Security Diagnostic Assessment

Client: A Financial Exchange

Business Challenge


Recent changes in its business operations, including the implementation of various web-based technologies, a financial exchange had become concerned about its IT security.  It had worked withan outside firm to audit its security procedures, but the findings had only identified the business issues.  The exchange wanted specific, detailed recommendations and possible help in addressing those issues.

 

The exchange was also concerned about threats to its business continuity, whether from terrorism, corporate malfeasants, or even natural disasters.  As an SEC-regulated entity, it could not afford any but the briefest interruptions in operations.  If trading is halted for more than 15 minutes, it must be reported to the SEC.  And if business does not resume within 30 minutes, the exchange is required to close for the day.

 

In addition, an exchange must maintain the integrity of a tremendous number of transactions, in real time, even in the event of a business interruption.  At the end of each day, every trade needs to be assigned correctly to an individual account and cleared.  Furthermore, all of their information is highly sensitive and must be kept confidential.

 

Solution


Forsythe began by examining the exchange’s vulnerabilities and continuity objectives.  Next, Forsythe recommended best practices for the exchange to follow, such as the ISO 17799 standards.  This was extremely important, as the SEC mandates security and continuity objectives, but does not offer standards on how these objectives should be met.

 

Forsythe conducted an extensive assessment of the exchange’s infrastructure, as well as its IT and business security policies and procedures, and created a roadmap for achieving its objectives.  The roadmap addressed not merely infrastructure recommendations, but also ways to provide redundant electricity sources, alternative communications paths, and security and logistics contingency plans.  Forsythe then prioritized the exchange’s vulnerabilities, providing a roadmap for risk mitigation.  Finally, Forsythe worked with the exchange to develop a model for managing its security on the organizational level.

 

Results


The exchange gained a holistic view of how different areas of its business could best work together to reduce its security and business continuity risks.  It has satisfied the rules and regulations of the SEC and its auditors.  In addition, Forsythe helped the exchange build a working document to maintain policies and procedures going forward.  This will also allow it to consistently update and control its guidelines for security and business continuity as its business evolves.