The Securities and Exchange Board of India (SEBI) has issued new guidelines to strengthen the cyber security of market infrastructure institutions (MIIs), such as stock exchanges, clearing corporations, and depositories. The guidelines, which come into effect immediately, aim to improve the security of MIIs’ IT systems and data, and to mitigate the risk of cyber attacks.
The guidelines require MIIs to implement a number of measures, including:
- Conducting regular vulnerability scanning and patching of software and operating systems.
- Implementing a user awareness and training program to educate employees about cyber security risks.
- Using multi-factor authentication for all access to IT systems.
- Implementing a configuration management database to track changes to IT systems.
- Regularly reviewing the Active Directory (AD) to identify and close backdoors.
- Securing domain controllers (DCs) by patching them regularly, removing unnecessary software, and restricting access to administrators.
- Retaining and securing logs for security devices, applications, databases, and network devices.
- Implementing network segregation to contain cyber incidents.
- Ensuring secure usage of RDP (Remote Desktop Protocol).
- Connecting to MIIs via API only on a whitelist basis.
- Implementing DNS filtering services.
- Managing critical servers, applications, and services only through intranet systems.
- Implementing a system to manage and incorporate IOCs (indicators of compromise), malware alerts, and vulnerability alerts.
- Devising a standard operating procedure (SOP) for implementing advisories issued by CERT-In, NCIIPC, or other government agencies.
- Subjecting the MII’s response and recovery plan to review and testing.
SEBI said that the guidelines are necessary to protect the interests of investors and to ensure the smooth functioning of the securities market. The regulator also said that it will be monitoring the implementation of the guidelines by MIIs.
The new guidelines are a welcome step by SEBI to strengthen the cyber security of MIIs. The guidelines are comprehensive and cover a wide range of measures that MIIs can take to improve their cyber security posture. The implementation of these guidelines will help to protect the securities market from cyber attacks and ensure the safety of investors’ money.
In addition to the guidelines issued by SEBI, MIIs should also take steps to implement the following best practices for cyber security:
- Use strong passwords and two-factor authentication for all accounts.
- Keep software up to date.
- Be careful about what links you click on and what attachments you open.
- Be suspicious of any emails or messages that seem out of the ordinary.
- Report any suspicious activity to your IT department immediately.
By taking these steps, MIIs can help to protect themselves from cyber attacks and keep their IT systems and data safe.
Follow The420.in on