Sebi on Tuesday came out with a consultation paper on boosting cyber security framework for entities regulated by it.
The consultation paper on ‘Consolidated Cyber security and Cyber Resilience Framework (CSCRF) for Sebi Regulated Entities’ looks at providing a common structure for multiple approaches to cyber security to prevent any cyber-risks and incidents.
Sebi said the framework is based on five concurrent and continuous functions of cyber security as defined by NIST — Identify, Protect, Detect, Respond, and Recover.
NIST refers to the National Institute of Standards and Technology.
“All REs shall formulate an up-to-date Cyber Crisis Management Plan (CCMP),” the consultation paper said, adding that they would also have to put in place comprehensive incident response management plan and respective Standard Operating Procedures (SOPs).
“Alerts generated from monitoring and detection systems shall be suitably investigated for Root Cause Analysis (RCA),” it noted.
Comments on the consultation paper can be submitted to the regulator till July 25.
