Detecting Software License Violations

D.

The best way to prevent and detect software license violations is to regularly scan used PCs, either from the LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC.

Other options are not detective.

A corporate policy is not necessarily enforced and followed by all employees.

Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.

Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 108).

The BEST way to detect software license violations depends on several factors, including the size of the organization, the type of software in use, and the potential risks associated with license violations. However, among the given options, the most effective approach would be to implement a corporate policy on copyright infringements and software use (option A).

Option A addresses the root cause of software license violations by creating guidelines for employees on acceptable software use. A comprehensive policy should outline the permissible use of licensed software, including how to purchase, install, and distribute software within the organization. It should also highlight the consequences of violating software license agreements, including disciplinary action, legal action, or termination of employment.

Option B, requiring that all PCs be diskless workstations, is not a practical solution in most organizations as it may not be possible or feasible to implement. Additionally, it does not guarantee that employees will not install unauthorized software on their devices.

Option C, installing metering software on the LAN so applications can be accessed through the metered software, can be useful in monitoring software usage. However, it may not be foolproof since some employees may still find ways to install unauthorized software on their devices, and metering software can be costly to implement.

Option D, regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PCs, is a reactive approach that only identifies violations after they have occurred. It may also not be effective if employees have found ways to hide unauthorized software on their devices.

In summary, the most effective approach to detecting software license violations is to implement a corporate policy on copyright infringements and software use (option A). This approach addresses the root cause of license violations by providing guidelines and consequences for employees. However, it should be complemented with other measures such as periodic audits and education programs to ensure compliance.