OT PKI / Certificate services

Discussion in 'MCSE' started by Rick, Jun 23, 2004.

  1. Rick

    Rick Guest

    Ok this is a question for someone who is a US corporate guru. In a public
    traded company how do you satisfy the SEC rules regard email and file
    security. It sounds like that no one in the IT department for the
    organization is even allowed to have recovery agent authority because we
    might be able to read or see something that may lead us to purchase or sell
    stock. This puts the IT department in a bad situation as we a responsible
    for the backup and recovery of all data, however if a VP looses his
    certificate we can not recover his data. Does anyone here have experience
    with these type of policy decisions? I am looking to find out if a
    Certifcate server implementation can satisfy the SEC rules and what tuning
    to group policy, recover agents and key backups may need to be done.

    Thanks

    Rick
     
    Rick, Jun 23, 2004
    #1
    1. Advertising

  2. Rick

    nerd32768 Guest

    "Rick" <> wrote in message
    news:%...
    >
    > Ok this is a question for someone who is a US corporate guru. In a public
    > traded company how do you satisfy the SEC rules regard email and file
    > security. It sounds like that no one in the IT department for the
    > organization is even allowed to have recovery agent authority because we
    > might be able to read or see something that may lead us to purchase or

    sell
    > stock. This puts the IT department in a bad situation as we a responsible
    > for the backup and recovery of all data, however if a VP looses his
    > certificate we can not recover his data. Does anyone here have experience
    > with these type of policy decisions? I am looking to find out if a
    > Certifcate server implementation can satisfy the SEC rules and what tuning
    > to group policy, recover agents and key backups may need to be done.
    >
    > Thanks
    >
    > Rick
    >


    You probably get an acceptable answer in
    "microsoft.public.win2000.security", because nobody here seems to like to
    answer valid Microsoft questions
     
    nerd32768, Jun 23, 2004
    #2
    1. Advertising

  3. Rick

    Guest Guest

    shut up rick, no one cares
    >-----Original Message-----
    >
    >Ok this is a question for someone who is a US corporate

    guru. In a public
    >traded company how do you satisfy the SEC rules regard

    email and file
    >security. It sounds like that no one in the IT department

    for the
    >organization is even allowed to have recovery agent

    authority because we
    >might be able to read or see something that may lead us

    to purchase or sell
    >stock. This puts the IT department in a bad situation as

    we a responsible
    >for the backup and recovery of all data, however if a VP

    looses his
    >certificate we can not recover his data. Does anyone here

    have experience
    >with these type of policy decisions? I am looking to find

    out if a
    >Certifcate server implementation can satisfy the SEC

    rules and what tuning
    >to group policy, recover agents and key backups may need

    to be done.
    >
    >Thanks
    >
    >Rick
    >
    >
    >.
    >
     
    Guest, Jun 23, 2004
    #3
  4. Rick

    fygar Guest

    On Wed, 23 Jun 2004 11:55:10 -0400, "Rick" <> wrote:

    >
    >Ok this is a question for someone who is a US corporate guru. In a public
    >traded company how do you satisfy the SEC rules regard email and file
    >security. It sounds like that no one in the IT department for the
    >organization is even allowed to have recovery agent authority because we
    >might be able to read or see something that may lead us to purchase or sell
    >stock. This puts the IT department in a bad situation as we a responsible
    >for the backup and recovery of all data, however if a VP looses his
    >certificate we can not recover his data. Does anyone here have experience
    >with these type of policy decisions? I am looking to find out if a
    >Certifcate server implementation can satisfy the SEC rules and what tuning
    >to group policy, recover agents and key backups may need to be done.
    >
    >Thanks
    >
    >Rick
    >


    Which of, and do you have a link to, the SEC rules you are talking
    about? I've not interpreted anything I've read dealing with SOX that
    leads to your delimma.


