There are two different aspects to this ICQ debate that I think are causing some
confusion in this conversation:
1. ICQ is a network security risk. It is possible to have a host compromise or a
virus issue due to ICQ. This is an infosec issue.
2. ICQ, in most cases, is not directly related to employees' work, and thus can be
considered a waste of company time. Employees are paid to work, not to chat with
their buddies. This is a human resources issue.
To clarify #2 above, imagine instead of ICQ, that an employee brings a deck of cards
to work and plays poker with a few of his/her friends in the middle of the work day.
This is, quite simply, a loss of productivity. It is not a security issue,
it is a management/HR issue.
Just because something occurs on a company's network, it is not necessarily an infosec
issue. If you have employees that are not working when they are supposed to be,
regardless of what it is they are doing, refer it to management/HR.
-Ryan
[EMAIL PROTECTED] wrote:
> I would say that computer security does not relate to people wasting their time
> in the Internet. You can prevent certain types of abuse of Internet resources,
> but if the fundamental problem is that people spend their time in something that
> is not productive, you will not solve that problem with "computer security" and
> you will end up in an arms race against people that seem to have nothing else to
> do and no boss looking over their shoulder, and you will always lose.
>
> I think you must put some obvious controls, and let people know that they are
> being logged and that the logs WILL be analyzed. A good report is better than a
> sophisticated hand-made filter that will always have an interesting hole.
>
> Finally, I agree, HR is no panacea, but I think that the resource being most
> abused in this case is actually the human resource - am I right? I think it is
> their job to manage it.
>
> Carlos
>
> "Albrechtas, Adam" <[EMAIL PROTECTED]> con fecha 23/06/2000 11:37:25
>
> Destinatarios: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> CC: (cci: Carlos Moran/LAG/LSR/LAR/CPC)
>
> Asunto: RE: Absurdity Continues
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I would say it has nothing to do with HR since it is strictly a
> computer security issue (or even a QoS, at a stretch). I guess it
> all depends on who is ultimitely responsible for System Security,
> Data Security, and QoS in your organization. It is my belief that HR
> should have nothing to do with computer security since they rarely
> (if ever) have any knowledge in the area.
>
> - -----Original Message-----
> From: D Clyde Williamson [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 23, 2000 10:14 AM
> To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]'
> Subject: Re: Absurdity Continues
>
> "Norman R. Bottom" wrote:
> >
> > RE: "Turn It Over To Human Resources"
> >
> > In difficult matters, fathers say, "See your Mother." Some firewall
> > folks say, "Turn it over to HR.." What a joke ! Anyone who has been
> > involved with security for a year or two, knows that Human
> > Resources is not a friend to good security. Period. :->
> >
> > Blessings,
> >
> > Norman
>
> Dealing with what employees do during office hours is not a security
> matter. Unless, of course,
> they're stealing data or cracking servers. If it is against HR policy
> for users to look at certain
> types of material on the Internet, then it is HR's responsibility to
> deal with that policy.
>
> If your HR dept is not helping you with *security* matters. Then you
> need to get that fixed.
> - -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOVN3DdTbJ7zCVqawEQLpfQCfU+3KgWK6ykAUlD3G8WRM89u2ioQAoOpC
> 29WG3L9aOsE5eX8Aolfm9ufG
> =OKT7
> -----END PGP SIGNATURE-----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> "E-mail Server" made the following
> annotations on 06/23/00 10:46:56
> ------------------------------------------------------------------------------
> Bestfoods is not responsible for the content of incoming messages which may
> contain offensive or unauthorized material. Please contact 1-800-462-0562 if
> this should happen.
>
> ==============================================================================
>
> "E-mail Server" made the following
> annotations on 06/23/00 11:05:38
> ------------------------------------------------------------------------------
> May contain confidential and trade secret information of Bestfoods, and may be
>subject to the Economic Espionage Act of 1996. For recipient's use only. If you have
>received this message in error, please delete immediately, and alert the sender.
>
> ==============================================================================
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
