Sebi proposes a unified cyber security framework.

Synopsis

Sebi has produced a consultation paper titled ‘Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities’, which aims to provide a common framework for diverse approaches to cyber security in order to reduce cyber-risks/incidents.

Sebi, the market regulator, has suggested a streamlined cyber security and cyber resilience framework in which all regulated businesses must have an up-to-date cyber crisis management strategy. The framework has been proposed to better increase the entities’ cyber-risk, incident prevention, readiness, and response skills.

Sebi has produced a consultation paper titled ‘Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities’, which aims to provide a common framework for diverse approaches to cyber security in order to reduce cyber-risks/incidents.

The consultation document is open for comments through July 25.

According to the Securities and Exchange Board of India (Sebi), the framework is based on NIST’s five concurrent and continuous cyber security tasks of Identify, Protect, Detect, Respond, and Recover.

The National Institute of Standards and Technology is abbreviated as NIST.

The framework, according to Sebi, will be updated and enhanced as technology and the securities market advance and various REs (Regulated Entities) give input.

“All REs shall develop an up-to-date Cyber Crisis Management Plan (CCMP),” according to the consultation document released on Tuesday.

They would also need to implement a complete incident response management strategy as well as the necessary Standard Operating Procedures (SOPs).

“Alerts generated by monitoring and detection systems must be thoroughly investigated for Root Cause Analysis (RCA),” the document said.

With technological advancements in the securities market, Sebi said that maintaining strong cyber security and cyber resilience to safeguard securities market firms from cyber risks/incidents has become essential.

Since 2015, the regulator has issued specific cyber security and cyber resilience guidelines for several regulated firms.

Disclaimer: The material in this article was compiled using the most recent Acts, Rules, Circulars, Notifications, Provisions, Press Releases, and material that were applicable at the time. The completeness and correctness of the material has been ensured with due diligence. It is required of users of this material to consult the relevant, applicable legislation. The data given may change without prior notice and does not constitute professional advice. As a result, Estabizz Fintech disclaims all liability for the results of using such material.