SEBI Cyber Security Framework

 

The regulatory situation in India is becoming more stringent. Institutions/Organizations have
been asked by regulating authorities to put in place board-approved, robust cyber-risk
management systems. The regulator has also set norms that put losses due to cyber-attacks.
In the securities sector, SEBI on 8 September, 2017 issued a cyber security framework called
"Cyber Security and Cyber Resilience framework for Registrars to an Issue / Share Transfer
Agents” under circular no. SEBI/HO/MIRSD/CIR/P/2017/0000000100.
Some of the important topics covered by said framework are listed below:
 Governance
 Network Security Management
 Hardening of Hardware and Software
 Vulnerability Assessment and Penetration Testing
 Monitoring and Detection
 Response and Recovery
 Access Control

Objectives of the Cyber Security framework:

 Provide recommendation with respect to operational risk management for managing risk
to systems, networks and databases from cyber-attacks and threats
 Provide recommendation to constitute a Technology Committee comprising experts
proficient in technology
 Provide recommendation to define responsibilities of its employees, outsourced staff, and
employees of vendors, members or participants and other entities, who may have access or
use systems / networks of QRTA's, towards ensuring the goal of cyber security
 Provide recommendation to establish baseline standards to facilitate consistent
application of security configurations to operating systems, databases, network devices and
enterprise mobile devices within the IT environment
 Provide recommendation to establish appropriate security monitoring systems and
processes to facilitate continuous monitoring of security events and timely detection of
unauthorised or malicious activities, unauthorised changes, unauthorised access and
unauthorised copying or transmission of data / information held in contractual or fiduciary
capacity, by internal and external parties
 Provide recommendation to have Business Continuity and Recovery Plan