mailing list archives
RE: Survey: Chat and IM
From: "Kuriscak, Ronald" <rkurisca () Mail Donaldson com>
Date: Wed, 27 Nov 2002 08:43:52 -0600
We dealt with the same issue about a year ago where we had a group of
developers aggressively touting the benefits for IM. Especially trying to
leverage the sentiment that, "everyone else is doing it."
The first thing you need to ask, "what is you business requirement." This is
where you see if there is a true requirement for this access and technology.
This question tends to make people think about why in a business context
they need this (or shows that they do not). Also create a project charter
that is signed-off by a director or senior level manager. This tends to
create some interesting conservation.
After researching the technology and actually talking to some colleagues we
found that not everyone was doing it. There are some critical security
concerns that make the risks high (on an internal network it appeared to
have the best security model and justification). In the end the business
requirement was weak, ROI was limited, and the security model elevated risk
(It didn't obtain approval).
Let me know how it turns out.
From: tony toni [mailto:tony572001 () hotmail com]
Sent: Thursday, November 21, 2002 3:03 PM
To: security-basics () securityfocus com
Subject: Survey: Chat and IM
We currently are allowing web based chat and instant messaging. I know that
there are lots of security issues involved with its usage. The IT folks are
telling me that it is a common practice in the industry. I have a hard time
believing this and this is one battle I would like to take on.
QUESTION: DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING? If
this was a battle you fought, could you please give me some ideas on how you
won the battle. Any good articles/white papers that could support my
Toni CISSP, CPA
NW Mutural Banking LTD
Help STOP SPAM with the new MSN 8 and get 2 months FREE*