Jon,
I don't think that can constitute as Primary/Best evidence in a court of law, especially when electronic communications is usually considered "Heresay", and therefore needs to be corroborated with other sources. Also: The evidence only shows a communication from the source communication to the destination computer, and doesn't accurately reflect the person or entity behind the communications ( Anyone can refute there Login ID was hacked, and it wasn't them that sent the communications) and I haven't seen many IM packages provide two factor authentication, that provide additional evidence that said user/entity is who they claim to be... Another item of interest with IM communications: Electronic Communications Privacy Act of 1986 ( Updated in 2000) http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act Possibly monitoring or intercepting the communications, via IM without the authorization for a wiretap could constitute a violation of existing wiretap laws: IM conversions are internet conversations. Telephone tapping (or wire tapping/wiretapping in the USA <http://en.wikipedia.org/wiki/USA> ) is the monitoring of telephone <http://en.wikipedia.org/wiki/Telephone> and Internet <http://en.wikipedia.org/wiki/Internet> conversations by a third party, often by covert means. While workplace communications are in theory protected an employer must simply give notice or a supervisor must feel that the employee's actions are not in the company's "interest" to gain access to communiqué. This means that with minimal assumptions an employer can monitor communications within the company. (Reason why you want these things in policy, and the users to sign off on the policy, either acceptable use, or a system specific or issue specific policy) Plus its a lot easier for information disclosure on unregulated IM that goes outside the organization, which raises the risk of insider threat, which makes you really think, was that IM project a good idea anyways? Why are the bossess still allowing IM from 3rd parties to carry communications and possibly the company secrets right out the door over networks they don't own to endpoints around the world. Just food for thought, PS: Disclaimer, this does not constitute in any way shape or form legal advice, consult your company legal departments for further guidance on these and all legal matters... EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] From: Jon Harris [mailto:[email protected]] Sent: Tuesday, May 04, 2010 3:23 PM To: NT System Admin Issues Subject: Re: Internet Policies -- Benefits of IM and Social Media One advantage of IM over phone conversations is proof of what is said in the "conversation". Some times it is quite useful when you need to CYA. Jon On Tue, May 4, 2010 at 3:19 PM, Murray Freeman <[email protected]> wrote: It sounds like the telephone may become extinct, doesn't it! Our organization is small, all in one bldg on one floor, so it's very easy to just walk down to an office. When I get a help desk call, I always walk to the requestor's office. The young man who works with me uses Remote Assistance and the telephone. Here, an email is just as fast as an IM. Murray ________________________________ From: Don Guyer [mailto:[email protected]] Sent: Tuesday, May 04, 2010 1:12 PM To: NT System Admin Issues Subject: RE: Internet Policies -- Benefits of IM and Social Media Agreed. As a department, we all use IM. I have coworkers in other physical locations that I interact with all day. No one answers their desk phones, because it's usually a vendor or sales call. J E-mail is great for communicating certain things that require a record, or are too long winded for IM, but IM is great for those "hey can you look at server X?" conversations. $.02 Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected] From: Andrew S. Baker [mailto:[email protected]] Sent: Tuesday, May 04, 2010 2:02 PM To: NT System Admin Issues Subject: Re: Internet Policies -- Benefits of IM and Social Media IM is faster than email is faster than a meeting. Personally, I prefer email to IM, but I understand how and why people use it as a valid communications tool. It facilitates quick, informal exchanges that may not rise to the level of a full discussion. And both IM and email are easier to schedule than face-to-face meetings in many cases. Social networking is just a prevalent, but semi-closed network where you can interact with business partners, customers or prospective clients in a way where the recipient has some control over who reaches them and how they are reached, and the sender has access to some rich content without the fear of antispam interference. All of the above means of communications are useful to various organizations, even though abuse of them can waste time. But so can the abuse of any other communications vehicle, including meetings. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 4, 2010 at 1:39 PM, Murray Freeman <[email protected]> wrote: Well, as long as we're discussing IM, we don't allow it currently. But, I have trouble understanding how IM is better than either email or a meeting, or using a telephone to accomplish the very same thing as an IM. Can someone explain that to me. Oh, we've recently adopted social networking for our organization, but primarily for our membership. I'm having trouble understanding how social networking will help our members too! Murray ________________________________ From: Steve Ens [mailto:[email protected]] Sent: Tuesday, May 04, 2010 11:42 AM To: NT System Admin Issues Subject: Re: Internet Policies It all depends if there is a business or productivity reason for it. We use IM in some of the departments for meetings, quick conversations, etc. But if it is used for wasting time, I would not allow it. On Tue, May 4, 2010 at 11:38 AM, John Aldrich <[email protected]> wrote: What restrictions, if any, do your organizations place on things like IM or social networking sites? I sent out a warning to the office personnel this morning regarding the new "IM Virus" and got an email back from the CEO basically stating "shouldn't that be a violation of company policy anyway?" and I had to tell him, I knew of no policies regarding that; and that in fact, my former supervisor was fully aware of at least one person (who's child is overseas in the military) who used IM on a semi-regular basis. For this reason, I'm working on coming up with a company policy. I've looked at the sample template from SANS as well as another one that someone sent me off-list. I'm planning on incorporating the best of everything I get, so if anyone has any suggested language regarding IM or social networking, please let me have it. J ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
