Has anyone looked at
audit security and control issues associated with instant messaging? A
user on the ISACA discussion list was asked by IT to assemble a list
of audit requirements prior to selecting a technology solution. If you have any
experience in this area please share. I will post a list of audit security and
control issues on the AuditNet web site based on the responses.
To start things off
here are a few that I was able to come up with:
Security and Control
of Instant Messaging
IM Compliance Supervision - the ability to monitor IM message content for words or phrases restricted by employee roles
IM Access Control - the ability to allow or disallow certain employees to use IM, and to enforce the use of only business professional IM screen names
IM Identity Management - the ability to map IM screen names with corporate employee Ids
IM Export - the ability to export complete IM conversations as e-mails to any corporate e-mail system, e-mail compliance systems, or storage systems
Jim Kaplan MSA, CIA,
CFE, CSM
Fairfax County Public
Schools
Superintendent's OfficeDirector - Internal Audit
(703) 591-2590 Phone
(703) 591-4113 FAX
