Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities

The Securities and Exchange Board of India (SEBI) has taken a significant step towards enhancing cyber security measures by releasing a consultation paper titled ‘Consolidated Cyber Security and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities.’ This framework aims to provide a common structure for multiple approaches to cyber security, ensuring the prevention of cyber risks and incidents. 

The Five Functions of Cyber Security 

At the core of SEBI’s framework lies the five concurrent and continuous functions of cyber security, as defined by the National Institute of Standards and Technology (NIST): Identify, Protect, Detect, Respond, and Recover. These functions serve as the pillars upon which the framework is built, guiding regulated entities in establishing robust cyber security protocols. 

Formulating a Cyber Crisis Management Plan 

SEBI emphasizes the importance of regulated entities formulating an up-to-date Cyber Crisis Management Plan (CCMP). This plan serves as a comprehensive blueprint to manage cyber crises effectively. Additionally, regulated entities are required to establish a comprehensive incident response management plan and respective Standard Operating Procedures (SOPs). These measures ensure a proactive and organized response in the event of a cyber incident. 

Investigating Alerts and Root Cause Analysis 

To maintain the integrity of cyber security systems, the consultation paper highlights the need for suitable investigation of alerts generated from monitoring and detection systems. Regulated entities must conduct Root Cause Analysis (RCA) to identify the underlying causes of cyber incidents, enabling them to implement necessary preventive measures. 

Enhancing Cyber Resilience 

The primary objective of SEBI’s consultation paper is to enhance cyber security and cyber resilience for entities regulated by the organization. By implementing the framework, regulated entities can establish a standardized approach to cyber security, minimizing vulnerabilities, and reducing the risks associated with cyber threats. 


Month: 

Category: 

Leave a Reply

Your email address will not be published. Required fields are marked *