Stock brokers to report cyber threats within 6 hours of detecting them: Sebi | #itsecurity | #infosec

Market regulator Sebi has asked stock brokers and depositories participants to report all cyber attacks, threats and breaches experienced by them within six hours of detecting such incidents.

The incident will also be reported to the Indian Computer Emergency Response team (CERT-In) in accordance with the guidelines issued by CERT-In from time to time, Sebi said in a circular.

Additionally, the stock brokers and depository participants, whose systems have been identified as ‘protected system’ by National Critical Information Infrastructure Protection Centre (NCIIPC) will also report such incidents to NCIIPC.

“All cyber attacks, threats, cyber incidents and breaches experienced by stock brokers/ depositories participants shall be reported to stock exchanges/ depositories and Sebi within six hours of noticing/ detecting such incidents or being brought to notice about such incidents,” Sebi said in the circular.

The quarterly reports containing information on cyber attacks, threats, cyber incidents and breaches experienced by the stock brokers and depository participants and measures taken to mitigate the vulnerabilities, including information on bugs vulnerabilities, threats that may be useful for others, will have to be submitted to the exchanges and depositories within 15 days from the end of every quarter.

Earlier this month,  the capital markets regulator tweaked the cyber security and cyber resilience framework for asset management companies (AMCs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year.

AMCs have been asked to submit to stock exchanges and depositories a declaration from the MD and CEO, certifying compliance by them with all Sebi guidelines and advisories related to cyber security issued from time to time.

According to Sebi, they must conduct regular Vulnerability Assessments and Penetration Tests (VAPT) that include critical assets and infrastructure components in order to detect security vulnerabilities in the IT environment and an in-depth evaluation of the security posture of the system through simulations of real attacks on their systems and networks.

Within a month from the completion of the VAPT, the final report must be submitted to Sebi with the approval of the technology committee of respective AMCs.


Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Original Source link

Leave a Comment

78 + = eighty