On May 19, 2016, the Mutual Fund Dealers Association of Canada published Compliance Bulletin - Cybersecurity to help its member dealers manage cybersecurity risks. The Bulletin recommends that member dealers establish and maintain appropriate cybersecurity procedures, controls and risk management techniques, using people, processes, tools and technologies, to adequately protect information technology devices/systems and data from attack, damage and unauthorized access. The Bulletin explains the need to focus on three fundamental goals: confidentiality of information, integrity of information assets and availability of information technology devices/systems and data.
The Bulletin recommends that member dealers develop a cybersecurity framework that has five basic functions: (1) identify important assets and related threats/risks; (2) protect assets with appropriate safeguards; (3) detect intrusions, breaches and unauthorized access; (4) respond to cybersecurity events; and (5) recover from cybersecurity events. The Bulletin identifies some basic issues for consideration when developing a cybersecurity framework, and references helpful guidance issued by government agencies, regulators and self-regulatory organizations.
Read more here.