Problem solve Get help with specific problems with your technologies, process and projects.

IM policy template

I am on the security team for a company that allows employees to communicate within and outside the corporation...

through the use of instant messenger (AOL and MSN). We are looking for a template or guideline to help us create an IM acceptable-use policy. I have searched the Web and found very little free information on creating policies, especially regarding instant messenger use. Do you have any suggestions on where to get such info? Thanks.

Developing a policy for instant messaging (IM) is a smart thing to do. There are a large number of security implications that come with IM that your users should be educated on and should be enforced within your organization. Some key issues to keep in mind with your policy is to make sure that its reasonable and fair, and make sure that its both enforceable and enforced. Some key issues that your organization (and information) is up against are logging issues (are conversations being logged and by whom), firewall compromises (letting traffic in or out that should otherwise be blocked), denial-of-service concerns, encryption concerns, standardizing on one IM application, and malicious code and other content-security vulnerabilities. IM is a great business application, just make sure you understand the threats and vulnerabilities associated with it, document it in a policy(ies) and keep everyone in the loop. There is a good sample generic acceptable-usage policy at https://www.sans.org/resources/policies/Acceptable_Use_Policy.doc that can be translated for IM use.

  • Ask the Expert: Blocking Yahoo Messenger at the firewall
  • Web Security Tip: Prevent hackers from sneaking in through IM
  • Best Web Links: Security Policy & Infrastructure

  • For more information on this topic, visit these other SearchSecurity.com resources:
    This was last published in April 2003

    Dig Deeper on Email and Messaging Threats-Information Security Threats