Solved

Cash penalties

Posted on 2011-02-14
6
306 Views
Last Modified: 2012-05-11
I was having a think the other day on operational types of audits/assessments that would benefit any organisation, mainly the main point I was thinking about was where an assessment could help to indentify issues which can result in “avoidable fines” (specifically cash or reputational damage).

As one example I was thinking about stuff like violations of licence agreements, say for example the liscence agreement you get with an oracle database. From what I understand Oracle can not only flag up you are violating your policy agreement, give you a fresh bill, and also potentially take you to court. Licence agreement violations was just one example I thought up where there are avoidable fines/penalties, but there must be loads more of these type of issues whereby we can check as an organisation before a 3rd party comes in, finds issues, and finds violations and subsequent cash penalties.  

So I am not looking for your specific security audits i.e. pen tests, but those key issues/areas of basic operations that still have a key business impact risk, i.e. financial damage, reputational damage, non-compliance type issues, privacy violations etc etc. Anything were there is potential fines/business impacts for non compliance/poor practiceis and internal policies, especially those that could result in cash penalties I would love to hear about, so any suggestions on types of audits/assessments in this area most welcome.
0
Comment
Question by:pma111
6 Comments
 
LVL 14

Accepted Solution

by:
luconsta earned 125 total points
Comment Utility
If you are looking for a tool that could help you in "software assesment" a good one (and freeware) I this is Spiceworks. It could do a lot of monitoring stuff but for what you are interested in - it can do a report of all of the software found on your PC's and so you could identify possible "licensing infringements".
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Not so much, it was more after other ideas whereby cash penalities could be avoided or at least identified asap through audit and assessment. I had just used liscence infringement as one example of this type of thing, I was after as many other type of issue as opposed to a tool to identify them. Thanks all the same though.
0
 
LVL 2

Assisted Solution

by:niaz
niaz earned 125 total points
Comment Utility
A simple way is to create an excel spread sheet listing all the server hosting database with the following information for each:

<Host Name>   <# of CPU>  <# CPU Core>    <SW Edition>   <Server Role> < Licence in USE>

You can compute the License in Use Column based on the 2nd and 3rd Column. This will give you the licensed used for each host. If you Sum the last column you get the total number licensed being used organization-wide.

If you plan to migrate or upgrade a host to a new server decommissioning the old one, you can temporarily exceed the license you own - specifically for the migration/upgrade reason.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 125 total points
Comment Utility
A good one nowadays depending where you are is compliance to IT security standards....i.e. storing of clients personal data, credit card info, etc. Get to know your local statutes that apply and you can offer the service of keeping businesses from being fined, if not outright shut down, for procedures that violate the data management laws. This often goes beyond just how data is stored electronically and includes things like physical access to paper data, must be in a locked room or secure filing cabinet, etc.
0
 
LVL 1

Assisted Solution

by:judas2158
judas2158 earned 125 total points
Comment Utility
The stuff I look for is:

License violations of member companies (like BSA members).
Illegal downloading of copyrighted mataterial, music, movies, TV, games.
Pornographic material which leads to sexual harassment.
Criminal material, such as child pornography, wiretaps, and snooping software.
Public statements such as personal blogs or Facebook.
Security of accounting and employee data.
Journaling of communications for legal protection.
The actual workflow and interaction with information systems.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Thanks Judas, could you clarify the 2 issues you mention:

Public statements such as personal blogs or Facebook.
Journaling of communications for legal protection.

I wasnt to sure on what you were getting at there? Also BSA members? I am not familair with BSA?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SpiceWorks - help desk system 2 54
Which School? 2 31
ADMT Intra Forest migration questions 7 68
Phone service in Israel 4 28
Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now