Security working group meeting 3 – August 25, 2022

This discussion guide is provided to assist security working group members in preparing for the third meeting, which builds on the main risks discussed at the first meeting.

For questions or comments, please contact obbo@fin.gc.ca.

On this page:

• Discussion guide
• Outcomes

Discussion guide

Cyber security

Open banking has security at its core and without safeguards, compromised systems could erode confidence in an open banking system.

To this end, leveraging industry expertise and existing frameworks/certifications can help determine a minimum set of effective rules to safeguard and protect customer data from breaches, fraud and other cyber security incidents. This also includes ensuring the proper set of governance, technology and operational requirements are in place to protect data.

Examples of existing frameworks/certifications include the Control Objectives for Information and related Technology (COBIT) framework and the National Institute of Standards Technology (NIST) cyber security framework.

Discussion

1. Are there existing frameworks/certification regimes that could provide the baseline requirements to address cyber security risks?
2. Are these frameworks/certifications suitable for organizations of varying sizes, complexity, and risk levels?
3. What benefits do frameworks/certifications offer to potential accreditation applicants?
4. What challenges can be foreseen in implementing frameworks/certification regimes and how can they be addressed?

Outcomes

This security working group meeting has been cancelled. The discussion on July 28, 2022, captured content on topics planned for meeting 2 (data security) and meeting 3 (cyber security). Future meetings may adopt topics related to data and cyber security where necessary.