Council Foundation Logo Leaders Edge

This past December, the Investment Industry Regulatory Organization of Canada (IIROC) published two resources addressing cybersecurity threats.  Aimed at small and medium-sized securities dealers, the two papers help IIROC members asses and improve their cybersecurity measures and also focus on constructing a response plan if an incident were to occur. The Cyber Incident Management Planning Guide for IIROC Dealer Members describes five steps regarding planning for and responding to data breaches and other cybersecurity incidents. The five steps include:

  1. Developing an incident response team and breach response plan.
  2. Implementing a monitoring program to detect cybersecurity incidents.
  3. Assessing whether a cybersecurity event is truly an incident indicating a significant probability of a compromising business operation.
  4. Containing, recovering from and forensically analyzing the incident.
  5. Developing lessons learned.

The Second cybersecurity resource titled Cybersecurity Best Practices Guide for IIROC Dealer Members includes a Best Practices Guide consisting of the 15 best practices for IIROC Dealer Members:

  1. Leadership
  2. Gap Assessment
  3. Insider Threats
  4. Physical Security
  5. Employee Training
  6. Technical Vulnerability Assessments
  7. Network Security
  8. Information System Protection
  9. User Account Management
  10. Asset Management
  11. Incident Response Plan
  12. Breach Reporting and Information Sharing
  13. Cyber Insurance
  14. Vendor Risk Management
  15. Cybersecurity Policy

Leave a Reply

You must be logged in to post a comment.