This past December, the Investment Industry Regulatory Organization of Canada (IIROC) published two resources addressing cybersecurity threats. Aimed at small and medium-sized securities dealers, the two papers help IIROC members asses and improve their cybersecurity measures and also focus on constructing a response plan if an incident were to occur. The Cyber Incident Management Planning Guide for IIROC Dealer Members describes five steps regarding planning for and responding to data breaches and other cybersecurity incidents. The five steps include:
- Developing an incident response team and breach response plan.
- Implementing a monitoring program to detect cybersecurity incidents.
- Assessing whether a cybersecurity event is truly an incident indicating a significant probability of a compromising business operation.
- Containing, recovering from and forensically analyzing the incident.
- Developing lessons learned.
The Second cybersecurity resource titled Cybersecurity Best Practices Guide for IIROC Dealer Members includes a Best Practices Guide consisting of the 15 best practices for IIROC Dealer Members:
- Leadership
- Gap Assessment
- Insider Threats
- Physical Security
- Employee Training
- Technical Vulnerability Assessments
- Network Security
- Information System Protection
- User Account Management
- Asset Management
- Incident Response Plan
- Breach Reporting and Information Sharing
- Cyber Insurance
- Vendor Risk Management
- Cybersecurity Policy