    ....butch
     
    fygar, Jun 23, 2004
    #4
  5. Rick

    JaR Guest

    nerd32768 wrote:

    > "Rick" <> wrote in message
    > news:%...
    >
    >>Ok this is a question for someone who is a US corporate guru. In a public
    >>traded company how do you satisfy the SEC rules regard email and file
    >>security. It sounds like that no one in the IT department for the
    >>organization is even allowed to have recovery agent authority because we
    >>might be able to read or see something that may lead us to purchase or

    >
    > sell
    >
    >>stock. This puts the IT department in a bad situation as we a responsible
    >>for the backup and recovery of all data, however if a VP looses his
    >>certificate we can not recover his data. Does anyone here have experience
    >>with these type of policy decisions? I am looking to find out if a
    >>Certifcate server implementation can satisfy the SEC rules and what tuning
    >>to group policy, recover agents and key backups may need to be done.
    >>
    >>Thanks
    >>
    >>Rick
    >>

    >
    >
    > You probably get an acceptable answer in
    > "microsoft.public.win2000.security", because nobody here seems to like to
    > answer valid Microsoft questions
    >
    >

    bugger off, puppy.

    To try to answer the question, however.

    There is no regulation prohibiting anyone in a corporate environment
    from having knowledge that could influence a stock purchase or sale. It
    is, however, illegal to use that knowledge to gain an unfair advantage
    when trading in stocks or securities. An executive, for example, will
    have advance knowledge of an impending bankruptcy, but to use that
    knowledge to sell stock before it tanks is illegal.

    JaR
     
    JaR, Jun 23, 2004
    #5
  6. Rick

    Rick Guest

    Thanks Jar. My question would be what policy would you have to put in place
    to cover and SEC audit of you network practices? Does anyone have a policy
    about using corporate data for financial gain?

    Rick

    "JaR" <> wrote in message
    news:%...
    > nerd32768 wrote:
    >
    > > "Rick" <> wrote in message
    > > news:%...
    > >
    > >>Ok this is a question for someone who is a US corporate guru. In a

    public
    > >>traded company how do you satisfy the SEC rules regard email and file
    > >>security. It sounds like that no one in the IT department for the
    > >>organization is even allowed to have recovery agent authority because we
    > >>might be able to read or see something that may lead us to purchase or

    > >
    > > sell
    > >
    > >>stock. This puts the IT department in a bad situation as we a

    responsible
    > >>for the backup and recovery of all data, however if a VP looses his
    > >>certificate we can not recover his data. Does anyone here have

    experience
    > >>with these type of policy decisions? I am looking to find out if a
    > >>Certifcate server implementation can satisfy the SEC rules and what

    tuning
    > >>to group policy, recover agents and key backups may need to be done.
    > >>
    > >>Thanks
    > >>
    > >>Rick
    > >>

    > >
    > >
    > > You probably get an acceptable answer in
    > > "microsoft.public.win2000.security", because nobody here seems to like

    to
    > > answer valid Microsoft questions
    > >
    > >

    > bugger off, puppy.
    >
    > To try to answer the question, however.
    >
    > There is no regulation prohibiting anyone in a corporate environment
    > from having knowledge that could influence a stock purchase or sale. It
    > is, however, illegal to use that knowledge to gain an unfair advantage
    > when trading in stocks or securities. An executive, for example, will
    > have advance knowledge of an impending bankruptcy, but to use that
    > knowledge to sell stock before it tanks is illegal.
    >
    > JaR
     
    Rick, Jun 23, 2004
    #6
  7. Rick

    Neil Guest

    "Rick" <> wrote in
    news::

    > Thanks Jar. My question would be what policy would you have to put in
    > place to cover and SEC audit of you network practices? Does anyone
    > have a policy about using corporate data for financial gain?


    it might be best to go straight to the horses mouth on this

    http://www.sec.gov/contact/mailboxes.htm#smbus

    being Canadian I can give you no personal experience, I don't think you
    should implement systems or restrictions needlessly.

    --
    Neil MCNGP #30
    "you'd do what, to who, for how many biscuits?"
     
    Neil, Jun 23, 2004
    #7
  8. Rick

    Rick Guest

    Thanks Neil,

    Hey it is worth a try so I am sending an email to them


    Rick


    "Neil" <> wrote in message
    news:Xns9511885C73677neilmcsehotmailcom@207.46.248.16...
    > "Rick" <> wrote in
    > news::
    >
    > > Thanks Jar. My question would be what policy would you have to put in
    > > place to cover and SEC audit of you network practices? Does anyone
    > > have a policy about using corporate data for financial gain?

