Re: Survey: Chat and IM

[Zinger <zinger () zinger org>]

We use the AIM protocol (although with some restrictions - no inbound file 
transfers -
and Trillian, which supports encryption), and it's a valuable part of our 
business tools.
If we were to remove this feature, it would be a noticeable detriment to 
employee's
productivity. The most important consideration with every security 
restriction is
vulnerability vs functionality.  My company is an ISP, if I were 
responsible for the
security of a financial organization, I'd lock everything down as tightly 
as possible.
Something to think about is setting up an internal IM server as a compromise.

- Z



> > Hi,
> >
> > We currently are allowing web based chat and instant messaging.  I know
> > that there are lots of security issues involved with its usage.  The IT
> > folks are telling me that it is a common practice in the industry.  I have
> > a hard time believing this and this is one battle I would like to take on.
> >
> > QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING?
> > If this was a battle you fought, could you please give me some ideas on how
> > you won the battle.  Any good articles/white papers that could support my
> > position?
> >
> >
> > Toni CISSP, CPA
> > Security Services
> > NW Mutural Banking LTD