Solved

Cash penalties

Posted on 2011-02-14
6
311 Views
Last Modified: 2012-05-11
I was having a think the other day on operational types of audits/assessments that would benefit any organisation, mainly the main point I was thinking about was where an assessment could help to indentify issues which can result in “avoidable fines” (specifically cash or reputational damage).

As one example I was thinking about stuff like violations of licence agreements, say for example the liscence agreement you get with an oracle database. From what I understand Oracle can not only flag up you are violating your policy agreement, give you a fresh bill, and also potentially take you to court. Licence agreement violations was just one example I thought up where there are avoidable fines/penalties, but there must be loads more of these type of issues whereby we can check as an organisation before a 3rd party comes in, finds issues, and finds violations and subsequent cash penalties.  

So I am not looking for your specific security audits i.e. pen tests, but those key issues/areas of basic operations that still have a key business impact risk, i.e. financial damage, reputational damage, non-compliance type issues, privacy violations etc etc. Anything were there is potential fines/business impacts for non compliance/poor practiceis and internal policies, especially those that could result in cash penalties I would love to hear about, so any suggestions on types of audits/assessments in this area most welcome.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Accepted Solution

by:
luconsta earned 125 total points
ID: 34886785
If you are looking for a tool that could help you in "software assesment" a good one (and freeware) I this is Spiceworks. It could do a lot of monitoring stuff but for what you are interested in - it can do a report of all of the software found on your PC's and so you could identify possible "licensing infringements".
0
 
LVL 3

Author Comment

by:pma111
ID: 34886793
Not so much, it was more after other ideas whereby cash penalities could be avoided or at least identified asap through audit and assessment. I had just used liscence infringement as one example of this type of thing, I was after as many other type of issue as opposed to a tool to identify them. Thanks all the same though.
0
 
LVL 2

Assisted Solution

by:niaz
niaz earned 125 total points
ID: 34888477
A simple way is to create an excel spread sheet listing all the server hosting database with the following information for each:

<Host Name>   <# of CPU>  <# CPU Core>    <SW Edition>   <Server Role> < Licence in USE>

You can compute the License in Use Column based on the 2nd and 3rd Column. This will give you the licensed used for each host. If you Sum the last column you get the total number licensed being used organization-wide.

If you plan to migrate or upgrade a host to a new server decommissioning the old one, you can temporarily exceed the license you own - specifically for the migration/upgrade reason.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 125 total points
ID: 34890290
A good one nowadays depending where you are is compliance to IT security standards....i.e. storing of clients personal data, credit card info, etc. Get to know your local statutes that apply and you can offer the service of keeping businesses from being fined, if not outright shut down, for procedures that violate the data management laws. This often goes beyond just how data is stored electronically and includes things like physical access to paper data, must be in a locked room or secure filing cabinet, etc.
0
 
LVL 1

Assisted Solution

by:judas2158
judas2158 earned 125 total points
ID: 34921633
The stuff I look for is:

License violations of member companies (like BSA members).
Illegal downloading of copyrighted mataterial, music, movies, TV, games.
Pornographic material which leads to sexual harassment.
Criminal material, such as child pornography, wiretaps, and snooping software.
Public statements such as personal blogs or Facebook.
Security of accounting and employee data.
Journaling of communications for legal protection.
The actual workflow and interaction with information systems.
0
 
LVL 3

Author Comment

by:pma111
ID: 34924949
Thanks Judas, could you clarify the 2 issues you mention:

Public statements such as personal blogs or Facebook.
Journaling of communications for legal protection.

I wasnt to sure on what you were getting at there? Also BSA members? I am not familair with BSA?
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IT certifications are a concrete representation of continual learning on the part of the candidate.  Continual learning is necessary for the long term success of an IT professional, but are IT certifications the right path for you?
Invest in your employees with these five simple steps to improve employee engagement and retention.
Articles on a wide range of technology and professional topics are available on Experts Exchange. These resources are written by members, for members, and can be written about any topic you feel passionate about. Learn how to best write an article t…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question