SEBI Cyber Security & Cyber Resilience Framework

Overview

With the continuous advancement of the securities market and the increasing threats posed by hackers and cyber criminals in the digital world, it has become important for organizations to focus intensively on cyber security issues and build resilience mechanisms to safeguard information from any securitization threats. As this paper has highlighted, SEBI should implement different guidelines to reduce operational risks considerably and enhance safety for its members and shareholders, such as stock brokers, depository participants, mutual funds, and asset management companies (AMCs). For this reason, staying up to date with new technology is crucial in protecting operations against new threats.
Due to the development of the economy, more people are getting involved in stock trading and mutual funds. Subsequently, SEBI has released three circulars for trading members, exchanges, depositories, and other intermediaries where Cyber Security Audits are required. They are meant to improve security measures in continuously increasing cyber threats and attacks, thus increasing the reliability of trading systems and software.
pentesting companies

Methodology

The assessment is to be performed to discover imperfections or nonconformities in the system, considering regulations that must be followed and evaluating the outcome of these flaws. Therefore, the Cyber Resilience Framework checklist prescribes the following domains when conducting audits of stock markets, exchanges, depositories and intermediaries.
The relevant circulars are:
1.  SEBI/HO/MIRSD/CIR/PB/2018/147 – for stockbrokers and depositories.
2.  CIR/MRD/CSC/148/2018 – for stock exchanges, clearing corporations, and depositories.
3.  SEBI/HO/IMD/DF2/CIR/P/2019/12 – for Asset Management Companies (AMCs) or mutual funds.

Major Regulations

SEBI/HO/MIRSD/CIR/PB/2018/147

This circular enunciates key Cyber Security Controls for Stock Exchanges and Depose under the CPL of the respective Organizations. It sets up minimum measures essential for handling cyber threats, safeguarding data and maintaining a secure environment in these organisations.

SEBI/HO/MIRSD/TPD/P/CIR/2022/80

These rules extend and update the previous guidelines, introducing more cyber security measures. It confronts new trends and integrates best security practices to improve the security of exchanges and depositories.

General Compliance Framework

In combination, these circulars lay down a solid structure for cyber security, as the exchanges and depositories also follow strict conditions protecting their systems and data from hacking and cyber threats. These are intended and developed for enhancing the SECS’s defense against cyber threats while at the same time retaining supervisory authority.

Our Approach.

Critical Assets Under SEBI Cyber Resilience Framework

In the SEBI Cyber Resilience Framework, data and systems are classified based on which they are tagged as higher risk and demand an extra level of protection. Some examples of Sensitive Personal Data include Personal numbers and Health records, as detailed below, and Aids in avoiding privacy violations. Names and addresses are vital as they fall under Personally Identifiable Information (PII) and require privacy and legal preservation. Sensitive Financial Information includes bank account alerts and credit card records, which help avoid fraud. Business Critical Systems include trading capabilities and customer databases, which define an entity’s continuity and sustainment against cyber adversities.

cyber security information