.jpg)
The Investment Industry Regulatory Organization of Canada (IIROC) today published two resources to help IIROC-regulated firms protect themselves and their clients against cyber threats and attacks.
The Cybersecurity Best Practices Guide provides an enterprise-wide risk-based framework of industry standards and best practices that IIROC-regulated firms can apply to heighten awareness and manage cyber risks in an evolving environment. The Cyber Incident Management Planning Guide is a complementary tool for firms to prepare effective response plans for cyber threats and attacks. These resources were produced by a leading security consulting firm, engaged by IIROC, which has worked with other Canadian financial services regulators on cybersecurity matters.
“Active management of cyber risk is critical to the stability of IIROC-regulated firms, the integrity of Canadian capital markets and the protection of investors,” said Andrew Kriegler, IIROC President and CEO. “That is why we consulted with the industry, engaged security experts and developed concrete resources to help firms better manage their cyber risks.”
This initiative follows from previous work IIROC conducted including a survey of its membership, a table-top exercise, as well as input from industry representatives. IIROC also reviewed approaches used by other domestic and global financial services regulators.
In addition, IIROC is developing a cybersecurity program to work with dealers to increase their cybersecurity preparedness.
