IM policy template
I am on the security team for a company that allows employees to communicate within and outside the corporation through the use of instant messenger (AOL and MSN). We are looking for a template or guideline to help us create an IM acceptable-use policy. I have searched the Web and found very little free information on creating policies, especially regarding instant messenger use. Do you have any suggestions on where to get such info? Thanks.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Developing a policy for instant messaging (IM) is a smart thing to do. There are a large number of security implications that come with IM that your users should be educated on and should be enforced within your organization. Some key issues to keep in mind with your policy is to make sure that its reasonable and fair, and make sure that its both enforceable and enforced. Some key issues that your organization (and information) is up against are logging issues (are conversations being logged and by whom), firewall compromises (letting traffic in or out that should otherwise be blocked), denial-of-service concerns, encryption concerns, standardizing on one IM application, and malicious code and other content-security vulnerabilities. IM is a great business application, just make sure you understand the threats and vulnerabilities associated with it, document it in a policy(ies) and keep everyone in the loop. There is a good sample generic acceptable-usage policy at http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc that can be translated for IM use.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Blocking Yahoo Messenger at the firewall
  • Web Security Tip: Prevent hackers from sneaking in through IM
  • Best Web Links: Security Policy & Infrastructure


    This was first published in April 2003