SEBI Cyber Security Framework
The regulatory situation in India is becoming more stringent. Institutions/Organizations have
been asked by regulating authorities to put in place board-approved, robust cyber-risk
management systems. The regulator has also set norms that put losses due to cyber-attacks.
In the securities sector, SEBI on 8 September, 2017 issued a cyber security framework called
"Cyber Security and Cyber Resilience framework for Registrars to an Issue / Share Transfer
Agents” under circular no. SEBI/HO/MIRSD/CIR/P/2017/0000000100.
Some of the important topics covered by said framework are listed below:
Governance
Network Security Management
Hardening of Hardware and Software
Vulnerability Assessment and Penetration Testing
Monitoring and Detection
Response and Recovery
Access Control
Objectives of the Cyber Security framework:
Provide recommendation with respect to operational risk management for managing risk
to systems, networks and databases from cyber-attacks and threats
Provide recommendation to constitute a Technology Committee comprising experts
proficient in technology
Provide recommendation to define responsibilities of its employees, outsourced staff, and
employees of vendors, members or participants and other entities, who may have access or
use systems / networks of QRTA's, towards ensuring the goal of cyber security
Provide recommendation to establish baseline standards to facilitate consistent
application of security configurations to operating systems, databases, network devices and
enterprise mobile devices within the IT environment
Provide recommendation to establish appropriate security monitoring systems and
processes to facilitate continuous monitoring of security events and timely detection of
unauthorised or malicious activities, unauthorised changes, unauthorised access and
unauthorised copying or transmission of data / information held in contractual or fiduciary
capacity, by internal and external parties
Provide recommendation to have Business Continuity and Recovery Plan