries vary extensively from USA laws.
Why it is dangerous for us to use them:
- They are logged and can be used against us in a court of law.
- We leave a trail everywhere we travel on the Internet.
- We can stumble onto a pornography site and our log will show it!
- Downloading files of child pornography is a severely punished
crime in the USA and Government employees have lost jobs and served
jail time for it.
- We come to work, read our e-mail, respond to it, and then its
time to go home!
- It is too easy to send a hot' message back before we cool'
- They are addictive and, more and more, of our times being taken
up by surfing the Internet and sending e- mail.
- Copyright laws still may apply to some items found on the
- On-line gambling and investing may hook a surfer.
- Users must beware of non-reviewed sources and misleading/phony
- One's address book can be wiped out when the software is updated.
- Malicious Macros like Melissa' DO exist!
Go to top of page