Well, I think that management is going to want my input, and if I have a nice template, I will be shaping the discussion and making it something I can be comfortable enforcing. Unfortunately, from a technical standpoint, there's not a lot we can do to enforce a "no IM and no social networking" other than black-hole the domain names and any server names we can find for those services/sites.
John-AldrichTile-Tools From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, May 04, 2010 1:09 PM To: NT System Admin Issues Subject: Re: Internet Policies Why are you as the 'IT Manager' coming up with the companies policy? Shouldn't this be a business decision? In any case, technically here we have a NO EXTERNAL IM policy. The reality is that 'certain' senior management use it so no actual blocking occurs. At some point we will get the OCS edge servers with PIC setup and then begin blocking. The unofficial rule is do not be stupid. As for what your company should do? That depends on the tone and nature of your business culture. Is your culture regimented and controlled. Is it technically skilled and adept? I would strongly suggest a variation of the don't be stupid rule that allows your management flexibility and recognizes it's employees as trust worthy human beings with a modicum of control. Of course your corporate culture may be like ours and that rule would have no chance at all. :) Steven On Tue, May 4, 2010 at 9:38 AM, John Aldrich <jaldr...@blueridgecarpet.com> wrote: What restrictions, if any, do your organizations place on things like IM or social networking sites? I sent out a warning to the office personnel this morning regarding the new "IM Virus" and got an email back from the CEO basically stating "shouldn't that be a violation of company policy anyway?" and I had to tell him, I knew of no policies regarding that; and that in fact, my former supervisor was fully aware of at least one person (who's child is overseas in the military) who used IM on a semi-regular basis. For this reason, I'm working on coming up with a company policy. I've looked at the sample template from SANS as well as another one that someone sent me off-list. I'm planning on incorporating the best of everything I get, so if anyone has any suggested language regarding IM or social networking, please let me have it. J John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>