Express Computer
Home  »  News  »  Reserve Bank asks lenders to implement cyber security policy

Reserve Bank asks lenders to implement cyber security policy

0 322

Depending on the level of inherent risks, the banks are required to identify their riskiness as low, moderate, high and very high or adopt any other similar categorisation.

The Reserve Bank of India (RBI) has asked banks to “immediately put in place a cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk”.

In order to address the need for the entire bank to contribute to a cyber-safe environment, the cyber security policy should be distinct and separate from the broader IT policy or IS security policy so that it can highlight the risks from cyber threats and the measures to address and mitigate these risks, the RBI said in a notification to banks.

According to the RBI, the size, systems, technological complexity, digital products, stakeholders and threat perception vary from bank to bank and hence it is important to identify the inherent risks and the controls in place to adopt appropriate cyber-security framework. “While identifying and assessing the inherent risks, banks are required to reckon the technologies adopted, alignment with business and regulatory requirements, connections established, delivery channels, online or mobile products, technology services, organisational culture and internal and external threats,” it said.

Depending on the level of inherent risks, the banks are required to identify their riskiness as low, moderate, high and very high or adopt any other similar categorisation. “Riskiness of the business component also may be factored into while assessing the inherent risks. While evaluating the controls, board oversight, policies, processes, cyber risk management architecture including experienced and qualified resources, training and culture, threat intelligence gathering arrangements, monitoring and analysing the threat intelligence received vis-à-vis the situation obtaining in banks, information sharing arrangements (among peer banks), preventive, detective and corrective cyber security controls, vendor management and incident management and response are to be outlined,” the RBI said.

As the nature of cyber-attacks are such that they can occur at any time and in a manner that may not have been anticipated, the RBI said a SOC (Security Operations Centre) should be set up at the earliest, if not yet been done. “It is also essential that this Centre ensures continuous surveillance and keeps itself regularly updated on the latest nature of emerging cyber threats,” it said.

According to the RBI, recent incidents have highlighted the need to thoroughly review network security in every bank. In addition, the RBI has observed that many times connections to networks/databases are allowed for a specified period of time to facilitate some business or operational requirement. However, the same do not get closed due to oversight making the network/database vulnerable to cyber-attacks. “It is essential that unauthorised access to networks and databases is not allowed and wherever permitted, these are through well-defined processes which are invariably followed. Responsibility over such networks and databases should be clearly elucidated and should invariably rest with the officials of the bank,” it said.

The RBI said a Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be a part of the overall board approved strategy. “Considering the fact that cyber-risk is different from many other risks, the traditional BCP/DR arrangements may not be adequate and hence needs to be revisited keeping in view the nuances of the cyber-risk,” it said.

“Concurrently, there is an urgent need to bring the board of directors and the top management in banks up to speed on cyber-security related aspects, where necessary, and hence banks are advised to take immediate steps in this direction,” the RBI said.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image