FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

OT PKI / Certificate services Goto page 1, 2  Next

Forum Index -> microsoft.public.cert.exam.mcse

Author	Message
Rick Guest	Posted: Wed Jun 23, 2004 8:55 pm    Post subject: OT PKI / Certificate services Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick
Back to top
nerd32768 Guest	Posted: Wed Jun 23, 2004 9:27 pm    Post subject: Re: OT PKI / Certificate services "Rick" <Rick@na.com> wrote in message news:%23neRxoTWEHA.3740@TK2MSFTNGP12.phx.gbl... Quote: Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick You probably get an acceptable answer in "microsoft.public.win2000.security", because nobody here seems to like to answer valid Microsoft questions
Back to top
Guest	Posted: Wed Jun 23, 2004 9:30 pm    Post subject: OT PKI / Certificate services shut up rick, no one cares Quote: -----Original Message----- Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick .
Back to top
fygar Guest	Posted: Wed Jun 23, 2004 9:41 pm    Post subject: Re: OT PKI / Certificate services On Wed, 23 Jun 2004 11:55:10 -0400, "Rick" <Rick@na.com> wrote: Quote: Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick Which of, and do you have a link to, the SEC rules you are talking about? I've not interpreted anything I've read dealing with SOX that leads to your delimma. ....butch
Back to top
JaR Guest	Posted: Wed Jun 23, 2004 9:48 pm    Post subject: Re: OT PKI / Certificate services nerd32768 wrote: Quote: "Rick" <Rick@na.com> wrote in message news:%23neRxoTWEHA.3740@TK2MSFTNGP12.phx.gbl... Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick You probably get an acceptable answer in "microsoft.public.win2000.security", because nobody here seems to like to answer valid Microsoft questions bugger off, puppy. To try to answer the question, however. There is no regulation prohibiting anyone in a corporate environment from having knowledge that could influence a stock purchase or sale. It is, however, illegal to use that knowledge to gain an unfair advantage when trading in stocks or securities. An executive, for example, will have advance knowledge of an impending bankruptcy, but to use that knowledge to sell stock before it tanks is illegal. JaR
Back to top
Rick Guest	Posted: Wed Jun 23, 2004 10:07 pm    Post subject: Re: OT PKI / Certificate services Thanks Jar. My question would be what policy would you have to put in place to cover and SEC audit of you network practices? Does anyone have a policy about using corporate data for financial gain? Rick "JaR" <plentespam@nospamsofthome.net> wrote in message news:%23KFhlHUWEHA.212@TK2MSFTNGP12.phx.gbl... Quote: nerd32768 wrote: "Rick" <Rick@na.com> wrote in message news:%23neRxoTWEHA.3740@TK2MSFTNGP12.phx.gbl... Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Thanks Rick You probably get an acceptable answer in "microsoft.public.win2000.security", because nobody here seems to like to answer valid Microsoft questions bugger off, puppy. To try to answer the question, however. There is no regulation prohibiting anyone in a corporate environment from having knowledge that could influence a stock purchase or sale. It is, however, illegal to use that knowledge to gain an unfair advantage when trading in stocks or securities. An executive, for example, will have advance knowledge of an impending bankruptcy, but to use that knowledge to sell stock before it tanks is illegal. JaR
Back to top
Neil Guest	Posted: Wed Jun 23, 2004 10:24 pm    Post subject: Re: OT PKI / Certificate services "Rick" <Rick@na.com> wrote in news:OxRpARUWEHA.4032@TK2MSFTNGP11.phx.gbl: Quote: Thanks Jar. My question would be what policy would you have to put in place to cover and SEC audit of you network practices? Does anyone have a policy about using corporate data for financial gain? it might be best to go straight to the horses mouth on this http://www.sec.gov/contact/mailboxes.htm#smbus being Canadian I can give you no personal experience, I don't think you should implement systems or restrictions needlessly. -- Neil MCNGP #30 "you'd do what, to who, for how many biscuits?"
Back to top
Rick Guest	Posted: Wed Jun 23, 2004 11:11 pm    Post subject: Re: OT PKI / Certificate services Thanks Neil, Hey it is worth a try so I am sending an email to them Rick "Neil" <neilmcse@nospamforyou.com> wrote in message news:Xns9511885C73677neilmcsehotmailcom@207.46.248.16... Quote: "Rick" <Rick@na.com> wrote in news:OxRpARUWEHA.4032@TK2MSFTNGP11.phx.gbl: Thanks Jar. My question would be what policy would you have to put in place to cover and SEC audit of you network practices? Does anyone have a policy about using corporate data for financial gain? it might be best to go straight to the horses mouth on this http://www.sec.gov/contact/mailboxes.htm#smbus being Canadian I can give you no personal experience, I don't think you should implement systems or restrictions needlessly. -- Neil MCNGP #30 "you'd do what, to who, for how many biscuits?"
