110 likes | 210 Vues
IT Service Delivery And Support Week Five. IT Auditing and Cyber Security Spring 2013 Instructor: Liang Yao (MBA MS CIA CISA CISSP). Software License Management. Potential Benefits Challenges Steps to SLM Elements of SLM Solution Effective Software Asset Repository Emerging issues
E N D
IT Service Delivery And SupportWeek Five IT Auditing and Cyber Security Spring 2013 Instructor: Liang Yao (MBA MS CIA CISA CISSP)
Software License Management • Potential Benefits • Challenges • Steps to SLM • Elements of SLM Solution • Effective Software Asset Repository • Emerging issues • Software license audit program
Potential Benefits • Prevent illegal use of software • Reduce software purchase costs • Leverage exiting software license investments more effectively • Reduce software maintenance costs • Identify potential security risks • Reduce risk associate planned changes • Reduce incidents associated with unapproved software conflicts • Increase supportability of the environment • Improved internal cost allocation based on actual usage
Challenges • Array of licensing models and definitions • Identification of installed software • Use of browsers and generic clients • Comply with the agreement • Leverage of the software asset repository • Audit and coverage • Lock down • User resistance • Entitlement chains
Steps to SLM • Define policy • Develop and public policies and procedure • Purchasing policy • Vendor management • IT service management tools to support SLM • Model standard • Software Asset Repository and Data collection • Review process • Review contract agreement • Reconciliation • Correction/remediation plan • User education
Steps to SLM (Cont.) • Archive initial license compliance status • Proactive monitoring • Identify license errors • Reporting • Periodical review • Communication Channel • Projection • Disposal procedure
Elements of SLM Solution • Discovery tool • Usage monitoring tool • Software Asset Repository tool • Software Deployment tool
Effective Software Asset Repository • License lifecycle support • Contract management • Discovered vs. authorized reconciliation • Proactive management of license • Inventory management • Cost tracking • Request management and self service • Purchasing • Reporting solution • Integration with other systems
SLM Audit Concerns • Effective IT Asset Management • License Maintenance • Compliance/Reputational/Legal Risk • Do-it-early Than Later (expiration and renew)
Recommendations • Policies and Procedures • Inventory Maintenance • Verify Assets Records Regularly • Inventory After M&A • Tools for Software Licensing Tracking • Procurement/sourcing • Centralized Procurement • Software license agreement
Audit Program ISACA Sample Software License Audit Program