OM-5.5.13
A bank-wide cyber security strategy must be defined and documented to include:
a) The position and importance of cyber security at the licensee ;
b) The primary cyber security threats and challenges facing the licensee ;
c) The licensee ’s approach to cyber security risk management;
d) The key elements of the cyber security strategy including objectives, principles of operation and implementation approach;
e) Scope of risk identification and assessment, which must include the dependencies on third party service providers;
f) Approach to planning response and recovery activities; and
g) Approach to communication with internal and external stakeholders including sharing of information on identified threats and other intelligence among industry participants.
Added: July 2021