#Trending

Sebi introduces cyber security, cyber resilience framework for all registered entities

The first set of entities will need to adopt it by January 1, 2025

Sebi-regulated entities will soon need to implement a framework to improve cyber security and cyber resilience, announced the market regulator on June 27.

The entities will need to adopt it based on their grading, which will be based on their extent of operations and certain thresholds in client numbers, trade volumes, and assets under management.

The new standards and practices will need to be adopted by six categories of entities that already have the regulator-prescribed cybersecurity and resilience structures in place by January 1, 2025; and by other entities by April 1, 2025.

In a press release issued after meeting with its Board, the Securities and Exchange Board of India gave the broad contours of the Cybersecurity and Cyber Resilience Framework (CSCRF).

The press release said, “CSCRF is a standard-based framework and broadly covers the five cyber resiliency goals, viz. Anticipate, Withstand, Contain, Recover, and Evolve which are adopted from CERT-In Cyber Crisis Management Plan (CCMP), for countering Cyber Attacks and Cyber Terrorism.”

Under this framework registered entities will be graded into five categories based on various parameters: Market Infrastructure Institutions (MIIs); Qualified REs;  Mid-size REs; Small-size REs and self-certification REs.

The framework is expected to give the following benefits:

1.Cyber Risk Governance and Management Framework

2.Data classification and localization: To set up robust security controls for
data generated / managed / processed by REs, CSCRF classifies data
in two categories: ‘Regulatory Data’ and ‘IT and Cybersecurity Data’.
While ‘Regulatory Data’ is mandatorily localized, dispensation for ‘IT and Cybersecurity Data’ for offshoring has been given with suitable
guardrails.

3.Implementation of Security Operations Centre (SOC) and measuring its
efficacy on a periodic basis

4.Guidelines for API security and mobile application security

5.Cyber Capability Index (CCI) to assess cyber resilience

6.Software Bill of Materials (SBOM) to mitigate supply chain risks

Sebi introduces cyber security, cyber resilience framework for all registered entities

India will require an additional data centre

Sebi introduces cyber security, cyber resilience framework for all registered entities

Guarding the Skies: The Critical Importance of

Leave a comment

Your email address will not be published. Required fields are marked *