News

SEBI issues new cybersecurity framework

Friday 23 August 2024 14:06 CET | News

India-based regulator for the Securities and Exchange Board of India (SEBI) has announced the release of a new cybersecurity framework for all regulated entities. 

 

As part of the newly introduced framework, SEBI demands all regulated entities to adopt security monitoring processes, with the norms being set to be implemented gradually as of January 2025. In addition, to monitor and assess cybersecurity maturity and resilience, a Cyber Capability Index (CCI) for market infrastructure institutions and qualified regulated entities is set to be issued.

The Securities and Exchange Board of India (SEBI) has announced the release of a new cybersecurity framework for all regulated entities.

 

SEBI’s plans for mitigating cyber attacks

The decision to release the Cybersecurity and Cyber Resilience Framework (CSCRF), which was developed following consultation with stakeholders, can be attributed to the current environment in India, where cyber attacks are increasing, making the overall financial landscape vulnerable. At the same time, the newly issued framework is set to replace the existing cybersecurity circulars and guidelines for the entities regulated by SEBI. When it comes to small regulated entities, the authority underlined that stock exchanges NSE and BSE intend to publish market Security Operation Centres (SOCs) to support them in meeting the requirements imposed by the new framework.

Moreover, it is mentioned that these SOCs are set to offer cybersecurity solutions customised to the needs of small entities, which plans to ensure that they achieve cyber resilience regardless of resources. Also, all regulated entities need to establish suitable security monitoring mechanisms via SOCs. SEBI underlined that the onboarding of SOC can be conducted via a regulated entity’s SOC or market SOC, as well as through any other third-party managed one for constant monitoring of security episodes and timely detection of odd activities.

Additionally, SEBI aims to implement the framework in two phases, with the first one focusing on entities ensuring compliance by January 2025 and the second one by April 2025. After the provided deadlines, regulated entities are assumed to undergo cybersecurity audits considering the CSCRF and submit reports to the authorities within the stipulated timelines.

Source: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: cybercrime, cybersecurity, online security, regulation, financial institutions
Categories: Fraud & Financial Crime
Companies: SEBI
Countries: India
This article is part of category

Fraud & Financial Crime

SEBI

|
Discover all the Company news on SEBI and other articles related to SEBI in The Paypers News, Reports, and insights on the payments and fintech industry: