Just a moment...

Top
Help
×

By creating an account you can:

Logo TaxTMI
>
Call Us / Help / Feedback

Contact Us At :

E-mail: [email protected]

Call / WhatsApp at: +91 99117 96707

For more information, Check Contact Us

FAQs :

To know Frequently Asked Questions, Check FAQs

Most Asked Video Tutorials :

For more tutorials, Check Video Tutorials

Submit Feedback/Suggestion :

Email :
Please provide your email address so we can follow up on your feedback.
Category :
Description :
Min 15 characters0/2000
TMI Blog
Home / RSS

Guidelines for MIIs regarding Cyber security and Cyber resilience

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....cture Institutions (MIIs) need to have robust cyber security framework to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in securities market. It is also important that MIIs establish and continuously improve their Information Technology(IT) processes and controls to preserve confidentiality, integrity and availability of data and IT systems. 2. With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase. Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII's owned or controlled systems, n....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....d Clearing Corporations) Regulations, 2018 and Section 19 of the Depositories Act, 1996 read with Regulation 97 of Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. 9. The circular is issued with the approval of Competent Authority. 10. This circular is available on SEBI website at www.sebi.gov.in under the category "Legal" and dropdown "Circulars". Yours faithfully, Ansuman Dev Pradhan Deputy General Manager +91-22-26449622 [email protected] Annexure-A MIIs are required to implement the following practices: - 1) MIIs shall maintain offline....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....technologies to deal with such attacks. 5) MIIs should conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface. 6) MIIs should patch and update software and OSs to the latest available versions and it must be reviewed on a quarterly basis to ensure the implementation of the same. 7) MIIs should implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g. phishing) or incidents. 8) MIIs should implement filters at the email gateway to filter out emails with known malicious indicators, such as known malicious subject lines, and block....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....rs often target and use DCs as a staging point to spread ransomware network-wide. a) MIIs should ensure that DCs are patched as and when patch is released and it must be reviewed on a quarterly basis to ensure the implementation of the same. b) MIIs should ensure that no unnecessary software is installed on DCs, as these can be leveraged to run arbitrary code on the system. c) MIIs should ensure that access to DCs should be restricted to the Administrators group- Users within this group should be limited and have separate accounts used for day-to-day operations with non-administrative permissions. d) MIIs should ensure that DC host firewalls are configured to prevent direct internet access. e) MI....

X X   X X   Extracts   X X   X X

Full Text of the Document

X X   X X   Extracts   X X   X X

....22) MIIs should implement Domain name system (DNS) filtering services to ensure clean DNS traffic is allowed in the environment. Domain name system security extensions (DNS-Sec) for secure communication shall be used. 23) Management of the critical servers / applications / services / network elements should only be restricted through enterprise identified intranet systems. 24) MIIs should have system(s) in place to manage and incorporate IOCs /malware alert/vulnerability-alert (received from CERT-in or NCIIPC or any linked MII or any other government agency) in their systems. 25) MIIs shall devise standard operating procedure (SoP) to implement the advisories issued by CERT-In, NCIIPC or any other government agenc....