IM Instant Messaging Security
Addressing IM issues in a manner that is useful for the day-to-day operations and management of enterprise networks, this timely text presents the tools and methods necessary to embrace the IM technology securely.
TABLE OF CONTENTS IM Instant Messaging Security
Chapter 6: IM Security Risk Management
Overview
In many companies, IM is used for contact between project team members, between customers and vendors on a project, and between employees and their families (even if not officially sanctioned by corporate management or the IT department). Many departments or subgroups are using IM, because it is easily downloaded for free and works in many corporate network environments without any special request to the IT department. These factors only increase the security challenges associated with IM. Although there are risks and challenges associated with private-enterprise IM, the use of free, consumer-grade IM products in a corporate environment exposes the company network to several security risks, because there are few security features in the free products. Unfortunately, there is no permanent remedy for IM security. A continuous process of adaptation is necessary, and it is a tradeoff between the proactive costs of security technology versus the tangible (and intangible) costs of security breaches. This process is called risk management. We have covered the technical risks of IM in detail and, in this chapter, we will start by putting IM risk in perspective in comparison to e-mail and other business records, and then describe the various regulatory requirements that will also drive the need for risk mitigation in your enterprise. Finally, we will try to define the general requirements for an IM Risk Management program.
6.1 IM Is a Form of E-mail
IM is a form of e-mail combining all the features of e-mail with the real-time convenience and conferencing capabilities...
Copyright James F. Ransome and John W. Rittinghouse 2005 under license agreement with Books24x7
