Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > OT PKI / Certificate services

Reply
Thread Tools

OT PKI / Certificate services

 
 
Rick
Guest
Posts: n/a
 
      06-23-2004

Ok this is a question for someone who is a US corporate guru. In a public
traded company how do you satisfy the SEC rules regard email and file
security. It sounds like that no one in the IT department for the
organization is even allowed to have recovery agent authority because we
might be able to read or see something that may lead us to purchase or sell
stock. This puts the IT department in a bad situation as we a responsible
for the backup and recovery of all data, however if a VP looses his
certificate we can not recover his data. Does anyone here have experience
with these type of policy decisions? I am looking to find out if a
Certifcate server implementation can satisfy the SEC rules and what tuning
to group policy, recover agents and key backups may need to be done.

Thanks

Rick


 
Reply With Quote
 
 
 
 
nerd32768
Guest
Posts: n/a
 
      06-23-2004
"Rick" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> Ok this is a question for someone who is a US corporate guru. In a public
> traded company how do you satisfy the SEC rules regard email and file
> security. It sounds like that no one in the IT department for the
> organization is even allowed to have recovery agent authority because we
> might be able to read or see something that may lead us to purchase or

sell
> stock. This puts the IT department in a bad situation as we a responsible
> for the backup and recovery of all data, however if a VP looses his
> certificate we can not recover his data. Does anyone here have experience
> with these type of policy decisions? I am looking to find out if a
> Certifcate server implementation can satisfy the SEC rules and what tuning
> to group policy, recover agents and key backups may need to be done.
>
> Thanks
>
> Rick
>


You probably get an acceptable answer in
"microsoft.public.win2000.security", because nobody here seems to like to
answer valid Microsoft questions


 
Reply With Quote
 
 
 
 
Guest
Posts: n/a
 
      06-23-2004
shut up rick, no one cares
>-----Original Message-----
>
>Ok this is a question for someone who is a US corporate

guru. In a public
>traded company how do you satisfy the SEC rules regard

email and file
>security. It sounds like that no one in the IT department

for the
>organization is even allowed to have recovery agent

authority because we
>might be able to read or see something that may lead us

to purchase or sell
>stock. This puts the IT department in a bad situation as

we a responsible
>for the backup and recovery of all data, however if a VP

looses his
>certificate we can not recover his data. Does anyone here

have experience
>with these type of policy decisions? I am looking to find

out if a
>Certifcate server implementation can satisfy the SEC

rules and what tuning
>to group policy, recover agents and key backups may need

to be done.
>
>Thanks
>
>Rick
>
>
>.
>

 
Reply With Quote
 
fygar
Guest
Posts: n/a
 
      06-23-2004
On Wed, 23 Jun 2004 11:55:10 -0400, "Rick" <(E-Mail Removed)> wrote:

>
>Ok this is a question for someone who is a US corporate guru. In a public
>traded company how do you satisfy the SEC rules regard email and file
>security. It sounds like that no one in the IT department for the
>organization is even allowed to have recovery agent authority because we
>might be able to read or see something that may lead us to purchase or sell
>stock. This puts the IT department in a bad situation as we a responsible
>for the backup and recovery of all data, however if a VP looses his
>certificate we can not recover his data. Does anyone here have experience
>with these type of policy decisions? I am looking to find out if a
>Certifcate server implementation can satisfy the SEC rules and what tuning
>to group policy, recover agents and key backups may need to be done.
>
>Thanks
>
>Rick
>


Which of, and do you have a link to, the SEC rules you are talking
about? I've not interpreted anything I've read dealing with SOX that
leads to your delimma.


....butch
 
Reply With Quote
 
JaR
Guest
Posts: n/a
 
      06-23-2004
nerd32768 wrote:

> "Rick" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>
>>Ok this is a question for someone who is a US corporate guru. In a public
>>traded company how do you satisfy the SEC rules regard email and file
>>security. It sounds like that no one in the IT department for the
>>organization is even allowed to have recovery agent authority because we
>>might be able to read or see something that may lead us to purchase or

>
> sell
>
>>stock. This puts the IT department in a bad situation as we a responsible
>>for the backup and recovery of all data, however if a VP looses his
>>certificate we can not recover his data. Does anyone here have experience
>>with these type of policy decisions? I am looking to find out if a
>>Certifcate server implementation can satisfy the SEC rules and what tuning
>>to group policy, recover agents and key backups may need to be done.
>>
>>Thanks
>>
>>Rick
>>

>
>
> You probably get an acceptable answer in
> "microsoft.public.win2000.security", because nobody here seems to like to
> answer valid Microsoft questions
>
>

bugger off, puppy.

To try to answer the question, however.

There is no regulation prohibiting anyone in a corporate environment
from having knowledge that could influence a stock purchase or sale. It
is, however, illegal to use that knowledge to gain an unfair advantage
when trading in stocks or securities. An executive, for example, will
have advance knowledge of an impending bankruptcy, but to use that
knowledge to sell stock before it tanks is illegal.

JaR
 
Reply With Quote
 
Rick
Guest
Posts: n/a
 
      06-23-2004
Thanks Jar. My question would be what policy would you have to put in place
to cover and SEC audit of you network practices? Does anyone have a policy
about using corporate data for financial gain?

