Solved

Cash penalties

Posted on 2011-02-14
6
307 Views
Last Modified: 2012-05-11
I was having a think the other day on operational types of audits/assessments that would benefit any organisation, mainly the main point I was thinking about was where an assessment could help to indentify issues which can result in “avoidable fines” (specifically cash or reputational damage).

As one example I was thinking about stuff like violations of licence agreements, say for example the liscence agreement you get with an oracle database. From what I understand Oracle can not only flag up you are violating your policy agreement, give you a fresh bill, and also potentially take you to court. Licence agreement violations was just one example I thought up where there are avoidable fines/penalties, but there must be loads more of these type of issues whereby we can check as an organisation before a 3rd party comes in, finds issues, and finds violations and subsequent cash penalties.  

So I am not looking for your specific security audits i.e. pen tests, but those key issues/areas of basic operations that still have a key business impact risk, i.e. financial damage, reputational damage, non-compliance type issues, privacy violations etc etc. Anything were there is potential fines/business impacts for non compliance/poor practiceis and internal policies, especially those that could result in cash penalties I would love to hear about, so any suggestions on types of audits/assessments in this area most welcome.
0
Comment
Question by:pma111
6 Comments
 
LVL 14

Accepted Solution

by:
luconsta earned 125 total points
ID: 34886785
If you are looking for a tool that could help you in "software assesment" a good one (and freeware) I this is Spiceworks. It could do a lot of monitoring stuff but for what you are interested in - it can do a report of all of the software found on your PC's and so you could identify possible "licensing infringements".
0
 
LVL 3

Author Comment

by:pma111
ID: 34886793
Not so much, it was more after other ideas whereby cash penalities could be avoided or at least identified asap through audit and assessment. I had just used liscence infringement as one example of this type of thing, I was after as many other type of issue as opposed to a tool to identify them. Thanks all the same though.
0
 
LVL 2

Assisted Solution

by:niaz
niaz earned 125 total points
ID: 34888477
A simple way is to create an excel spread sheet listing all the server hosting database with the following information for each:

<Host Name>   <# of CPU>  <# CPU Core>    <SW Edition>   <Server Role> < Licence in USE>

You can compute the License in Use Column based on the 2nd and 3rd Column. This will give you the licensed used for each host. If you Sum the last column you get the total number licensed being used organization-wide.

If you plan to migrate or upgrade a host to a new server decommissioning the old one, you can temporarily exceed the license you own - specifically for the migration/upgrade reason.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 125 total points
ID: 34890290
A good one nowadays depending where you are is compliance to IT security standards....i.e. storing of clients personal data, credit card info, etc. Get to know your local statutes that apply and you can offer the service of keeping businesses from being fined, if not outright shut down, for procedures that violate the data management laws. This often goes beyond just how data is stored electronically and includes things like physical access to paper data, must be in a locked room or secure filing cabinet, etc.
0
 
LVL 1

Assisted Solution

by:judas2158
judas2158 earned 125 total points
ID: 34921633
The stuff I look for is:

License violations of member companies (like BSA members).
Illegal downloading of copyrighted mataterial, music, movies, TV, games.
Pornographic material which leads to sexual harassment.
Criminal material, such as child pornography, wiretaps, and snooping software.
Public statements such as personal blogs or Facebook.
Security of accounting and employee data.
Journaling of communications for legal protection.
The actual workflow and interaction with information systems.
0
 
LVL 3

Author Comment

by:pma111
ID: 34924949
Thanks Judas, could you clarify the 2 issues you mention:

Public statements such as personal blogs or Facebook.
Journaling of communications for legal protection.

I wasnt to sure on what you were getting at there? Also BSA members? I am not familair with BSA?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
When we talk about DevOps toolchains, I sometimes wonder how many people really get what we’re talking about. I don’t know if it’s just semantics or tone or something else, but sometimes I think it just sounds like buzzword sausage. So it’s always …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now