Home page logo
/

basics logo Security Basics mailing list archives

RE: Survey: Chat and IM
From: "Kuriscak, Ronald" <rkurisca () Mail Donaldson com>
Date: Wed, 27 Nov 2002 08:43:52 -0600

We dealt with the same issue about a year ago where we had a group of
developers aggressively touting the benefits for IM. Especially trying to
leverage the sentiment that, "everyone else is doing it." 

The first thing you need to ask, "what is you business requirement." This is
where you see if there is a true requirement for this access and technology.
This question tends to make people think about why in a business context
they need this (or shows that they do not). Also create a project charter
that is signed-off by a director or senior level manager. This tends to
create some interesting conservation.  

After researching the technology and actually talking to some colleagues we
found that not everyone was doing it. There are some critical security
concerns that make the risks high (on an internal network it appeared to
have the best security model and justification). In the end the business
requirement was weak, ROI was limited, and the security model elevated risk
(It didn't obtain approval).


Let me know how it turns out.

Ron Kuriscak

-----Original Message-----
From: tony toni [mailto:tony572001 () hotmail com]
Sent: Thursday, November 21, 2002 3:03 PM
To: security-basics () securityfocus com
Subject: Survey: Chat and IM



Hi,

We currently are allowing web based chat and instant messaging.  I know that

there are lots of security issues involved with its usage.  The IT folks are

telling me that it is a common practice in the industry.  I have a hard time

believing this and this is one battle I would like to take on.

QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING?  If

this was a battle you fought, could you please give me some ideas on how you

won the battle.  Any good articles/white papers that could support my 
position?


Toni CISSP, CPA
Security Services
NW Mutural Banking LTD




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]