Solved

Cash penalties

Posted on 2011-02-14
6
310 Views
Last Modified: 2012-05-11
I was having a think the other day on operational types of audits/assessments that would benefit any organisation, mainly the main point I was thinking about was where an assessment could help to indentify issues which can result in “avoidable fines” (specifically cash or reputational damage).

As one example I was thinking about stuff like violations of licence agreements, say for example the liscence agreement you get with an oracle database. From what I understand Oracle can not only flag up you are violating your policy agreement, give you a fresh bill, and also potentially take you to court. Licence agreement violations was just one example I thought up where there are avoidable fines/penalties, but there must be loads more of these type of issues whereby we can check as an organisation before a 3rd party comes in, finds issues, and finds violations and subsequent cash penalties.  

So I am not looking for your specific security audits i.e. pen tests, but those key issues/areas of basic operations that still have a key business impact risk, i.e. financial damage, reputational damage, non-compliance type issues, privacy violations etc etc. Anything were there is potential fines/business impacts for non compliance/poor practiceis and internal policies, especially those that could result in cash penalties I would love to hear about, so any suggestions on types of audits/assessments in this area most welcome.
0
Comment
Question by:pma111
6 Comments
 
LVL 14

Accepted Solution

by:
luconsta earned 125 total points
ID: 34886785
If you are looking for a tool that could help you in "software assesment" a good one (and freeware) I this is Spiceworks. It could do a lot of monitoring stuff but for what you are interested in - it can do a report of all of the software found on your PC's and so you could identify possible "licensing infringements".
0
 
LVL 3

Author Comment

by:pma111
ID: 34886793
Not so much, it was more after other ideas whereby cash penalities could be avoided or at least identified asap through audit and assessment. I had just used liscence infringement as one example of this type of thing, I was after as many other type of issue as opposed to a tool to identify them. Thanks all the same though.
0
 
LVL 2

Assisted Solution

by:niaz
niaz earned 125 total points
ID: 34888477
A simple way is to create an excel spread sheet listing all the server hosting database with the following information for each:

<Host Name>   <# of CPU>  <# CPU Core>    <SW Edition>   <Server Role> < Licence in USE>

You can compute the License in Use Column based on the 2nd and 3rd Column. This will give you the licensed used for each host. If you Sum the last column you get the total number licensed being used organization-wide.

If you plan to migrate or upgrade a host to a new server decommissioning the old one, you can temporarily exceed the license you own - specifically for the migration/upgrade reason.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 125 total points
ID: 34890290
A good one nowadays depending where you are is compliance to IT security standards....i.e. storing of clients personal data, credit card info, etc. Get to know your local statutes that apply and you can offer the service of keeping businesses from being fined, if not outright shut down, for procedures that violate the data management laws. This often goes beyond just how data is stored electronically and includes things like physical access to paper data, must be in a locked room or secure filing cabinet, etc.
0
 
LVL 1

Assisted Solution

by:judas2158
judas2158 earned 125 total points
ID: 34921633
The stuff I look for is:

License violations of member companies (like BSA members).
Illegal downloading of copyrighted mataterial, music, movies, TV, games.
Pornographic material which leads to sexual harassment.
Criminal material, such as child pornography, wiretaps, and snooping software.
Public statements such as personal blogs or Facebook.
Security of accounting and employee data.
Journaling of communications for legal protection.
The actual workflow and interaction with information systems.
0
 
LVL 3

Author Comment

by:pma111
ID: 34924949
Thanks Judas, could you clarify the 2 issues you mention:

Public statements such as personal blogs or Facebook.
Journaling of communications for legal protection.

I wasnt to sure on what you were getting at there? Also BSA members? I am not familair with BSA?
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Read about why it is more lucrative for an IT company to participate in government projects.
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question