?
Solved

Cash penalties

Posted on 2011-02-14
6
Medium Priority
?
312 Views
Last Modified: 2012-05-11
I was having a think the other day on operational types of audits/assessments that would benefit any organisation, mainly the main point I was thinking about was where an assessment could help to indentify issues which can result in “avoidable fines” (specifically cash or reputational damage).

As one example I was thinking about stuff like violations of licence agreements, say for example the liscence agreement you get with an oracle database. From what I understand Oracle can not only flag up you are violating your policy agreement, give you a fresh bill, and also potentially take you to court. Licence agreement violations was just one example I thought up where there are avoidable fines/penalties, but there must be loads more of these type of issues whereby we can check as an organisation before a 3rd party comes in, finds issues, and finds violations and subsequent cash penalties.  

So I am not looking for your specific security audits i.e. pen tests, but those key issues/areas of basic operations that still have a key business impact risk, i.e. financial damage, reputational damage, non-compliance type issues, privacy violations etc etc. Anything were there is potential fines/business impacts for non compliance/poor practiceis and internal policies, especially those that could result in cash penalties I would love to hear about, so any suggestions on types of audits/assessments in this area most welcome.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Accepted Solution

by:
luconsta earned 500 total points
ID: 34886785
If you are looking for a tool that could help you in "software assesment" a good one (and freeware) I this is Spiceworks. It could do a lot of monitoring stuff but for what you are interested in - it can do a report of all of the software found on your PC's and so you could identify possible "licensing infringements".
0
 
LVL 3

Author Comment

by:pma111
ID: 34886793
Not so much, it was more after other ideas whereby cash penalities could be avoided or at least identified asap through audit and assessment. I had just used liscence infringement as one example of this type of thing, I was after as many other type of issue as opposed to a tool to identify them. Thanks all the same though.
0
 
LVL 2

Assisted Solution

by:niaz
niaz earned 500 total points
ID: 34888477
A simple way is to create an excel spread sheet listing all the server hosting database with the following information for each:

<Host Name>   <# of CPU>  <# CPU Core>    <SW Edition>   <Server Role> < Licence in USE>

You can compute the License in Use Column based on the 2nd and 3rd Column. This will give you the licensed used for each host. If you Sum the last column you get the total number licensed being used organization-wide.

If you plan to migrate or upgrade a host to a new server decommissioning the old one, you can temporarily exceed the license you own - specifically for the migration/upgrade reason.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 500 total points
ID: 34890290
A good one nowadays depending where you are is compliance to IT security standards....i.e. storing of clients personal data, credit card info, etc. Get to know your local statutes that apply and you can offer the service of keeping businesses from being fined, if not outright shut down, for procedures that violate the data management laws. This often goes beyond just how data is stored electronically and includes things like physical access to paper data, must be in a locked room or secure filing cabinet, etc.
0
 
LVL 1

Assisted Solution

by:judas2158
judas2158 earned 500 total points
ID: 34921633
The stuff I look for is:

License violations of member companies (like BSA members).
Illegal downloading of copyrighted mataterial, music, movies, TV, games.
Pornographic material which leads to sexual harassment.
Criminal material, such as child pornography, wiretaps, and snooping software.
Public statements such as personal blogs or Facebook.
Security of accounting and employee data.
Journaling of communications for legal protection.
The actual workflow and interaction with information systems.
0
 
LVL 3

Author Comment

by:pma111
ID: 34924949
Thanks Judas, could you clarify the 2 issues you mention:

Public statements such as personal blogs or Facebook.
Journaling of communications for legal protection.

I wasnt to sure on what you were getting at there? Also BSA members? I am not familair with BSA?
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question