Top Learning from RBI & SEBI Cyber Security Framework Circular

RBI & SEBI has recently notified the Banks and Stock Brokers/Depository Participants and published a cyber security framework to be deployed. Here is a consolidated learning compiled by us and you can also access the detailed frameworks from here

>> Access The RBI & SEBI Cyber Security Frameworks for Ba...

Top Learning From RBI Cyber Security Framework For Banks

  • Cyber Security Policy to be distinct from the broader IT policy / IS Security Policy of a bank
  • Arrangement for continuous surveillance
  • IT architecture should be conducive to security
  • Comprehensively address network and database security
  • Ensuring Protection of customer information
  • Cyber Crisis Management Plan
  • Cyber security preparedness indicators
  • Sharing of information on cyber-security incidents with RBI
  • Supervisory Reporting framework
  • An immediate assessment of gaps in preparedness to be reported to RBI
  • Organisational arrangements
  • Cyber-security awareness among stakeholders / Top Management / Board

Baseline Cyber Security and Resilience Requirements

Baseline Controls

  • Inventory Management of Business IT Assets
  • Preventing execution of unauthorised software
  • Environmental Controls
  • Network Management and Security
  • Secure Configuration
  • Application Security Life Cycle (ASLC)
  • Patch/Vulnerability & Change Management
  • User Access Control / Management
  • Authentication Framework for Customers
  • Secure mail and messaging systems
  • Vendor Risk Management
  • Removable Media
  • Advanced Real-time Threat Defence and Management
  • Anti-Phishing
  • Data Leak prevention strategy
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Audit Log settings
  • Vulnerability assessment and Penetration Test and Red Team Exercises
  • Incident Response & Management
  • Risk based transaction monitoring
  • Metrics
  • Forensics
  • User / Employee/ Management Awareness
  • Customer Education and Awareness

Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

Key Responsibilities of SOC could include:

  • Monitor, analyze and escalate security incidents
  • Develop Response - protect, detect, respond, recover
  • Conduct Incident Management and Forensic Analysis
  • Co-ordination with contact groups within the bank/external agencies

Detailed information on points that need to be considered, expectations and key requirements are mentioned. It is very illustrative cover here, kindly access the framework for this. Further details on people, process, external integrations are also mentioned.

>> Access The RBI & SEBI Cyber Security Frameworks for Ba...

Top Learning From RBI Cyber Security Framework For Primary (Urban) Cooperative Banks (UCBs)

  • Need for a Board approved Cyber Security Policy
    • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
    • IT Architecture/Framework should be security compliant
    • Cyber Crisis Management Plan
  • Organisational Arrangements
  • Cyber Security awareness among Top Management/Board/other concerned parties
  • Ensuring protection of customer information
  • Supervisory reporting framework

Top Learning From SEBI Cyber Security & Cyber Resilience Framework For Stock Brokers / Depository Participants

  • Governance
  • Identification
  • Protection
    • Access Control
    • Physical Security
    • Network Security Management
    • Data Security
    • Hardening of Hardware and Software
    • Application Security in Customer Facing Applications
    • Certification of off the shelf products
    • Patch management
    • Disposal of data, systems and storage devices
    • Vulnerability Assessment and Penetration Testing (VAPT)
  • Monitoring and Detection
  • Response and Recovery
  • Sharing of Information
  • Training and Education
  • Systems managed by vendors
  • Systems managed by MIIs
  • Periodic Audit

The above pointers are just a gist of the overview, the details involve looking into infrastructure and setting up processes. We suggest you read the detailed frameworks and consult a security analyst. Here's a free 30 Minutes analyst consultation to ensure your security readiness for RBI & SEBI

>> Check Your RBI & SEBI Readiness (Free Analyst Consulta...

Views: 443

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

Forum

Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash Mar 3. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */