Cybersecurity and Cyber Resilience Framework by SEBI

Evaluate the efficiency of IT Security Measures.

Are you pleased with the findings in your present penetration test report?

Does your vendor provide mitigation support

Do you need additional support to fix vulnerabilities

Importance of a Cybersecurity Framework for Depository Participants and Asset Management Companies.

In the rapidly evolving securities market, prioritize robust cybersecurity to safeguard data integrity and prevent privacy breaches. Comply with SEBI’s framework for essential facilities and operational risk management. Stay ahead of technological advancements to ensure effective protection for your operations.

How it Works

Methodology

The audit of the Banks’ Cybersecurity Framework aligns with the following audit domains, segregated based on the designated Level for the respective UCB. The applicability of domains varies depending on the Bank’s Level, categorized as Level 1, Level 2, Level 3, or Level 4.

Review Inception

We provide the auditee with the audit charter, outlining the roles and responsibilities of the audit function, along with the audit objectives.

Documentation

We furnish the Auditee with a Document Review List (DRL), outlining the necessary policies. Further analysis of these policies will be conducted in accordance with compliance standards.

Detection & Examination

A risk assessment, both quantitative and qualitative, will be carried out for each business process within the scope, and the risks will be analyzed.

Hazard Reaction

The GAP Assessment Report will recommend action points and a risk response methodology. The auditee will be requested to provide an action plan in response.

Deployment Assessment

We perform a review post-implementation of the mitigations.

RBI Circulars

To protect stockholders’ interests, foster the growth of the securities market, and regulate it, this circular is issued under the authority granted by Section 11(1) of the Securities and Exchange Board of India Act, 1992. Consequently, all stock exchanges and depositories received the following circulars delineating essential cybersecurity controls:

Circular No: SEBI/HO/MIRSD/CIR/PB/2018/147
Circular No.: SEBI/HO/MIRSD/TPD/P/CIR/2022/80

Do you know?

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

Want a quick Audit?

What do you get?

Audit Preliminary Report

Draft of the audit report highlighting the initial discoveries and findings.

Conclusive Audit Report

A detailed report expounding on the conclusive audit findings.

Remediation Assistance

Using a GAP Assessment Report, recommendations for addressing non-compliant controls will be provided.

Compliance Confirmation Letter

A letter affirming that the requirements have been met, and all relevant controls/regulations are satisfied.

Embrace the Assumed Breach approach to outmaneuver Advanced Persistent Threat groups.

Schedule a Consultation

Photographer

Cybersecurity and Cyber Resilience Framework by SEBI