Rick

"JaR" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> nerd32768 wrote:
>
> > "Rick" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >
> >>Ok this is a question for someone who is a US corporate guru. In a

public
> >>traded company how do you satisfy the SEC rules regard email and file
> >>security. It sounds like that no one in the IT department for the
> >>organization is even allowed to have recovery agent authority because we
> >>might be able to read or see something that may lead us to purchase or

> >
> > sell
> >
> >>stock. This puts the IT department in a bad situation as we a

responsible
> >>for the backup and recovery of all data, however if a VP looses his
> >>certificate we can not recover his data. Does anyone here have

experience
> >>with these type of policy decisions? I am looking to find out if a
> >>Certifcate server implementation can satisfy the SEC rules and what

tuning
> >>to group policy, recover agents and key backups may need to be done.
> >>
> >>Thanks
> >>
> >>Rick
> >>

> >
> >
> > You probably get an acceptable answer in
> > "microsoft.public.win2000.security", because nobody here seems to like

to
> > answer valid Microsoft questions
> >
> >

> bugger off, puppy.
>
> To try to answer the question, however.
>
> There is no regulation prohibiting anyone in a corporate environment
> from having knowledge that could influence a stock purchase or sale. It
> is, however, illegal to use that knowledge to gain an unfair advantage
> when trading in stocks or securities. An executive, for example, will
> have advance knowledge of an impending bankruptcy, but to use that
> knowledge to sell stock before it tanks is illegal.
>
> JaR



 
Reply With Quote
 
Neil
Guest
Posts: n/a
 
      06-23-2004
"Rick" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Thanks Jar. My question would be what policy would you have to put in
> place to cover and SEC audit of you network practices? Does anyone
> have a policy about using corporate data for financial gain?


it might be best to go straight to the horses mouth on this

http://www.sec.gov/contact/mailboxes.htm#smbus

being Canadian I can give you no personal experience, I don't think you
should implement systems or restrictions needlessly.

--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?"
 
Reply With Quote
 
Rick
Guest
Posts: n/a
 
      06-23-2004
Thanks Neil,

Hey it is worth a try so I am sending an email to them


Rick


"Neil" <(E-Mail Removed)> wrote in message
news:Xns9511885C73677neilmcsehotmailcom@207.46.248 .16...
> "Rick" <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > Thanks Jar. My question would be what policy would you have to put in
> > place to cover and SEC audit of you network practices? Does anyone
> > have a policy about using corporate data for financial gain?

>
> it might be best to go straight to the horses mouth on this
>
> http://www.sec.gov/contact/mailboxes.htm#smbus
>
> being Canadian I can give you no personal experience, I don't think you
> should implement systems or restrictions needlessly.
>
> --
> Neil MCNGP #30
> "you'd do what, to who, for how many biscuits?"



 
Reply With Quote
 
Laura A. Robinson
Guest
Posts: n/a
 
      06-24-2004
circa Wed, 23 Jun 2004 11:55:10 -0400, in
microsoft.public.cert.exam.mcse, Rick ((E-Mail Removed)) said,
> Ok this is a question for someone who is a US corporate guru. In a public
> traded company how do you satisfy the SEC rules regard email and file
> security. It sounds like that no one in the IT department for the
> organization is even allowed to have recovery agent authority because we
> might be able to read or see something that may lead us to purchase or sell
> stock. This puts the IT department in a bad situation as we a responsible
> for the backup and recovery of all data, however if a VP looses his
> certificate we can not recover his data. Does anyone here have experience
> with these type of policy decisions? I am looking to find out if a
> Certifcate server implementation can satisfy the SEC rules and what tuning
> to group policy, recover agents and key backups may need to be done.
>

Yes, I have worked with this kind of environment. I still do,
actually, and we just built a proper PKI a few weeks ago. Our CPS is
100 pages long, which might give you an idea of how complex the
answer to your question actually is.

There's a lot more than can be answered in a newsgroup post, but your
best bet is to take a look at either the MOC course 2821, or download
all of the PKI whitepapers from Microsoft's site and start plowing
through them. There's a lot to setting up a proper PKI.

You may also consider hiring consultants who specialize in this.

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
 
Reply With Quote
 
Laura A. Robinson
Guest
Posts: n/a
 
      06-24-2004
circa Wed, 23 Jun 2004 11:27:22 -0500, in
microsoft.public.cert.exam.mcse, nerd32768 (brin{removethis}
http://www.velocityreviews.com/forums/(E-Mail Removed)) said,
> You probably get an acceptable answer in
> "microsoft.public.win2000.security", because nobody here seems to like to
> answer valid Microsoft questions
>

Speak for yourself.

And the question isn't specific to Windows 2000.

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PKI certificate authority Windows 2003 enterprise =?Utf-8?B?V291dGVyNzhOTA==?= MCSE 0 01-24-2007 11:10 PM
signing and encrypting using PKI certificate (not authenticode) one ASP .Net Security 1 06-19-2006 09:13 PM
Using a PKI or Certificate to script web.config configuration data rop ASP .Net 0 06-13-2006 07:19 AM
Certificate validation using Sun security provider fails DOD PKI tests! Java Developer Java 0 06-21-2004 10:45 PM
PIX plus PKI Michael Cisco 3 12-18-2003 08:02 PM



Advertisments