
Cybersecurity
While a hundred percent efficiency is difficult to achieve in any human process, maximizing cybersecurity resilience and bouncing back from an attack with minimal impact is imperative for all businesses. Organizations must invest in quality tools and define standard protection processes to stand firm in the face of an attack.
Our team of cybersecurity experts can help you ensure the following:
Identify and Protect
|
|
Detect and Respond
|
|
Remediate and Recover
|
|
RBI & SEBI Guidelines
The Reserve Bank of India (RBI) and Securities Exchange Board of India (SEBI) Guidelines related to Cyber Security framework are meant to enable banks and other NBFC’s to formalize and adopt cybersecurity policies along with a cyber crisis management plan.
SEBI has issued a circular to maintain robust cyber security and resilience frameworks to protect the integrity of data and breaches against privacy. As a part of the operational risk management, there are requirements for all Mutual Funds (MF) and Asset Management Companies (AMC) to comply with circular SEBI/HO/IMD/DF2/CIR/P/2019/12 effective April 1, 2019
RBI provided guidelines on Cyber Security Framework vide circular DBS.CO/CSITE/BC.11/33.01.001/2015--16 dated June 2, 2016, where it highlighted the urgent need among banks to put in place a robust cybersecurity/resilience framework to ensure adequate cyber-security preparedness.
Who are these guidelines applicable to?
The guidelines apply to all Mutual Funds and Asset Management Companies regulated by SEBI and all banks regulated by RBI. They apply to all data created, received, or maintained, wherever these data records are and whatever form they are in, in the course of carrying out their designated duties and functions.
Impact of Non- Compliance
The cybersecurity guidelines, by large, can be mapped to the NIST framework, which was developed with a focus on industries vital to national and economic security.
Banks need to assess their Cyber Security preparedness under the active guidance and oversight of the IT Sub Committee of the Board or the Bank’s Board directly. The Banks also need to report to the Cyber Security and Information Technology Examination (CSITE) Cell of the Department of Banking Supervision, Reserve Bank of India; about the following:
- Identified gaps w.r.t. Cyber Security/Resilience Framework.
- Proposed measures/controls and their expected effectiveness.
- Milestones with timelines for implementing the proposed controls/measures.
- Measurement criteria for assessing their effectiveness, including the risk assessment and risk management methodology followed/proposed by the bank.