Sebi-regulated entities will soon need to implement a framework to improve cyber security and cyber resilience, announced the market regulator on June 27.
The entities will need to adopt it based on their grading, which will be based on their extent of operations and certain thresholds in client numbers, trade volumes, and assets under management.
The new standards and practices will need to be adopted by six categories of entities that already have the regulator-prescribed cybersecurity and resilience structures in place by January 1, 2025; and by other entities by April 1, 2025.
Also read: 82% of India's stock brokers set to invest in cybersecurity for enhanced business resilience
In a press release issued after meeting with its Board, the Securities and Exchange Board of India gave the broad contours of the Cybersecurity and Cyber Resilience Framework (CSCRF).
The press release said, "CSCRF is a standard-based framework and broadly covers the five cyber resiliency goals, viz. Anticipate, Withstand, Contain, Recover, and Evolve which are adopted from CERT-In Cyber Crisis Management Plan (CCMP), for countering Cyber Attacks and Cyber Terrorism."
Under this framework registered entities will be graded into five categories based on various parameters: Market Infrastructure Institutions (MIIs); Qualified REs; Mid-size REs; Small-size REs and self-certification REs.
The framework is expected to give the following benefits:
1.Cyber Risk Governance and Management Framework
2.Data classification and localization: To set up robust security controls for
data generated / managed / processed by REs, CSCRF classifies data
in two categories: ‘Regulatory Data’ and ‘IT and Cybersecurity Data’.
While ‘Regulatory Data’ is mandatorily localized, dispensation for ‘IT and Cybersecurity Data’ for offshoring has been given with suitable
guardrails.
3.Implementation of Security Operations Centre (SOC) and measuring its
efficacy on a periodic basis
4.Guidelines for API security and mobile application security
5.Cyber Capability Index (CCI) to assess cyber resilience
6.Software Bill of Materials (SBOM) to mitigate supply chain risks
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
