Cybersecurity Framework for Banks by RBI

Evaluate the efficiency of IT Security Measures

Are you pleased with the findings in your present penetration test report?

Does your vendor provide mitigation support

Do you need additional support to fix vulnerabilities

Importance of Cybersecurity Framework in Banking

Banks’ swift adoption of information technology is now a crucial part of their operational strategy. The financial services industry is the primary target for cybercriminals among 26 different sectors. It remains particularly susceptible to malicious email activities, with consumers seven times more likely to be targeted by attacks from spoofed emails bearing a bank’s brand compared to any other industry.

How it Works

Methodology

The audit of the Cyber Security Framework for Banks aligns with the following audit domains. These domains are categorized according to the designated Level for the respective UCB. Additionally, the relevance of domains varies based on the Bank’s Level, namely, Level 1, Level 2, Level 3, or Level 4.

Review Inception

We provide the auditee with the audit charter, outlining the roles and responsibilities of the audit function, along with the audit objectives.

Documentation

We furnish the Auditee with a Document Review List (DRL), outlining the necessary policies. Further analysis of these policies will be conducted in accordance with compliance standards.

Detection & Examination

A risk assessment, both quantitative and qualitative, will be carried out for each business process within the scope, and the risks will be analyzed.

Hazard Reaction

The GAP Assessment Report will recommend action points and a risk response methodology. The auditee will be requested to provide an action plan in response.

Deployment Assessment

We perform a review post-implementation of the mitigations.

RBI Circulars

The subsequent circulars, outlining fundamental cybersecurity controls, were distributed to all banks:

Cybersecurity Framework for Banks: DBS. CO/CSITE/BC.11/33.01.001/2015-16
Primary (Urban) Cooperative Banks (UCBs) – Essential Cybersecurity Framework: DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19
Cybersecurity Controls for Third-Party ATM Switch Application Service Providers: DoS.CO/CSITE/BC.4084/31.01.015/2019-20
Holistic Cybersecurity Framework for Primary (Urban) Cooperative Banks (UCBs) – An Incremental Approach: DoS.CO/CSITE/BC.4083/31.01.052/2019-20

Do you know?

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

61%

of tested apps had at least one high or critical severity vulnerability not listed in OWASP Top 10.

Want a quick Audit?

What do you get?

Audit Preliminary Report

Draft of the audit report highlighting the initial discoveries and findings.

Conclusive Audit Report

A detailed report expounding on the conclusive audit findings.

Remediation Assistance

Using a GAP Assessment Report, recommendations for addressing non-compliant controls will be provided.

Compliance Confirmation Letter

A letter affirming that the requirements have been met, and all relevant controls/regulations are satisfied.

Embrace the Assumed Breach approach to outmaneuver Advanced Persistent Threat groups.

Schedule a Consultation

Photographer

Cybersecurity Framework for Banks by RBI