    >
    > it might be best to go straight to the horses mouth on this
    >
    > http://www.sec.gov/contact/mailboxes.htm#smbus
    >
    > being Canadian I can give you no personal experience, I don't think you
    > should implement systems or restrictions needlessly.
    >
    > --
    > Neil MCNGP #30
    > "you'd do what, to who, for how many biscuits?"
     
    Rick, Jun 23, 2004
    #8
  9. circa Wed, 23 Jun 2004 11:55:10 -0400, in
    microsoft.public.cert.exam.mcse, Rick () said,
    > Ok this is a question for someone who is a US corporate guru. In a public
    > traded company how do you satisfy the SEC rules regard email and file
    > security. It sounds like that no one in the IT department for the
    > organization is even allowed to have recovery agent authority because we
    > might be able to read or see something that may lead us to purchase or sell
    > stock. This puts the IT department in a bad situation as we a responsible
    > for the backup and recovery of all data, however if a VP looses his
    > certificate we can not recover his data. Does anyone here have experience
    > with these type of policy decisions? I am looking to find out if a
    > Certifcate server implementation can satisfy the SEC rules and what tuning
    > to group policy, recover agents and key backups may need to be done.
    >

    Yes, I have worked with this kind of environment. I still do,
    actually, and we just built a proper PKI a few weeks ago. Our CPS is
    100 pages long, which might give you an idea of how complex the
    answer to your question actually is.

    There's a lot more than can be answered in a newsgroup post, but your
    best bet is to take a look at either the MOC course 2821, or download
    all of the PKI whitepapers from Microsoft's site and start plowing
    through them. There's a lot to setting up a proper PKI.

    You may also consider hiring consultants who specialize in this.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #9
  10. circa Wed, 23 Jun 2004 11:27:22 -0500, in
    microsoft.public.cert.exam.mcse, nerd32768 (brin{removethis}
    ) said,
    > You probably get an acceptable answer in
    > "microsoft.public.win2000.security", because nobody here seems to like to
    > answer valid Microsoft questions
    >

    Speak for yourself.

    And the question isn't specific to Windows 2000.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #10
  11. circa Wed, 23 Jun 2004 09:48:23 -0700, in
    microsoft.public.cert.exam.mcse, JaR ()
    said,
    > > You probably get an acceptable answer in
    > > "microsoft.public.win2000.security", because nobody here seems to like to
    > > answer valid Microsoft questions
    > >
    > >

    > bugger off, puppy.
    >
    > To try to answer the question, however.
    >
    > There is no regulation prohibiting anyone in a corporate environment
    > from having knowledge that could influence a stock purchase or sale. It
    > is, however, illegal to use that knowledge to gain an unfair advantage
    > when trading in stocks or securities. An executive, for example, will
    > have advance knowledge of an impending bankruptcy, but to use that
    > knowledge to sell stock before it tanks is illegal.
    >
    >

    Actually, the SEC has some wonky regulations WRT to some types of
    data and how they can or cannot be stored. In fact, EMC has built a
    Centera implementation specifically for SEC compliance. It's really
    quite interesting.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #11
  12. circa Wed, 23 Jun 2004 13:07:11 -0400, in
    microsoft.public.cert.exam.mcse, Rick () said,
    >
    > Thanks Jar. My question would be what policy would you have to put in place
    > to cover and SEC audit of you network practices? Does anyone have a policy
    > about using corporate data for financial gain?
    >

    Rick, there is *so* much that needs to be done to properly address
    SEC regulations. What you're asking really can't be answered well in
    a newsgroup. Do you have a budget for this project? If not, it's time
    to start pushing for one.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #12
  13. circa Wed, 23 Jun 2004 10:24:17 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    >
    > > Thanks Jar. My question would be what policy would you have to put in
    > > place to cover and SEC audit of you network practices? Does anyone
    > > have a policy about using corporate data for financial gain?

    >
    > it might be best to go straight to the horses mouth on this
    >
    > http://www.sec.gov/contact/mailboxes.htm#smbus
    >
    > being Canadian I can give you no personal experience, I don't think you
    > should implement systems or restrictions needlessly.
    >

    SEC regulations are very complex. We have full-time lawyers on staff
    who do nothing but SEC gunk, in fact.

    Hire consultants.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #13
  14. circa Wed, 23 Jun 2004 12:41:11 -0400, in
    microsoft.public.cert.exam.mcse, fygar () said,
    >
    > Which of, and do you have a link to, the SEC rules you are talking
    > about? I've not interpreted anything I've read dealing with SOX that
    > leads to your delimma.
    >
    >

    It depends on the nature of his company and what they do with whose
    data.

