Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Allowing access to social networking... securely?

From: "Ian Bradshaw" <ian () ianbradshaw net>
Date: Wed, 20 May 2009 19:47:52 +0100
better to keep the peeps happy imho.

quite easy to setup restricted hours ... such as before 8am, after 6pm and
between 12-2pm (when peeps are having lunch) rather than allowing it 24/7
... keeps it off critical network hours but still allows the peeps to do
their thing. if you dont allow it at all then your not going to stop it as
soon as they get home, from a mobile, whatever. most peeps are happy to
accept those hours in my experiance as a happy medium both from an IT / wrok
perspective and from an end user / employee perspective.

Same goes for webmail (gmail, hotmail etc).

I.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Michael Schaefer
Sent: 20 May 2009 15:12
Cc: security-basics () securityfocus com
Subject: Re: Allowing access to social networking... securely?

Is it worth the risk to alienate the employees?

People are still people, and deserve to be treated like adults, not like 
children.

The example you gave, "hate the boss"... Well, for one thing, if your 
boss is going to treat you like a child, that is a major strike against 
him right there.

So someone is blowing off steam online instead of in the work place. 
Would you prefer they have no outlet, and decide to take some sort of 
dire action out of frustration?

Is it worth the risk to NOT allow a 'twit' or a 'tweet'?

As far as "non-marketing" uses, social networking is a way for people to 
interact, and perhaps even solve problems.

    *    Seeking support or sympathy to resolve interpersonal conflict
    *    Asking about best practices, and how to apply them to their job
    *    Looking for technical information
    *    Planning an office party or some other moral boosting event

You would be better off keeping simple and flexible guidelines about 
what is not allowed ( and why ).



chmod1777 () invalid-host name wrote:

I gotta ask...

What business purpose do Social Networking sites have, for non-marketing

type employees? 


It's not worth the risk to allow a 'twit' to 'tweet' about how they hate

their boss, wish they were on vacation, etc etc. 

  



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor means you
pass the exam. Gain a laser like insight into what is covered on the exam,
with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: