RBI Cyber Security Framework in India

RBI Cyber Security Framework sevice

Take a leap in developing and implementing next-generation cyber defense of the banking infrastructure

“Cyber Security Framework in Banks” circular from RBI sets the guidelines for Banks in India towards developing and implementing next generation cyber defense capabilities. The RBI cyber security framework addresses three core areas: (1) Establish Cyber Security Baseline and Resilience (2) Operate Cyber Security Operations Centre (C-SOC) (3) Cyber Security Incident Reporting (CSIR).

RBI Cyber Security Framework – Overview

Cyber Security Policy

Define and adopt a comprehensive cyber security policy in developing and establishing the cyber security framework.

Cyber Security Strategy

Develop the cyber security strategy that supports the Bank’s security policy, business goals and objectives

Cyber Security Organization

Establish a cyber security function and define the roles and responsibilities for implementing, managing, and improving the cyber defense

Cyber Risk / Gap Assessment

Perform Gap Assessment against the Cyber Security Framework requirements. Assess cyber security risks of the organization

Security Testing

Perform security testing/penetration testing of the systems, applications, and network to identify the vulnerabilities and mitigate them

Network and Database Security

Review and enhance the network and database security configurations. Harden the systems to minimize the attack vectors

Physical & Environmental Security

Ensure that the physical and environmental controls are implemented to provide adequate security for the information assets

Third Party Risk Management

Identify the critical 3rd parties such as vendors and assess the risks introduced by such relationships.

Cyber Security Awareness

Educate employees, contractors, and customers about cyber security so that human mistakes can be avoided

Cyber Crisis Management Plan

Establish a crisis management plan in line with the guidelines from CERT-IN, RBI CSF, and national cyber crisis management plan

Cyber Security Operation Centre

Establish a security operations center for proactive monitoring using sophisticated tools for detection and quick response.

Incident Response & Management

Define the incident response and management process and establish reporting process to notify RBI on cyber security incidents

Would you like to speak to a Security Analyst?

Establish Cyber Security Baseline

Establish Cyber Security Operation Centre (C-SOC)

C-SOC Functional Requirements

Define the functional requirements of the security operations centre

Governance Requirements

Define the governance structure of the CSOC and management framework

Integration Requirements

Integrate the CSOC with security solutions to generage alerts

People Requirements

Ensure the right skillsets are available within the CSOC operations

Process Requirements

Define the CSOC processes, playbooks, and operation manuals. Develop the IR process and playbooks to meet the RBI CSF CSOC requirements

Technology Requirements

Deploy the CSOC technologies such as SIEM integrated with threat intelligence feeds / services. Develop

Cyber Security Incident Reporting (CSIR)

Template for reporting Cyber Incidents

An advanced black-box penetration testing engagement is performed based on minimal information received about the target environment. The testing process may span between few days to months depending on the engagement model.

Cyber Security Incident Reporting (CSIR) Form

An advanced grey-box testing simulates the tactics used by adversaries such as APT groups or nation-states. The intent is not just to identify vulnerabilities, but to identify the exploitation opportunities by these adversaries on your data and customers

Would you like to speak to a Security Analyst?

News & Events

Related Insights