Sebi Launches New Cyber Security Framework for Regulated Entities
By Rediff Money Desk, New Delhi Aug 20, 2024 22:22
SEBI has introduced a new cybersecurity framework for regulated entities, mandating security monitoring mechanisms and a Cyber Capability Index (CCI). Learn more about the framework and its implementation timeline.
New Delhi, Aug 20 (PTI) Markets watchdog Sebi on Tuesday issued a new cyber security framework wherein all regulated entities are required to have appropriate security monitoring mechanisms, and the fresh norms will be implemented in a graded manner starting from January 2025.
Besides, a Cyber Capability Index (CCI) for market infrastructure institutions and qualified regulated entities will be introduced to monitor and assess their cybersecurity maturity and resilience on a regular basis.
The Cybersecurity and Cyber Resilience Framework (CSCRF), formulated after consultations with stakeholders, comes at a time when there are rising instances of cyber attacks.
The framework will supersede the existing cybersecurity circulars and guidelines for the entities regulated by Sebi, according to a circular.
For small regulated entities, Sebi said that stock exchanges NSE and BSE will establish market Security Operation Centres (SOCs) to assist them in meeting the requirements under the new framework.
These SOCs will provide cybersecurity solutions tailored to the needs of small entities, ensuring that they achieve cyber resiliency despite limited resources, the regulator said.
All regulated entities are to establish appropriate security monitoring mechanisms through SOCs.
The onboarding of SOC can be done through a regulated entity's own/ group SOC or market SOC or any other third-party managed SOC for continuous monitoring of security events and timely detection of anomalous activities, as per the circular.
With a glide path, the framework will be implemented in two phases -- one set of entities has to ensure compliance by January 1, 2025, and another set by April 1, 2025.
Post the given deadlines, the entities are expected to conduct cybersecurity audits as per the CSCRF and submit reports to the appropriate authorities within the stipulated timelines.
"CSCRF contains provisions with respect to various areas such as requirements of IT services, Software as a Service (SaaS) solutions, hosted services, classification of data, audit for software solutions/applications/products used by regulated entities etc," the circular said.
Besides, a Cyber Capability Index (CCI) for market infrastructure institutions and qualified regulated entities will be introduced to monitor and assess their cybersecurity maturity and resilience on a regular basis.
The Cybersecurity and Cyber Resilience Framework (CSCRF), formulated after consultations with stakeholders, comes at a time when there are rising instances of cyber attacks.
The framework will supersede the existing cybersecurity circulars and guidelines for the entities regulated by Sebi, according to a circular.
For small regulated entities, Sebi said that stock exchanges NSE and BSE will establish market Security Operation Centres (SOCs) to assist them in meeting the requirements under the new framework.
These SOCs will provide cybersecurity solutions tailored to the needs of small entities, ensuring that they achieve cyber resiliency despite limited resources, the regulator said.
All regulated entities are to establish appropriate security monitoring mechanisms through SOCs.
The onboarding of SOC can be done through a regulated entity's own/ group SOC or market SOC or any other third-party managed SOC for continuous monitoring of security events and timely detection of anomalous activities, as per the circular.
With a glide path, the framework will be implemented in two phases -- one set of entities has to ensure compliance by January 1, 2025, and another set by April 1, 2025.
Post the given deadlines, the entities are expected to conduct cybersecurity audits as per the CSCRF and submit reports to the appropriate authorities within the stipulated timelines.
"CSCRF contains provisions with respect to various areas such as requirements of IT services, Software as a Service (SaaS) solutions, hosted services, classification of data, audit for software solutions/applications/products used by regulated entities etc," the circular said.
Source: PTI
Read More On:
DISCLAIMER - This article is from a syndicated feed. The original source is responsible for accuracy, views & content ownership. Views expressed may not reflect those of rediff.com India Limited.
You May Like To Read
TODAY'S MOST TRADED COMPANIES
- Company Name
- Price
- Volume
- Vodafone Idea L
- 9.50 (+ 3.60)
- 98491250
- GTL Infrastructure
- 2.32 (+ 4.98)
- 74918021
- Advik Capital
- 3.25 (+ 7.97)
- 34086998
- Jaiprakash Power Ven
- 20.03 (+ 8.45)
- 26873790
- Spicejet Ltd.
- 62.80 (+ 9.10)
- 26113604
MORE NEWS
Mandaviya Pushes for Integrated Employment &...
Union Minister Mandaviya advocates for integrating central and state portals to provide...
Rajasthan Seeks ASEAN Investment: Opportunities...
Rajasthan Minister Rajyavardhan Rathore calls for investment from ASEAN nations,...
Torrent Power Wins 2,000 MW Pumped Storage...
Torrent Power secures a contract from the Maharashtra government to supply 2,000 MW...