SEBI Issues New ‘Cybersecurity and Cyber Resilience Framework’ for Regulated Entities
- Blog|News|Company Law|
- < 1 minute
- By Taxmann
- |
- Last Updated on 22 August, 2024
Circular No. SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/113; Dated: 20.08.2024
SEBI has issued a new ‘Cybersecurity and Cyber Resilience framework’ for Regulated Entities (REs). The framework is broadly based on two approaches: cybersecurity and cyber resilience. The cybersecurity approach covers various aspects, from governance measures to operational controls, and the cyber resilience goals include anticipating, withstanding, containing, recovering, and evolving. This framework will supersede the previous cybersecurity circulars and guidelines for SEBI-regulated entities.
As per the new framework, REs must establish, communicate and enforce cybersecurity risk management roles, responsibilities, and authorities to foster accountability and continuous improvement. REs must identify and classify critical systems based on their sensitivity and criticality for business operations, services and data management. The Board/Partners/Proprietor of RE must approve the list of critical systems.
Further, REs must design and implement network segmentation techniques to restrict access to sensitive information, hosts and services. REs must establish appropriate security mechanisms through the Security Operations Centre (SOC) to continuously monitor security events and detect anomalous activities in a timely manner.
All REs must formulate and maintain an up-to-date Cyber Crisis Management Plan (CCMP). In the event of an incident, Root Cause Analysis (RCA) must be conducted to identify the causes leading to the incident. Also, adaptive and evolving controls to tackle identified vulnerabilities and reduce attack surfaces must be incorporated into the RE’s cybersecurity and cyber resilience strategy.
Click Here To Read The Full Circular
Disclaimer: The content/information published on the website is only for general information of the user and shall not be construed as legal advice. While the Taxmann has exercised reasonable efforts to ensure the veracity of information/content published, Taxmann shall be under no liability in any manner whatsoever for incorrect information, if any.