 "Sebi releases new cyber security framework for regulated entities")
Markets watchdog Sebi on Tuesday issued a new cyber security framework wherein all regulated entities are required to have appropriate security monitoring mechanisms, and the fresh norms will be implemented in a graded manner starting from January 2025.
Besides, a Cyber Capability Index (CCI) for market infrastructure institutions and qualified regulated entities will be introduced to monitor and assess their cybersecurity maturity and resilience on a regular basis.
The Cybersecurity and Cyber Resilience Framework (CSCRF), formulated after consultations with stakeholders, comes at a time when there are rising instances of cyber attacks.
The framework will supersede the existing cybersecurity circulars and guidelines for the entities regulated by Sebi, according to a circular.
For small regulated entities, Sebi said that stock exchanges NSE and BSE will establish market Security Operation Centres (SOCs) to assist them in meeting the requirements under the new framework.
These SOCs will provide cybersecurity solutions tailored to the needs of small entities, ensuring that they achieve cyber resiliency despite limited resources, the regulator said.
All regulated entities are to establish appropriate security monitoring mechanisms through SOCs.
The onboarding of SOC can be done through a regulated entity's own/ group SOC or market SOC or any other third-party managed SOC for continuous monitoring of security events and timely detection of anomalous activities, as per the circular.
With a glide path, the framework will be implemented in two phases -- one set of entities has to ensure compliance by January 1, 2025, and another set by April 1, 2025.
Post the given deadlines, the entities are expected to conduct cybersecurity audits as per the CSCRF and submit reports to the appropriate authorities within the stipulated timelines.
"CSCRF contains provisions with respect to various areas such as requirements of IT services, Software as a Service (SaaS) solutions, hosted services, classification of data, audit for software solutions/applications/products used by regulated entities etc," the circular said.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app