RBI issues new directions to banks, NBFCs on IT governance & cyber security


Mumbai, Nov 8 (IANS): The RBI has issued a new comprehensive Master Direction to banks and NBFCs on Information Technology Governance, Risk, Controls and Assurance Practices which spells out the role of Directors of these regulated entities to discharge their duties in order to safeguard the interests of customers.

These directions incorporate, consolidate and update the guidelines, instructions and circulars on IT Governance issued earlier and will come into effect from April 1, 2024.

The guidelines havedirected all regulated entities to keep a close watch on:

‘Cyber events’defined as any observable occurrence in an information system. Cyber events sometimes provide indication that a cyber incident is occurring.

Cyber security’ -- Preservation of confidentiality, integrity and availability of information through the cyber medium. In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved.

‘Cyber incident’ -- which is a cyber event that adversely affects the cyber security of an information asset whether resulting from malicious activity or not.

‘Cyber-attack’ -- Malicious attempts to exploit vulnerabilities through the cyber medium to damage, disrupt or gain unauthorised access to assets.

‘De-militarized Zone’ or ‘DMZ’ is a perimeter network segment that is logically between internal and external networks.

‘Information Asset’ -- Any piece of data, device or other component of the environment that supports information-related activities.Information Assets include information system, data, hardware and software.

Foreign banks operating in India have also been asked to follow the guidelines and to hold discussions with the RBI in case they have to seek an exemption in the case of any particular norm.

 

 

  

Top Stories


Leave a Comment

Title: RBI issues new directions to banks, NBFCs on IT governance & cyber security



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.