{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:53:37Z","timestamp":1754157217008,"version":"3.41.2"},"reference-count":22,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2005,2,1]],"date-time":"2005-02-01T00:00:00Z","timestamp":1107216000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,2,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>To identify controls that can harness the power and capabilities of instant messengers (IM) while minimizing potential security risks.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>A risk analysis method and (CIS)<jats:sup>2<\/jats:sup> model are used.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>IM is a great tool for enterprise productivity. However, it has so many risks, but one could identify and control these risks with technical and managerial countermeasures.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>This paper fails to provide detailed and specific risks of commercial IMs, and the case study provided in this paper focuses on the technical rather than managerial issues.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>A very helpful case study which provides general risks and controls of recent IMs for the security officers of various organizations.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper outlined the risks of IM and potential controls for securing public IM in the workplace.<\/jats:p><\/jats:sec>","DOI":"10.1108\/10662240510577086","type":"journal-article","created":{"date-parts":[[2005,2,9]],"date-time":"2005-02-09T11:07:23Z","timestamp":1107947243000},"page":"88-98","source":"Crossref","is-referenced-by-count":11,"title":["Security of the internet\u2010based instant messenger"],"prefix":"10.1108","volume":"15","author":[{"given":"Sangkyun","family":"Kim","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Choon","family":"Seong Leem","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022012520344656900_b1","unstructured":"Amoroso, E.G. (1994), Fundamentals of Computer Security Technology, Prentice\u2010Hall, Englewood Cliffs, NJ."},{"key":"key2022012520344656900_b2","unstructured":"Andrews, W. (2001), Not So Fast: IM's Evolution Needs Auxiliary Technologies, Gartner Inc., Stamford, CT."},{"key":"key2022012520344656900_b3","unstructured":"Beer, S. (2003), \u201cInstant mayhem\u201d, SMH, 18 February, available at: www.smh.com.au\/articles\/2003\/02\/17\/1045330518898.html?oneclick=true."},{"key":"key2022012520344656900_b4","unstructured":"Fine, L.H. (1983), Computer Security \u2013 A Handbook for Management, William Heinemann, London."},{"key":"key2022012520344656900_b5","unstructured":"Fites, P.E., Kratz, M.P.J. and Brebner, A.F. (1989), Controls and Security of Computer Information Systems, Computer Science Press, Rockville, MD."},{"key":"key2022012520344656900_b6","unstructured":"Grey, M. (2001), Love It or Hate It: Instant Messaging Invades the Enterprise, Gartner Inc., Stamford, CT."},{"key":"key2022012520344656900_b7","unstructured":"Grey, M. and Batchelder, R. (2001), Free Instant Messaging: Taming the Wild Beast, Gartner Inc., Stamford, CT."},{"key":"key2022012520344656900_b8","unstructured":"Hutt, A.E. (1987), \u201cManagement's roles in computer security\u201d, in Hutt, A.E., Hoyt, D.B. and Bosworth, S. (Eds), Computer Security Handbook, Macmillan, New York, NY."},{"key":"key2022012520344656900_b9","doi-asserted-by":"crossref","unstructured":"Kim, S. and Leem, C.S. (2004), \u201cAn information engineering methodology for the security strategy planning\u201d, Lecture Notes in Computer Science, Vol. 3043, Springer\u2010Verlag, Berlin.","DOI":"10.1007\/978-3-540-24707-4_71"},{"key":"key2022012520344656900_b10","unstructured":"Krutz, R.L. and Vines, R.D. (2001), The CISSP Prep Guide: Mastering the 10 Domains of Computer Security, John Wiley & Sons, New York, NY."},{"key":"key2022012520344656900_b11","unstructured":"Li, D.H. (1983), Controls in a Computer Environment: Objectives, Guidelines, and Audit Procedures, EDP Auditors Foundation, Carol Stream, IL."},{"key":"key2022012520344656900_b12","unstructured":"Madnick, S.E. (1978), \u201cManagement policies and procedures needed for effective computer security\u201d, Sloan Management Review, Vol. 19 No. 3, pp. 61\u201074."},{"key":"key2022012520344656900_b13","unstructured":"Mayerfeld, H. (1988), \u201cDefinition and identification of assets as the basis for risk management\u201d, Proceedings of 1988 Computer Security Risk Management Model Builders Workshop, Denver, CO, NBS, Gaithersburg, MD."},{"key":"key2022012520344656900_b14","unstructured":"Piccard, P. (2002), Risk Exposure: Instant Messaging and Peer\u2010to\u2010Peer Networks, Internet Security Systems, Atlanta, GA."},{"key":"key2022012520344656900_b15","unstructured":"Roper, C.A. (1999), Risk Management for Security Professionals, Butterworth\u2010Heinemann, Boston, MA."},{"key":"key2022012520344656900_b16","unstructured":"Sage, A.P. (1992), Systems Engineering, John Wiley & Sons, New York, NY."},{"key":"key2022012520344656900_b17","unstructured":"Schweitzer, J.A. (1983), Protecting Information in the Electronic Workplace: A Guide for Managers, Reston Publishing Company, Reston, VA."},{"key":"key2022012520344656900_b18","unstructured":"Simpson, R., McHugh, D., Wheatman, V. and Stiennon, R. (2002), New Instant Messaging Virus Exploits Your Trust, Gartner Inc., Stamford, CT, available at: www3.gartner.com\/resources\/106700\/106751\/106751.pdf."},{"key":"key2022012520344656900_b19","unstructured":"Stiennon, R. (2001), \u201cWhat may lurk in your IM session?\u201d, Note No. COM\u201014\u20102666, Gartner Inc., Stamford, CT."},{"key":"key2022012520344656900_b21","unstructured":"Vallabhaneni, R. (2000), CISSP Examination Textbooks, SRV Professional Publications, Los Angeles, CA."},{"key":"key2022012520344656900_b22","unstructured":"Wood, C.C. (1991), Effective Information Security Management, Elsevier Advanced Technology, Oxford."},{"key":"key2022012520344656900_frg1","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A. and Feringa, A. (2001), Risk Management Guide for Information Technology Systems, NIST, Gaithersburg, MD.","DOI":"10.6028\/NIST.SP.800-30"}],"container-title":["Internet Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/10662240510577086","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240510577086\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240510577086\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:40:03Z","timestamp":1753400403000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/intr\/article\/15\/1\/88-98\/177018"}},"subtitle":["Risks and safeguards"],"short-title":[],"issued":{"date-parts":[[2005,2,1]]},"references-count":22,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2,1]]}},"alternative-id":["10.1108\/10662240510577086"],"URL":"https:\/\/doi.org\/10.1108\/10662240510577086","relation":{},"ISSN":["1066-2243"],"issn-type":[{"type":"print","value":"1066-2243"}],"subject":[],"published":{"date-parts":[[2005,2,1]]}}}