New cyber security framework for regulated firms released by Sebi

0
129
New cyber security framework for regulated firms released by Sebi
New cyber security framework for regulated firms released by Sebi

The market regulator Sebi unveiled a new cyber security framework on Tuesday, requiring all regulated enterprises to have appropriate security monitoring tools.

According to a new cyber security framework released by market watchdog Sebi on Tuesday, all regulated firms must have adequate security monitoring methods. The new regulations will be gradually implemented beginning in January 2025. Additionally, to regularly monitor and evaluate the cybersecurity resilience and maturity of market infrastructure institutions and qualified regulated businesses, a Cyber Capability Index (CCI) will be implemented. The Cybersecurity and Cyber Resilience Framework (CSCRF) was developed in response to stakeholder discussions at a period of increasing cyberattacks.

A circular states that the framework will replace the current cybersecurity guidelines and circulars for the Sebi-regulated firms. Stock exchanges NSE and BSE will set up market Security Operation Centers (SOCs) to help small regulated businesses meet the standards under the new framework, according to a statement from Sebi. According to the regulator, these SOCs will offer cybersecurity solutions that are specifically designed to meet the demands of small businesses, making sure that they can achieve cyber resilience even with minimal resources.

Through SOCs, all regulated entities must set up the proper security monitoring systems. As per the circular, the onboarding of SOC for the purpose of continuous monitoring of security events and prompt detection of abnormal actions can be carried out through the own/group SOC, market SOC, or any other third-party managed SOC.

The framework will be implemented in two stages via a glide path: by January 1, 2025, one set of entities must demonstrate compliance, and by April 1, 2025, another set. Following the deadlines, the entities must perform cybersecurity audits in accordance with the CSCRF and deliver reports to the relevant authorities within the allotted time frames. “CSCRF contains provisions with respect to various areas such as requirements of IT services, Software as a Service (SaaS) solutions, hosted services, classification of data, audit for software solutions/applications/products used by regulated entities, etc.” the circular stated.

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.