Sebi has released a consultation paper on 'Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities'. The consultation paper is aimed at improving the cybersecurity and cyber resilience of market intermediaries, market infrastructure institutions, and other regulated entities. The consulting paper outlines steps to ensure the cyber-resilience from third-party vendors by putting the responsibility on REs.
According to the Sebi consultation paper, the regulated entities such as brokers may be held accountable for the cyber risks posed by their third-party vendors.
“REs shall be solely accountable for all aspects related to third party services taken including (but not limited to) confidentiality, integrity, availability, non-repudiation, and security of its data and logs and ensuring compliance with laws, regulations, circulars, etc. issued by Sebi/Government of India. Accordingly, REs shall be responsible and accountable for any violation of the same,” SEBI’s consultation paper noted.
According to the proposed framework, Market Infrastructure Institutions (MIIs) like stock exchanges and depository participants will be required to conduct a cyber-audit twice a year while all other regulated entities will have to do it once each year.
The proposed framework is based on five concurrent and continuous functions of cyber security as defined by NIST (National Institute of Standards and Technology)- Identify, Protect, Detect, Respond, and Recover. Among these steps, the market regulator has also stressed on having a mandatory Cyber Crisis Management Plan. The paper also said that REs would also have to put in place comprehensive incident response management plan.
The market regulator had also put down cyber security best practices a few months ago for regulated entities. The paper notes that REs will be required to implement network segmentation techniques to restrict access to sensitive information. The regulated entities would also conduct a periodic audit by a CERT-In empanelled auditor and do vulnerability assessment and penetration testing (VAPT).
(Edited by : Anshul)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Over 50 onion farmers detained in Nashik ahead of PM Modi's visit
May 16, 2024 11:14 AM
Why Google CEO is cautiously optimistic about the election year
May 16, 2024 9:51 AM
Mark Mobius reveals how markets will react if NDA wins 400+ Lok Sabha seats
May 15, 2024 8:09 PM