Security Basics mailing list archives

Re: Re: Allowing access to social networking... securely?

From: chmod1777 () invalid-host name
Date: Wed, 20 May 2009 14:16:26 -0600

Michael S

Sure you make good points. But none of them are business needs to justify going to SN sites. I understand about the
treatment of employees, and what not. But that's not a business need to go to FB, so someone can 'blow off steam'. I
guess my example of 'i hate my boss' wasn't so great, but that was my point. It's just random personal blather. I
understand the ability for communications and what not that FB and other SN site offer, but do companies need to have
that for internal users when all that already exists in their infrastructure???

Krymson

Why would we have a group on FB to let employees know about an event, or send out a tweet, when we have 100's of
distribution lists in exchange? Why would we send internal users out to the web to view a video on someone else's site,
when we have a server farm and a san? Now if you're talking about a small company that may farm those services out
because they don't have the infrastructure, then sure maybe.

Our HR dept has mandated that FB, Myspace, and similar sites be blocked. We do have exceptions to this, for certain
personnel (IE marketing dept) who have an actual business need to communicate with outside users through unique
channels.

Myself, I love FB and use the heck out of it. But in all the time i've been on there, I cannot think of one single
reason why I "need" it at work. I don't think it's a matter of letting adults make their own decisions. What if that
decision lets in the next big worm? Even if it was accident, was it worth it so that your users could diddle around a
little bit during the day?

Our jobs in security require us to evaluate risk vs benefit. To me SN loses. Sorry to disagree.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: Allowing access to social networking... securely?, (continued)
- Re: Allowing access to social networking... securely? krymson (May 18)
  - Re: Allowing access to social networking... securely? Stephen Mullins (May 19)
  - Glassfish Apache and Tomcat All attONCE ? Mattias Hemmingsson (May 19)
    - Re: Glassfish Apache and Tomcat All attONCE ? Carsten Heesch (May 19)
- Re: Re: Allowing access to social networking... securely? chmod1777 (May 19)
  - Re: Allowing access to social networking... securely? Michael Schaefer (May 20)
    - RE: Allowing access to social networking... securely? Ian Bradshaw (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
  - RE: Allowing access to social networking... securely? Robin Smith (FaceTime) (May 21)
- Re: Re: Allowing access to social networking... securely? chmod1777 (May 21)
- Re: Re: Re: Allowing access to social networking... securely? lmaia (May 21)
  - RE: Re: Re: Allowing access to social networking... securely? Ian Bradshaw (May 22)
- Re: Allowing access to social networking... securely? krymson (May 22)
- Re: Allowing access to social networking... securely? krymson (May 22)
  - Re: Allowing access to social networking... securely? Patrick J Kobly (May 22)
- Re: Re: Allowing access to social networking... securely? no (May 22)
  - Re: Allowing access to social networking... securely? Patrick J Kobly (May 25)
  - Re: Re: Allowing access to social networking... securely? Stephen Mullins (May 26)