Social Network For Security Executives: Help Make Right Cyber Security Decisions
In its June 2, 2016 notification, RBI has issued new cybersecurity guidelines, which says that scheduled commercial banks (private, foreign and nationalized banks listed in the schedule of RBI Act, 1934) must proactively create or modify their policies, procedures and technologies based on new security developments and concerns. As per RBI, use of information technology and their constituents has grown rapidly and is now an integral part of banks' operational strategies; hence the need for a board-approved cyber-security policy.
As per the guidelines, Banks should immediately put a cyber security policy, separate from their IT policy, and get it approved by board. Banks need to send a confirmation to RBI, at the earliest, and in any case not later than September 30, 2016.
8 Key Takeaways From RBI Cyber Security Guidelines
Within this notification, RBI asks banks to immediately put in place a cybersecurity policy duly approved by their board, containing an appropriate approach to combat cyber threats. Some of the key takeaways from the report are as following:
This notification has got attentions of CISOs across banking sector as well as others. In response to this notification, some security practitioners say that taking boards’ cognizance while drafting security policy is going to be a challenging task. Because board members may not be very inclined to know about the security and technical information, therefore translating security information in business terms will be a challenging task. – plz check
RBI has listed 24 requirements which should be put in place by banks to achieve baseline cyber security and resilience requirements. They are mentioned below:
As per the framework, Banks should set up and operationalize cyber security operation center (C-SOC). Because threats are changing rapidly, and reactive methodology which can deal with known threats, will not work here. So, banks should adopt for proactive methodology to deal with the unknown threats.
To help banks strengthen their cybersecurity initiatives, and cyber security preparedness RBI has also set up its new IT subsidiary, appointing a new CEO Nandkumar Sarvade, retired IPS officer and an expert in bank fraud and terrorism cases.
Want To Join Top Banks and Implement The Mandatory RBI Cyber Security Framework? Click Here To Show Interest