SEBI releases cyber security framework for brokers, depositories


Mumbai, Dec 3 (IANS): The Securities and Exchange Board of India (SEBI) on Monday came out with a cyber security framework for stock brokers and depositories.

The guidelines would come into force on April 1, 2019, SEBI said in a circular.

"As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, stock brokers/depository participants should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework," the circular said.

In case of deviations from the suggested framework, reasons for such deviations, technical or otherwise, should be provided in the policy document, it added.

As per the guidelines, stock brokers or depository participants should designate a senior official or management personnel whose function would be to assess and identify cyber security risks, respond to incidents, establish appropriate standards and controls.

The board or proprietors of the stock brokers or depository participants would have to constitute an internal "technology committee" comprising experts, which would, on a half-yearly basis review the implementation of the cyber security and cyber resilience policy of the organisation.

It also said: "No person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities."

Any access to systems, applications, networks, databases and so on, should be for a defined purpose and for a defined period, the regulator added.

"All critical systems of the stock broker/depository participant accessible over the Internet should have two-factor security (such as VPNs, Firewall controls etc)."

It mandated the brokers and depositories to ensure that records of user access to critical systems, wherever possible, are uniquely identified and logged for audit and review purposes and also ordered for storing logs in a secure location for at least two years.

The guidelines further said that physical access to the critical systems should be restricted only to authorised officials.

For algorithmic trading facilities, SEBI ordered that adequate measures should be taken to isolate and secure the perimeter and connectivity to the servers running algorithmic trading applications.

"Critical data must be identified and encrypted in motion and at rest by using strong encryption methods," the circular said.

  

Top Stories


Leave a Comment

Title: SEBI releases cyber security framework for brokers, depositories



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.