All Sebi-registered entities will need to have a security operation centre (SOC), which is run by the entity or its group or which is maintained by a third-party, according to the cyber-resilience and cybersecurity framework released by the market regulator on August 20.
The centre will help with continous monitoring of security events and timely detection of anomalous activities. Leading exchanges NSE and BSE have been tasked with setting up Market SOC (M-SOC) to provide cybersecurity solutions to smaller REs who may not have the expertise or finances to set up an independent ROC.
The Securities and Exchange Board of India (Sebi) had announced on June 27 that soon a cybersecurity and cyberresilience framework would be released. The latest circular details the framework to be followed-- it has the objectives and standards; guidelines, compliance formats; guidelines to auditors; scenario-based cyber resilience testing; cyber security index (CCI), functional efficacy of the SOC and so on.
Also read: ICICI Securities pays Rs 69.8 lakh to settle allegations of Merchant Banker Regulations violation
The framework has five goals--anticipate, withstand, contain, recover and evolve. These goals have been linked to six functions--governance, identify, protect, detect, respond and recover.
Why now?
The circular said that while technology has enabled greater efficiency, access and affordability in securities market, swift technological advancements have led to the need to protect associated IT infrastructure and data. The market regulator has issued various cybersecurity and cyber resilience frameworks since 2015 and the latest one is to ensure "uniformity of cybersecurity guidelines for all REs and to strengthen the mechanism to deal with cyber risks, threats, incidents, etc."
Six categories of REs, where cybersecurity and cyber resilience circulars already exists, will need to have the framework in place by January 1, 2025. The others, for whom this framework is being issued for the first time, it will have to be in place by April 1, 2025.
There will also be a Cyber Capability Index (CCI) for market infrastructure institutions (MIIs) and Qualified REs to help these entities monitor and assess their progress and cyber resilience on a periodic basis.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
