Use of Information Technology by securities market has grown rapidly and is now an important part of the operational strategy of securities. The number, frequency and impact of cyber incidents/attacks have increased manifold in the recent past, more so in the case of securities and financial sector including depositories. There is an urgent need to put in place a robust cyber security/resilience framework at stock broker or depositories to ensure adequate security of their assets on a continuous basis. It has, therefore, become essential to enhance the security of the institutions from cyber threats by improving the current defences in addressing cyber risks.
Stock Exchanges and Depositories shall :
The guidelines annexed with this circular shall be effective from April 1,2019.
SEBI Cyber Security Framework define and implement with reference to Circular – SEBI/HO/MIRSD/CIR/PB/2018/147
1. Governance
Operational Risk Management
Incident Management
Cyber Security policy for Stock Brokers
2. Identification
Asset Management
3. Protection
Access Control
Supplier Relationship Management
Physical Security
Network Security Management
Data Security
Hardening of Hardware and Software
Application Security in Customer Facing Application
Certification of off-the-Self Products
Patch Management
Disposal of data, systems and storage devices
Vulnerability Assessment and Penetration Testing (VAPT)
4. Monitoring and Detection
5. Response and Recovery
6. Sharing of Information
7. Training and Education
8. Systems Managed by Vendors
9. Systems Managed by MIIs
10. Periodic Audit
Benefits: –