Cybersecurity Best Practices Guide For Iiroc Dealer Members Iiroc Ocrcvm by Iiroc / Ocrcvm instant download after payment.

In recognition of the importance of proactive management of cyber risk to ensure the stability of IIROC-regulated firms, the integrity of Canadian capital markets, and the protection of investor interests, this document sets forth a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help IIROC Dealer Members manage cybersecurity risks.
The voluntary guidance provided herein offers Dealer Members the ability to customize and quantify adjustments to their cybersecurity programs using cost-effective security controls and risk management techniques. For smaller Dealer Members, this can help in understanding how to provide basic security for computer systems and networks.1 For larger Dealer Members, this provides a cost-effective approach to securing computer systems based on business needs, without placing additional regulatory requirements on business.
Key points in this report include:
• A sound governance framework with strong leadership is essential to effective enterprise- wide cybersecurity. Board-level and senior management-level engagement is critical to the success of firms’ cybersecurity programs, along with a clear chain of accountability.
• A well-trained staff can serve as the first line of defense against cyber attacks. Effective training helps to reduce the likelihood of a successful attack by providing well- intentioned staff with the knowledge to avoid becoming inadvertent attack vectors (for example, by unintentionally downloading malware).
• The level of sophistication of technical controls employed by an individual firm is highly contingent on that firm’s individual situation. While a smaller firm may not be positioned to implement the included controls in their entirety, these strategies can serve a critical benchmarking function to support an understanding of vulnerabilities relative to industry standards.
• IIROC Dealer Members typically use third-party vendors for services, which requires vendor access to sensitive firm or client information, or access to firm systems. At the same time, the number of security incidents at companies attributed to partners and vendors has risen consistently, year on year. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence and developing clear performance and verification policies.