Problem solve Get help with specific problems with your technologies, process and projects.

IM policy template

I am on the security team for a company that allows employees to communicate within and outside the corporation...

through the use of instant messenger (AOL and MSN). We are looking for a template or guideline to help us create an IM acceptable-use policy. I have searched the Web and found very little free information on creating policies, especially regarding instant messenger use. Do you have any suggestions on where to get such info? Thanks.

Developing a policy for instant messaging (IM) is a smart thing to do. There are a large number of security implications that come with IM that your users should be educated on and should be enforced within your organization. Some key issues to keep in mind with your policy is to make sure that its reasonable and fair, and make sure that its both enforceable and enforced. Some key issues that your organization (and information) is up against are logging issues (are conversations being logged and by whom), firewall compromises (letting traffic in or out that should otherwise be blocked), denial-of-service concerns, encryption concerns, standardizing on one IM application, and malicious code and other content-security vulnerabilities. IM is a great business application, just make sure you understand the threats and vulnerabilities associated with it, document it in a policy(ies) and keep everyone in the loop. There is a good sample generic acceptable-usage policy at http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc that can be translated for IM use.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Blocking Yahoo Messenger at the firewall
  • Web Security Tip: Prevent hackers from sneaking in through IM
  • Best Web Links: Security Policy & Infrastructure

  • This was last published in April 2003

    Dig Deeper on Email and Messaging Threats-Information Security Threats

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.