The Investment Industry Regulatory Organization of Canada
(IIROC) on Monday published two resources to help regulated firms protect themselves and their clients against cyber threats and attacks.
The Cybersecurity Best Practices Guide, developed by risk solutions firm Juno, provides an enterprise-wide risk-based framework of industry standards and best practices that IIROC-regulated firms can apply to heighten awareness and manage cyber risks in an evolving environment.
For smaller companies, this can help in understanding how to provide basic security for computer systems and networks. For larger companies, this provides a cost-effective approach to securing computer systems based on business needs, without placing additional regulatory requirements on business.
The Cyber Incident Management Planning Guide, also by Juno, is a complementary tool for firms to prepare effective response plans for cyber threats and attacks. The document presents a set of voluntary cybersecurity strategies, guidelines, and tools for small and mid-sized IIROC Dealer Members. These can be used to help develop a cybersecurity incident response capability and to respond effectively to incidents.
Juno has worked with other Canadian financial services regulators on cybersecurity matters.
“Active management of cyber risk is critical to the stability of IIROC-regulated firms, the integrity of Canadian capital markets and the protection of investors,” said Andrew Kriegler, IIROC president and CEO. “That is why we consulted with the industry, engaged security experts and developed concrete resources to help firms better manage their cyber risks.”