While at my work we do not lock down USB devices and I like it, there are counter arguments to each of the examples you gave:
CDR - This can be controlled by only installing them on a few machines and even then locking it down to where only an admin can burn.
EMail - There is at least a record here (or there can be) of who sent what sensitive information to whom.
FDD - Again, only install them on a very limited set of machines if on any at all. We don't actually install them in any desktop/laptop cpu anymore at all.
Regardless of the validity of the counter arguments, it is never a good idea to argue for allowing a security risk by pointing out that there are other risks already. Should banks stop using vaults since some people can rob banks even if they have a vault?
Again I would like to point out that we don't lock down USB devices here and I like it that way. I just wnated to point out that your argument for not locking them down is not the most viable argument around.
A better approach IMO would be to list the benefits provided by USB devices then compare that to the security risk they represent.
[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]