A comprehensive security and network assessment prepares a leading futures brokerage and clearing firm to meet evolving cybersecurity requirements—and more.
For a century, R.J. O’Brien (RJO) has been a leader in the futures industry through its innovative technology, unparalleled client service, and intuitive market insights. This focus on client service includes a commitment to customer privacy and security. Due to this customer commitment and in anticipation of future Commodity Futures Trading Commission (CFTC) requirements, the firm wanted to be prepared for the likely effort and expenditures associated with such requirements. Given the security measures implemented across all facets of people, processes, and technology, RJO believed it was prudent to review security alongside its planned infrastructure upgrade.
The firm sought assistance with assessing required infrastructure and organizational changes necessary to:
- Prepare for compliance with forthcoming regulatory guidelines by utilizing industry standards and best practices—including NIST 800-53, NIST 800-30, and ISO 27xxx series
- Improve network and systems reliability, maintenance, and security
- Increase customer data security
Extensive security experience
Through more than a decade of helping RJO address a variety of business needs, West Monroe Partners developed extensive knowledge of RJO’s systems, processes, and resources—enabling the firm remain at the forefront of its industry.
In addition, West Monroe Partners demonstrated a strong track record for assessing and implementing cybersecurity and IT security enhancements at other organizations.
A road map for meeting security goals
West Monroe Partners collaborated with RJO to plan for and prioritize future security and infrastructure investments—with the goal of creating a holistic road map for improving reliability, security, and scalability of RJO’s core capabilities while minimizing impact on its day-today operations.
West Monroe Partners and RJO modeled the existing infrastructure—from network and processes to data
flows of core business applications. Then, the team examined these key areas:
- Network structure—interconnects (exchanges, customers); server, user, and services segmentation; and firewalls, IDS, and perimeter controls
- Organizational structure—security responsibilities, reporting obligations, and personnel and training
- Policies and governance—creation of a suite of policies defining a comprehensive security program
Using this approach, West Monroe Partners identified several key enhancements that would enable RJO to improve security and network reliability, while providing operational visibility into vital statistics around the effectiveness of the implemented controls.
Finally, West Monroe Partners helped RJO create a detailed road map for implementing future improvements and reducing cybersecurity risks, including detailed costs and time lines and recommended mitigation windows.