We dealt with the same issue about a year ago where we had a group of developers aggressively touting the benefits for IM. Especially trying to leverage the sentiment that, "everyone else is doing it."
The first thing you need to ask, "what is you business requirement." This is where you see if there is a true requirement for this access and technology. This question tends to make people think about why in a business context they need this (or shows that they do not). Also create a project charter that is signed-off by a director or senior level manager. This tends to create some interesting conservation. After researching the technology and actually talking to some colleagues we found that not everyone was doing it. There are some critical security concerns that make the risks high (on an internal network it appeared to have the best security model and justification). In the end the business requirement was weak, ROI was limited, and the security model elevated risk (It didn't obtain approval). Let me know how it turns out. Ron Kuriscak -----Original Message----- From: tony toni [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 3:03 PM To: [EMAIL PROTECTED] Subject: Survey: Chat and IM Hi, We currently are allowing web based chat and instant messaging. I know that there are lots of security issues involved with its usage. The IT folks are telling me that it is a common practice in the industry. I have a hard time believing this and this is one battle I would like to take on. QUESTION: DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING? If this was a battle you fought, could you please give me some ideas on how you won the battle. Any good articles/white papers that could support my position? Toni CISSP, CPA Security Services NW Mutural Banking LTD _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
