The Financial services offered in India have become a leading cause of growth for both, the corporates and common man. With the rapid rate and expansion of progress and reach, it is crucial or the government to ensure that it’s citizens privileged and personal information is protected. 

What is SEBI Cyber Security and Cyber Resilience Framework? 

SEBI has developed a comprehensive cyber security and cyber resilience framework aimed at protecting the interests of investors in securities, to promote the development of, and to regulate the securities market.   

The Securities and Exchange Board of India (“SEBI”) has issued a circular dated January 10, 2019 to specify the Cyber Security & Cyber Resilience framework. The guidelines are gaining effect from April 1,2019 

What is Cyber Security and Cyber Resilience? 

When your Organization deals with electronic data, the data is usually available in various forms and resides in various systems and locations. The Cyber Security Framework applies a method and process to protect this. It also helps in implementation of various technology and business practices 

The cyber resilience helps you to prepare for, respond to and recover from a cyberattack. Reducing exposure to risk and learning from incidents is where an approach to cyber resilience truly shines.  

Why is the SEBI Cyber Security and Cyber Resilience Framework so important to companies and investors? 

Investors have become tech savvy these days. Whether it’s investing in mutual funds, completing Know Your Customer (KYC) formalities, or giving a service mandate to Registrar and Transfer Agents (RTAs), investors now prefer the online ways. It is convenient, quick, and can be done from the comfort of their homes. So, why wouldn’t they?  

However, in this process, they tend to share a large amount of personal information with organizations handling their investments. Given the bad pre-eminence created by that data leakages and ransomware attacks in developed countries, the existence of this framework becomes serves to be an important need. 

The objective of the framework is to protect the integrity of data and guard the organizations from breaches of privacy. Another important objective is to provide essential facilities and services and perform critical functions in securities market. 

Applicability 

  1. Stockbrokers
  2. Depository Participants
  3. Mutual Funds
  4. Asset Management Companies

The Key Areas and the Framework is to  

Identify and Protect 

  • Identify’ critical IT assets and risks associated with these assets. 
  • ‘Protect’ assets by deploying suitable controls, tools and measures. 

Detect and Respond 

  • ‘Detect’ incidents, anomalies and attacks through appropriate monitoring tools/processes. 
  • ‘Respond’ by taking immediate steps after identification of the incident, anomaly or attack. 

Remediate and Recover 

  • ‘Recover’ from incident through incident management and other appropriate recovery mechanisms. 

Benefit of the SEBI Cyber Security and Cyber Resilience framework 

  • Compliance to SEBI’s guidelines 
  • Cyber security incidents and events 
  • Control effectiveness 
  • Overall risk score 
  • Policies, procedures, SOPs 
  • User training and awareness 
  • Road map to cyber security and resilience 
  • Continuous audit 

SEBI Cyber Security and Cyber Resilience Framework Guidelines 

The circular is to maintain robust cyber security and cyber resilience framework to protect the integrity of data and privacy. 

The framework specifies guidelines for cyber security on the following heads: 

  • Governance  
  • Identification 
  • Access control 
  • Physical security 
  • Network security management 
  • Data security 
  • Hardening of hardware and software 
  • Application security in customer facing applications 
  • Certification of off-the-shelf products 
  • Patch management procedures 
  • Disposal of data, systems and storage devices 
  • Conduction of Vulnerability Assessment and Penetration Testing (VAPT) 
  • Security monitoring and detection systems 
  • Response and recovery upon alerts 
  • Sharing of information 
  • Training and education of staff 
  • Periodic audit 
  • Appropriate monitoring of vendors and service providers 

Conclusion 

With the increase of cyber-attacks in India, it is essential to follow the guidelines and protect your information and organization from major loss. Prevention is better than cure!  

To know more about SEBI Cyber Security and Cyber Resilience Framework write me at rajaram.ray@matrix3d.com 

Call Now