December 09, 2018:
Lately Sebi issued detailed guidelines on cyber security for stock brokers & depository participants.
Market regulator Sebi on Friday directed market infrastructure firms to set up cybersecurity operations centres manned by security analysts that will monitor systems round-the-clock to identify, respond to & defend against cyber attacks.
According to Sebi’s circular, cyber security operation centres (C-SOC) of market infrastructure institutions (MIIs) like clearing corporations, depositories & exchanges need to prevent cyber attacks through proactive actions including continuous threat analysis.
According to the circular, Sebi has asked MIIs to “network & host scanning for vulnerabilities & breaches, countermeasure deployment coordination, deploy adequate & appropriate technology at the perimeter to prevent attacks originating from external environments & internal controls to manage insider threats”.
“MIIs may implement necessary controls to achieve zero trust security model,” it added.
Appropriate alert mechanisms such as a comprehensive dashboard, tracking of key security metrics & provide cyber threat scorecards should be implemented, Sebi directed.
In order to detect security incidents in real time, Sebi said, the centre should go for 24X7 monitoring & analysis of relevant logs of MII’s network devices, data traffic, cyber intelligence feeds sourced from reliable vendors, inputs received from other MIIs as also from external agencies such as CERT-In, among others.
Six months granted
The move comes after Sebi issued detailed guidelines on cyber security for stock brokers & depository participants.
The regulator has directed bourses, clearing corporations & depositories to put in place systems for implementation within six months.