OT PKI / Certificate services

Discussion in 'MCSE' started by Rick, Jun 23, 2004.

  1. Rick

    Rick Guest

    Ok this is a question for someone who is a US corporate guru. In a public
    traded company how do you satisfy the SEC rules regard email and file
    security. It sounds like that no one in the IT department for the
    organization is even allowed to have recovery agent authority because we
    might be able to read or see something that may lead us to purchase or sell
    stock. This puts the IT department in a bad situation as we a responsible
    for the backup and recovery of all data, however if a VP looses his
    certificate we can not recover his data. Does anyone here have experience
    with these type of policy decisions? I am looking to find out if a
    Certifcate server implementation can satisfy the SEC rules and what tuning
    to group policy, recover agents and key backups may need to be done.

    Thanks

    Rick
     
    Rick, Jun 23, 2004
    #1
    1. Advertisements

  2. Rick

    nerd32768 Guest

    You probably get an acceptable answer in
    "microsoft.public.win2000.security", because nobody here seems to like to
    answer valid Microsoft questions
     
    nerd32768, Jun 23, 2004
    #2
    1. Advertisements

  3. Rick

    Guest Guest

    shut up rick, no one cares
     
    Guest, Jun 23, 2004
    #3
  4. Rick

    fygar Guest

    Which of, and do you have a link to, the SEC rules you are talking
    about? I've not interpreted anything I've read dealing with SOX that
    leads to your delimma.


    ....butch
     
    fygar, Jun 23, 2004
    #4
  5. Rick

    JaR Guest

    bugger off, puppy.

    To try to answer the question, however.

    There is no regulation prohibiting anyone in a corporate environment
    from having knowledge that could influence a stock purchase or sale. It
    is, however, illegal to use that knowledge to gain an unfair advantage
    when trading in stocks or securities. An executive, for example, will
    have advance knowledge of an impending bankruptcy, but to use that
    knowledge to sell stock before it tanks is illegal.

    JaR
     
    JaR, Jun 23, 2004
    #5
  6. Rick

    Rick Guest

    Thanks Jar. My question would be what policy would you have to put in place
    to cover and SEC audit of you network practices? Does anyone have a policy
    about using corporate data for financial gain?

    Rick
     
    Rick, Jun 23, 2004
    #6
  7. Rick

    Neil Guest

    it might be best to go straight to the horses mouth on this

    http://www.sec.gov/contact/mailboxes.htm#smbus

    being Canadian I can give you no personal experience, I don't think you
    should implement systems or restrictions needlessly.
     
    Neil, Jun 23, 2004
    #7
  8. Rick

    Rick Guest

    Thanks Neil,

    Hey it is worth a try so I am sending an email to them


    Rick
     
    Rick, Jun 23, 2004
    #8
  9. circa Wed, 23 Jun 2004 11:55:10 -0400, in
    microsoft.public.cert.exam.mcse, Rick () said,
    Yes, I have worked with this kind of environment. I still do,
    actually, and we just built a proper PKI a few weeks ago. Our CPS is
    100 pages long, which might give you an idea of how complex the
    answer to your question actually is.

    There's a lot more than can be answered in a newsgroup post, but your
    best bet is to take a look at either the MOC course 2821, or download
    all of the PKI whitepapers from Microsoft's site and start plowing
    through them. There's a lot to setting up a proper PKI.

    You may also consider hiring consultants who specialize in this.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #9
  10. circa Wed, 23 Jun 2004 11:27:22 -0500, in
    microsoft.public.cert.exam.mcse, nerd32768 (brin{removethis}
    ) said,
    Speak for yourself.

    And the question isn't specific to Windows 2000.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #10
  11. circa Wed, 23 Jun 2004 09:48:23 -0700, in
    microsoft.public.cert.exam.mcse, JaR ()
    said,
    Actually, the SEC has some wonky regulations WRT to some types of
    data and how they can or cannot be stored. In fact, EMC has built a
    Centera implementation specifically for SEC compliance. It's really
    quite interesting.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #11
  12. circa Wed, 23 Jun 2004 13:07:11 -0400, in
    microsoft.public.cert.exam.mcse, Rick () said,
    Rick, there is *so* much that needs to be done to properly address
    SEC regulations. What you're asking really can't be answered well in
    a newsgroup. Do you have a budget for this project? If not, it's time
    to start pushing for one.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #12
  13. circa Wed, 23 Jun 2004 10:24:17 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    SEC regulations are very complex. We have full-time lawyers on staff
    who do nothing but SEC gunk, in fact.

    Hire consultants.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #13
  14. circa Wed, 23 Jun 2004 12:41:11 -0400, in
    microsoft.public.cert.exam.mcse, fygar () said,
    It depends on the nature of his company and what they do with whose
    data.

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #14
  15. Rick

    Neil Guest

    you get to work with cool stuff...
    (so do I some days. but this thing is starting to sound interesting. does
    that make me strange?)
     
    Neil, Jun 24, 2004
    #15
  16. circa Thu, 24 Jun 2004 04:38:45 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    Indeed I do. Did I mention our 200-server TS/Citrix implementation?
    :)
    I'm probably not the appropriate person to judge that...

    Laura
     
    Laura A. Robinson, Jun 24, 2004
    #16
  17. circa Thu, 24 Jun 2004 04:38:45 -0700, in
    microsoft.public.cert.exam.mcse, Neil ()
    said,
    Check it out: http://www.emc.com/products/systems/centera.jsp
     
    Laura A. Robinson, Jun 24, 2004
    #17
  18. Rick

    Neil Guest

    ever stopped anyone before....
     
    Neil, Jun 24, 2004
    #18
  19. Rick

    Neil Guest

    Neil, Jun 24, 2004
    #19
  20. Rick

    JaR Guest

    Can I come over and play with your toys?

    JaR
    Eager Thug
     
    JaR, Jun 24, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.