In January 2020, the Investment Industry Regulatory Organization of Canada (IIROC) – the national self-regulatory organization that oversees investment dealers and their trading activity in Canadian markets – published a Cyber Governance Guide to provide its dealer members with guidance on how to implement, manage and advance a cybersecurity program.

The Guide incorporates and expands on IIROC’s 2015 Cybersecurity Best Practices Guide and discusses various issues, including: (1) threat environment; (2) security policy and program governance; (3) operational framework; (4) operational program implementation; (5) best practices; and (6) incident response.

While the Guide is directed to IIROC’s member dealers, the information and recommendations in the Guide should be useful for organizations in other industries. It is important to note that there is no one-size-fits-all cybersecurity program, and for most organizations the reasonable management of cyber risks will require risk-based business decisions.

Read more here.