Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
<b><i>Online Extra:</b></i> Canadian Financial Regulatory Organization Releases Cybersecurity Guides
Cybersecurity and an'increase in data breaches'isn't merely a U.S. problem. On Dec. 21, the Investment Industry Regulatory Organization of Canada (IIROC), a self-regulatory organization that helps oversee the country's trading industry, released two guides to help investment dealers protect themselves and their clients against cyber attack.
The first guide, titled 'Cybersecurity Best Practices Guide,' is intended as a living document that can be updated to give dealers the latest practices concerning governance and risk management, network security, and more. The 53-page guide also features a cybersecurity incident checklist and a sample vendor assessment.
'For smaller dealer members, this can help in understanding how to provide basic security for computer systems and networks,' this guide noted in an executive summary.' For larger dealer members, this provides a cost-effective approach to securing computer systems based on business needs, without placing additional regulatory requirements on business.'
The second guide, titled 'Cyber Incident Management Planning Guide,' focuses more narrowly on actions these investment dealers should take if a breach actually occurs. The 29 page guide examines the five stages of cybersecurity incident management ' plan and prepare, detect and report, assess and decide, respond, and post-incident activity ' as well as the current state of information sharing and breach reporting requirements.
The IIROC wrote that this guide, despite laying a framework from which to develop a plan, should not be 'intended to function as a working response plan. Rather, each dealer member should develop internal plans as part of their cybersecurity strategy that prepares them in advance for the risks they are most likely to face.'
The IIROC said that these two resources were produced by a 'leading security consulting firm' with which the organization has worked with in the past. The resources follow other initiatives from the organization, including a cybersecurity survey and a table-top exercise. The IIROC also separately noted that it is currently developing a cybersecurity program to help dealers increase their cybersecurity preparedness.
'Active management of cyber risk is critical to the stability of IIROC-regulated firms, the integrity of Canadian capital markets and the protection of investors,' said Andrew Kriegler, IIROC President and CEO, in a statement accompanying the guides' release. 'That is why we consulted with the industry, engaged security experts and developed concrete resources to help firms better manage their cyber risks.'
The focus on cybersecurity within Canada's securities sector follows an initiative from the government at large to focus on cybersecurity. Earlier in December, the country's government announced plans to launch the Canadian Cyber Threat Exchange in 2016, an independent, not-for-profit organization that will help corporations guard against attacks through information sharing. Its founding members are Air Canada, Bell Canada, Canadian National Railway Company, HydroOne, Manulife, Royal Bank of Canada, TELUS, TD Bank Group and TransCanada Corporation.
'One of our best defenses is our ability to work together and share information on existing and emerging cyber security threats, defensive techniques and other best practices,' said Ralph Goodale, Canada's Minister of Public Safety and Emergency Preparedness, in a statement at the time. 'For this reason, the Government of Canada welcomes the private sector initiative to create the CCTX. It will facilitate collaboration amongst public and private sectors in Canada and will help us to identify, prevent and mitigate cyber risks more effectively.'
Zach Warren writes for'Legaltech News, an ALM sibling of e-Commerce Law & Strategy.
'
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
How Secure Is the AI System Your Law Firm Is Using?
What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.