Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Putting ITs Stock in a Proactive Approach

    By
    Anne Chen
    -
    February 23, 2004
    Share
    Facebook
    Twitter
    Linkedin

      As many corporations agonize over Sarbanes-Oxley mandates, the Philadelphia Stock Exchange Inc. is complying with the act voluntarily.

      The stock exchange, which recently incorporated, is exempt from Sarbanes-Oxley because it is not a publicly traded company. “We are not obligated to comply with Sarbanes-Oxley as an exchange because of our SRO [self-regulating organization] status,” said Bernie Donnelly, vice president of the Quality Assurance Group at the exchange. “However, were working to comply because, someday down the road, we may become a public company and want to be ready.”

      Although their Sarbanes-Oxley compliance strategy is still in development, officials at the stock exchange said one thing is clear: Security is the priority.

      Founded in 1790, the Philadelphia Stock Exchange is the nations first stock exchange. It trades more than 2,200 stocks, more than 1,180 listed equity options and 15 index options. In its automation division alone, the exchange employs more than 200 people.

      Since the 1970s, the exchange has had to adhere to Securities and Exchange Commission requirements that include the ability to gather account and log files from mission-critical trading systems. The SEC requires the exchange to maintain a record of who has access to its systems and whether or not those users are authorized.

      Status Report

      Company: Philadelphia Stock Exchange Inc.
      Location: Philadelphia
      Sarbanes-Oxley stage: Evaluation of systems
      Compliance timeline: As a company that is not publicly traded and just recently incorporated, the Philadelphia Stock Exchange is not required to comply with Sarbanes-Oxley—yet. It is choosing to voluntarily comply.
      Currently focused on: Understanding Sarbanes-Oxley requirements; further increasing security and access to applications
      Tools: IBM mainframes; Microsoft Corp.s Windows NT 4.0; Sun Microsystems Inc.s Solaris; Stratus Technologies Bermuda Ltd.s Stratus ftServer; Consul Risk Management BV Inc.s zSecure Suite, zAudit and zAdmin

      Source: eWEEK reporting

      “As far as Sarbanes-Oxley is concerned, the stock exchange has been under regulation forever, and a lot of what businesses are trying to deal with now is the kind of stuff weve been doing all along as an SRO,” Donnelly said. “A lot of this is old hat to us.”

      The exchange runs a mixed computing environment that includes IBM mainframes, Microsoft Corp. Windows NT 4.0-based servers, Sun Microsystems Inc. Solaris-based servers and Stratus Technologies Bermuda Ltd. servers running Stratus Virtual Operating System.

      The exchange had used auditing and policy management software from Consul Risk Management Inc. to manage security access for its IBM mainframes and Microsoft and Sun servers, but the software did not work with the Stratus systems. Donnelly was reluctant to run separate packages to manage the Stratus boxes because of increased management issues.

      In 2002, the exchange teamed with Consul to develop an event management tool for the Stratus platform. The exchange deployed the Stratus-based tool last year along with Consul InSight Security Manager, which enables the exchange to view data for all its systems in one report.

      The exchange currently runs as many as 30,000 messages per second. This process generates event logs covering 3 feet of paper per day per server.

      Federal law—including Sarbanes-Oxley—mandates that security administrators log and analyze this information, and the process of going through the logs manually is tedious.

      Agents from the Consul InSight Security Manager software collect data and pull it into a Sun 6500 Server. The tool then pools all the data and puts it into a common language so that IT managers and the exchange go through only one report to verify that authorized users are on its network.

      By using Consul InSight Security Manager, the exchange can automate event management and auditing, according to Allan Pomerantz, chief security officer at the exchange.

      “We used to be in a reactionary mode, and now we can be proactive,” Pomerantz said. “While we are just beginning to understand what our Sarbanes-Oxley requirements are, we do understand that one of the requirements is good security. If youre going to sign off on the accuracy of your financial statement, you need to have some assurance that theyre secure.”

      Donnelly said he hopes later this year to have exceptions automated so that whenever someone logs onto a production system, Consul InSight Security Manager will automatically alert IT that someone logged in, which system the user logged in to and whether the person is authorized.

      As the stock exchange works to improve its security procedures, the organization is developing a framework for the documentation of policies and procedures specific to Sarbanes-Oxley.

      “If we can accomplish the documentation this year, well have made major strides,” Donnelly said. “Its a good position to be in.”

      Anne Chen
      As a senior writer for eWEEK Labs, Anne writes articles pertaining to IT professionals and the best practices for technology implementation. Anne covers the deployment issues and the business drivers related to technologies including databases, wireless, security and network operating systems. Anne joined eWeek in 1999 as a writer for eWeek's eBiz Strategies section before moving over to Labs in 2001. Prior to eWeek, she covered business and technology at the San Jose Mercury News and at the Contra Costa Times.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×