+91-99786 71691

+91-99789 71691

SEBI Cyber Security & Cyber Resilience framework

SEBI Cyber Security & Cyber Resilience framework

SEBI Cyber Security Framework for Stock Brokers / Depository Participants

Use of Information Technology by securities market has grown rapidly and is now an important part of the operational strategy of securities. The number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of securities and financial sector including depositories. There is an urgent need to put in place a robust cyber security/resilience framework at stock broker or depositories to ensure adequate security of their assets on a continuous basis. It has, therefore, become essential to enhance the security of the institutions from cyber threats by improving the current defences in addressing cyber risks.

Stock Exchanges and Depositories shall :

  1. Make necessary amendments to the relevant bylaws, rules and regulation for the implementation of the above direction.
  2. Bring the provision of the circular to the notice of their members/participants and also disseminate the same on their websites and
  3. Communicate to SEBI, the status of implementation of the provision of this circular in their monthly report.
The guidelines annexed with this circular shall be effective from April 1,2019.

Cyber Security Framework define and implement with reference to Circular – SEBI/HO/MIRSD/CIR/PB/2018/147

1. Governance

Operational Risk Management
Incident Management
Cyber Security policy for Stock Brokers

2. Identification

Asset Management

3. Protection

Access Control
Supplier Relationship Management
Physical Security
Network Security Management
Data Security
Hardening of Hardware and Software
Application Security in Customer Facing Application
Certification of off-the-Self Products
Patch Management
Disposal of data, systems and storage devices
Vulnerability Assessment and Penetration Testing (VAPT)

4. Monitoring and Detection
5. Response and Recovery
6. Sharing of Information
7. Training and Education
8. Systems Managed by Vendors
9. Systems Managed by MIIs
10. Periodic Audit

Benefits: -

  1. Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure.
  2. Management Understanding of the Value of Organisational Information
  3. Business Partner Confidence, Satisfaction and TRUST
  4. Organisational Effectiveness of Communicating Security Requirements and Securities