A leading futures brokerage and clearing firm modernizes its security organization and infrastructure to meet evolving industry and regulatory requirements.
Taking a proactive stance toward evolving security regulations
Through a security-planning exercise, R.J. O’Brien (RJO) identified a number of updates to its processes and technology. These included software development items, organizational policies, and initiatives that would improve management visibility of RJO’s overall security posture. At the same time, RJO’s network infrastructure was beginning to age, and the firm was ready to invest to improve reliability, maintainability, and security of the equipment and network. The firm sought assistance with:
- Preparing for compliance with forthcoming regulatory guidelines by utilizing industry standards and best practices—including NIST 800-53, NIST 800-30, and ISO 27xxx series
- Improving network and systems reliability, maintenance, and security
- Increasing customer data security
Business insight, cybersecurity expertise
Through more than a decade of helping RJO address a variety of business needs, West Monroe Partners developed extensive knowledge of RJO’s systems, processes, and resources—enabling the firm remain at the forefront of its industry.
In addition, West Monroe Partners demonstrated a strong track record for assessing and implementing cybersecurity and IT security enhancements at other organizations.
Well prepared—before issuance of new guidelines
Considering both RJO’s aging infrastructure and its need to remain compliant with evolving regulatory requirements, West Monroe Partners and RJO chose a path that included a considerable technology investment and a change in network architecture. This approach allowed RJO to create a secure parallel network and migrate services, applications, and customers while maintaining system availability and data integrity.
To address security goals, the team examined RJO’s existing software development and server segmentation approaches. This included a methodical, risk-prioritized analysis of primary customer- and Internet-facing applications, in accordance with SDL principles. Through this analysis, RJO identified and incorporated security enhancements into tis future development process and release milestones.
By combining new and refreshed corporate policies with an approach for implementing organizational changes that establishes accountability for the overall security program, West Monroe Partners and RJO cultivated a culture of enhanced security awareness. This awareness, coupled with the technological upgrades, ensured that RJO was well-prepared in advance of new US Commodity Futures Trading Commission cybersecurity guidelines issued in early 2014.