Overview

IM in the enterprise has become a standard communication tool, which must be managed just like any other communications tool in the network, and written rules and policies must be in place that will enforce your IM security management plan. You must be very careful to ensure that what you have written can also be enforced; otherwise, all you have created is a "paper tiger," which doesn't have teeth and also degrades the credibility of any other policy that you want to enforce. To date, millions of dollars have been spent by corporations defending against lawsuits and regulatory litigation for the improper use of e-mail and the Internet, and the use of IM will be no different. The first step in mitigating the legal risk of IM use in your environment is the development, implementation, and enforcement of rules and policies that govern IM and other forms of electronic communication in your corporation. To maximize the limitation of liability, communication policies typically address personal use, content, retention, deletion, monitoring, compliance, and other such issues. The basic policies that cover the use of IM in an organization are typically the organization's acceptable-use policy, with more detailed policies for the use of IM covered in the e-mail use and e-mail retention policy, for which we have provided templates for your use in developing your own policies.

D.1 ABC Inc. Information Security Acceptable Use Policy

Policy No. 1

_________________________________________________________

Effective date: Month / Day / Year

_________________________________________________________

Implement by: Month /...