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:39 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 11:55:10 -0400, in microsoft.public.cert.exam.mcse, Rick (Rick@na.com) said, Quote: Ok this is a question for someone who is a US corporate guru. In a public traded company how do you satisfy the SEC rules regard email and file security. It sounds like that no one in the IT department for the organization is even allowed to have recovery agent authority because we might be able to read or see something that may lead us to purchase or sell stock. This puts the IT department in a bad situation as we a responsible for the backup and recovery of all data, however if a VP looses his certificate we can not recover his data. Does anyone here have experience with these type of policy decisions? I am looking to find out if a Certifcate server implementation can satisfy the SEC rules and what tuning to group policy, recover agents and key backups may need to be done. Yes, I have worked with this kind of environment. I still do, actually, and we just built a proper PKI a few weeks ago. Our CPS is 100 pages long, which might give you an idea of how complex the answer to your question actually is. There's a lot more than can be answered in a newsgroup post, but your best bet is to take a look at either the MOC course 2821, or download all of the PKI whitepapers from Microsoft's site and start plowing through them. There's a lot to setting up a proper PKI. You may also consider hiring consultants who specialize in this. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:39 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 11:27:22 -0500, in microsoft.public.cert.exam.mcse, nerd32768 (brin{removethis} sons@spymac.com) said, Quote: You probably get an acceptable answer in "microsoft.public.win2000.security", because nobody here seems to like to answer valid Microsoft questions Speak for yourself. And the question isn't specific to Windows 2000. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:41 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 09:48:23 -0700, in microsoft.public.cert.exam.mcse, JaR (plentespam@nospamsofthome.net) said, Quote: You probably get an acceptable answer in "microsoft.public.win2000.security", because nobody here seems to like to answer valid Microsoft questions bugger off, puppy. To try to answer the question, however. There is no regulation prohibiting anyone in a corporate environment from having knowledge that could influence a stock purchase or sale. It is, however, illegal to use that knowledge to gain an unfair advantage when trading in stocks or securities. An executive, for example, will have advance knowledge of an impending bankruptcy, but to use that knowledge to sell stock before it tanks is illegal. Actually, the SEC has some wonky regulations WRT to some types of data and how they can or cannot be stored. In fact, EMC has built a Centera implementation specifically for SEC compliance. It's really quite interesting. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:43 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 13:07:11 -0400, in microsoft.public.cert.exam.mcse, Rick (Rick@na.com) said, Quote: Thanks Jar. My question would be what policy would you have to put in place to cover and SEC audit of you network practices? Does anyone have a policy about using corporate data for financial gain? Rick, there is *so* much that needs to be done to properly address SEC regulations. What you're asking really can't be answered well in a newsgroup. Do you have a budget for this project? If not, it's time to start pushing for one. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:45 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 10:24:17 -0700, in microsoft.public.cert.exam.mcse, Neil (neilmcse@nospamforyou.com) said, Quote: Thanks Jar. My question would be what policy would you have to put in place to cover and SEC audit of you network practices? Does anyone have a policy about using corporate data for financial gain? it might be best to go straight to the horses mouth on this http://www.sec.gov/contact/mailboxes.htm#smbus being Canadian I can give you no personal experience, I don't think you should implement systems or restrictions needlessly. SEC regulations are very complex. We have full-time lawyers on staff who do nothing but SEC gunk, in fact. Hire consultants. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Laura A. Robinson Guest	Posted: Thu Jun 24, 2004 8:45 am    Post subject: Re: OT PKI / Certificate services circa Wed, 23 Jun 2004 12:41:11 -0400, in microsoft.public.cert.exam.mcse, fygar (cpudoc10@hotmail.com) said, Quote: Which of, and do you have a link to, the SEC rules you are talking about? I've not interpreted anything I've read dealing with SOX that leads to your delimma. It depends on the nature of his company and what they do with whose data. Laura -- Experience is the name every one gives to their mistakes. -Oscar Wilde
Back to top
Neil Guest	Posted: Thu Jun 24, 2004 4:38 pm    Post subject: Re: OT PKI / Certificate services Laura A. Robinson <geekwench@snippit.hotmail.com> wrote in news:MPG.1b441783ddda2a1798aa52@msnews.microsoft.com: Quote: In fact, EMC has built a Centera implementation specifically for SEC compliance. It's really quite interesting. you get to work with cool stuff... (so do I some days. but this thing is starting to sound interesting. does that make me strange?) -- Neil MCNGP #30 "you'd do what, to who, for how many biscuits?"
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> microsoft.public.cert.exam.mcse	All times are GMT Goto page 1, 2  Next
Page 1 of 2