 "Sebi brings guidelines to boost cyber security framework for exchanges")
Capital markets regulator Sebi on Tuesday came out with guidelines to strengthen the existing cyber security and cyber resilience framework for stock exchanges and other market infrastructure institutions (MIIs).
The new guidelines will come into force with immediate effect, the Securities and Exchange Board of India (Sebi) said in a circular.
"Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII's owned or controlled systems, networks, and assets," Sebi said.
Accordingly, the regulator came out with guidelines to strengthen the existing framework for MIIs -- stock exchanges, clearing corporations, and repositories.
Under the guidelines, MIIs will have to maintain offline, encrypted backups of data and regularly test these backups at least every quarter to ensure confidentiality, integrity, and availability.
Further, they should explore the possibility of retaining spare hardware in an isolated environment to rebuild systems in the event starting their operations from both the Primary Data Centre (PDC) and Disaster Recovery Site (DRS) is not feasible.
Also, they should undertake regular business continuity drills to check the readiness of the organization and the effectiveness of existing security controls at the ground level to deal with ransomware attacks.
MIIs should conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface.
Noting that MIIs are systemically important institutions as they provide the infrastructure necessary for the smooth and uninterrupted functioning of the securities market, Sebi said that they should employ multi-factor authentication for all services, secure domain controllers, and secure dark web monitoring services to check for any brand abuse.
As part of the operational risk management, these MIIs need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in the securities market, Sebi said.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app