    Laura
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #14
  15. Rick

    Neil Guest

    Laura A. Robinson <> wrote in
    news::

    > In fact, EMC has built a
    > Centera implementation specifically for SEC compliance. It's really
    > quite interesting.
    >


    you get to work with cool stuff...
    (so do I some days. but this thing is starting to sound interesting. does
    that make me strange?)

    --
    Neil MCNGP #30
    "you'd do what, to who, for how many biscuits?"
     
    Neil, Jun 24, 2004
    #15
  16. circa Thu, 24 Jun 2004 04:38:45 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    > > In fact, EMC has built a
    > > Centera implementation specifically for SEC compliance. It's really
    > > quite interesting.
    > >

    >
    > you get to work with cool stuff...


    Indeed I do. Did I mention our 200-server TS/Citrix implementation?
    :)

    > (so do I some days. but this thing is starting to sound interesting. does
    > that make me strange?)


    I'm probably not the appropriate person to judge that...

    Laura
    >


    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #16
  17. circa Thu, 24 Jun 2004 04:38:45 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    > > In fact, EMC has built a
    > > Centera implementation specifically for SEC compliance. It's really
    > > quite interesting.
    > >

    >
    > you get to work with cool stuff...
    > (so do I some days. but this thing is starting to sound interesting. does
    > that make me strange?)
    >

    Check it out: http://www.emc.com/products/systems/centera.jsp
    --
    Experience is the name every one gives to their mistakes.
    -Oscar Wilde
     
    Laura A. Robinson, Jun 24, 2004
    #17
  18. Rick

    Neil Guest

    Laura A. Robinson <> wrote in
    news::

    > I'm probably not the appropriate person to judge that...


    ever stopped anyone before....

    --
    Neil MCNGP #30
    "you'd do what, to who, for how many biscuits?"
     
    Neil, Jun 24, 2004
    #18
  19. Rick

    Neil Guest

    Laura A. Robinson <> wrote in
    news::

    > http://www.emc.com/products/systems/centera.jsp


    niiiiiiicccccceee. now how am I gonna get HP to anti up. this could really
    help me on my MFIPA/records/EDM stuff here.

    --
    Neil MCNGP #30
    "you'd do what, to who, for how many biscuits?"
     
    Neil, Jun 24, 2004
    #19
  20. Rick

    JaR Guest

    Laura A. Robinson wrote:
    > circa Thu, 24 Jun 2004 04:38:45 -0700, in
    > microsoft.public.cert.exam.mcse, Neil ()
    > said,
    >
    >>> In fact, EMC has built a
    >>>Centera implementation specifically for SEC compliance. It's really
    >>>quite interesting.
    >>>

    >>
    >>you get to work with cool stuff...

    >
    >
    > Indeed I do. Did I mention our 200-server TS/Citrix implementation?
    > :)
    >


    Can I come over and play with your toys?

    JaR
    Eager Thug
     
    JaR, Jun 24, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael

    PIX plus PKI

    Michael, Dec 18, 2003, in forum: Cisco
    Replies:
    3
    Views:
    741
    Jason Kau
    Dec 18, 2003
  2. jt

    PKI

    jt, Feb 17, 2004, in forum: Cisco
    Replies:
    0
    Views:
    687
  3. Thomas Kuborn

    PKI book

    Thomas Kuborn, May 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    573
    Thomas Kuborn
    May 28, 2004
  4. =?Utf-8?B?bmV1YmNocg==?=

    PKI for 70-293

    =?Utf-8?B?bmV1YmNocg==?=, Jul 23, 2004, in forum: MCSE
    Replies:
    4
    Views:
    499
    =?Utf-8?B?bmV1YmNocg==?=
    Jul 24, 2004
  5. =?Utf-8?B?V291dGVyNzhOTA==?=

    PKI certificate authority Windows 2003 enterprise

    =?Utf-8?B?V291dGVyNzhOTA==?=, Jan 24, 2007, in forum: MCSE
    Replies:
    0
    Views:
    367
    =?Utf-8?B?V291dGVyNzhOTA==?=
    Jan 24, 2007
Loading...

Share This Page