Software and technology development have transfered people to a new society, new opportunities and innovation. Application and software are used in almost every task. For example data storage, new communication media, and perhaps also some changes made to trading pattern. Not only a new chance and innovation, development is also on the other hand has a new challenges for cyber risks.
The speed of technological development started from a security risk cyber as data breaches and malware. A few months ago, the internet user was surprised by Ashley Madison data leaked. The site is a Canada-based online dating service and social networking service marketed to people who are married or in a committed relationship. This incident had ruin certain parties. These days companies that aware to this issue have begun to struggle with the best practice to boost security to their data that kept on the internet. Moreover, e-commerce business largely are known to use variety channel sales points or platform. The platform can be accessed not only by one person (more than one entry points) that mostly has flaws to cause greater risk that might be occurred.
Workers who in direct contact with the company internet network usually have access to enter and withdraw data through their profile. Firms have implemented a number of concrete steps that can be used to mitigate cyber risks. These several steps include understanding what is in company network, ensuring software or application that are being used have been registered with a license. By presence of malware that can be found almost everywhere, one can emerge through a small channel in safe system. The environment of software could be the first security fence. Other risk that might be emerge is technology communication infrastructure in procurement and the using of unlicensed software.
A number of institutions, including the Committee of Sponsoring Organizations (COSO) and National Institute of Standards and Technology (NIST) had discussed best practice implementation and practical use for software asset management (SAM). The results including recommendations for companies to adopt internal security deals with the use of legal verification of the technology. But not only that, companies are also needed improvements in software, hardware, and applications infrastructure. Several steps was delivered by COSO and NIST as part of SAM component or strategy.
As an assets management, protective need to be given as the global International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 19770-1 standard in asset management software challenges. This approach is divided into four guidances to help companies boost software security.
The first step is to know the network and set software assessments. These management is a part of internal risk mitigation which is important by managing external risk. In addition, consideration should be given to all user who uses a proper license for all software. This standard needs to ensure that if there is a problem, the root of the problem is not derived from the one in charge.
Second, there is a need to consider current business and future business required as license model. Especially to ensure a proper license model as a best practice for the company by a maintenance of license agreement. The next step is to ensure that policy and control should be in one place. The final step is SAM practical step integration on business grid, so that all departments and workers have to observe their own duty in the effectiveness of work. It is also an important points to maximize every role in working are.