Best Practices for Cyber Incident Management

The Investment Industry Regulatory Organization of Canada has recently released their Cyber Incident Management Planning Guide, offering members guidelines and recommendations for the effective preparation of cyber-incident response plans, and the documentation of associated processes.

Broken into three major sections (A background on cybersecurity, an overview of incident response plans and tools, and external engagement in the form of incident sharing), and an appendix discussing the implementation of a cybersecurity response capability and recommendations on how to react when not prepared for an incident, the guide is intended as a reference for common practices, and as an encouragement for members to engage in their own planning and customization of their cybersecurity management structures.

While not comprehensive, and provided only for general information purposes, the guide represents a potentially valuable resource for companies and individuals looking to expand their knowledge and understanding of cyber-incident response planning, and its integration into a comprehensive cybersecurity strategy.