The regulatory situation in India is becoming more stringent. Institutions/Organizations have been asked by regulating authorities to put in place board-approved, robust cyber-risk management systems. The regulator has also set norms that put losses due to cyber-attacks.
In the securities sector, SEBI on 8 September, 2017 issued a cyber security framework called Cyber Security and Cyber Resilience framework for Registrars to an Issue / Share Transfer Agents” under circular no. SEBI/HO/MIRSD/CIR/P/2017/0000000100.
Some of the important topics covered by said framework are listed below:
- Network Security Management
- Hardening of Hardware and Software
- Vulnerability Assessment and Penetration Testing
- Monitoring and Detection
- Response and Recovery
- Access Control
Objectives of the Cyber Security framework:
- Provide recommendation with respect to operational risk management for managing risk to systems, networks and databases from cyber-attacks and threats
- Provide recommendation to constitute a Technology Committee comprising experts proficient in technology
- Provide recommendation to define responsibilities of its employees, outsourced staff, and employees of vendors, members or participants and other entities, who may have access or use systems / networks of QRTA, towards ensuring the goal of cyber security
- Provide recommendation to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment
- Provide recommendation to establish appropriate security monitoring systems and processes to facilitate continuous monitoring of security events and timely detection of unauthorized or malicious activities, unauthorized changes, unauthorized access and unauthorized copying or transmission of data / information held in contractual or fiduciary capacity, by internal and external parties
- Provide recommendation to have Business Continuity and Recovery Plan