On 24th September, 2020, the RBI released Cyber Security Vision Framework for Urban Cooperative Banks (UCBs).

The Reserve Bank of India (RBI) has proposed to bring cyber security rules based on the size and complexity of urban cooperative banks (UCB) with an aim to bring the largest of them at par with other banks that run a full gamut of protections against online threats. 

“The approach will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks having mature cyber security infrastructure and practices,” the central bank said in its technology vision document for 2020-23. 

As per RBI – the UCBs with higher digital depth will now have to appoint Chief Information Security Officer (CISO), and set up various committees such as IT Strategy Committee, IT Steering Committee, etc. There has to be a board approved IT governance framework, and considering the implementation to be a costly process, “the responsibility for implementation, monitoring, compliance and response would have to be assigned from the Board level and percolate down till the end user,” 

The Reserve Bank of India published the “’Technology Vision for Cyber Security’ for Urban Co-operative Banks (UCBs) – 2020-2023”. The Technology Vision Document aims at enhancing the cyber security posture of the Urban Co-operative banking sector against evolving IT and cyber threat environment. 

The Technology Vision Document for Cyber Security for UCBs has been formalized based on inputs from various stakeholders. It envisages to achieve its objective through a five-pillared strategic approach GUARD, viz., – Governance Oversight, Utile Technology Investment, Appropriate Regulation and Supervision, Robust Collaboration and Developing necessary IT, cyber security skills set.

With concerted efforts and involvement of all stake holders, the Technology Vision Document for Cyber Security for UCBs, with its 12 specific action points, aspires to

(a) Involve more Board Oversight over Cyber security;

(b) Enable UCBs to better manage and secure their IT Assets;

(c) Implement an offsite supervisory mechanism framework for UCBs on cyber security related controls;

(d) Develop a forum for UCBs so that they can share best practices and discuss practical issues and challenges; and

(e) Implement framework for providing awareness/ training for all UCBs.

The cyber security landscape will continue to evolve with wider adoption of digital banking channels, thus necessitating the UCBs to manage the associated risks effectively. Active collaboration within UCBs and their stakeholders would be necessary for sharing and coordinating various measures taken on cyber security aspects.

The implementation of the approach outlined in this Technology Vision document will strengthen the cyber resilience of the Urban Co-operative Banks.

HOW CAN WE HELP? 

We bring to you team of highly trained, world recognized Cyber Professionals with a combined experience of more than 15 Years, and core BFSI IT & IS project management expertise in various small and large setups. Where we qualified successfully and were awarded projects with scope including capacity planning, surveillance audits, datacenter design and ISO 27001 implementation. 

For UCB, we understand the ‘Vision for Cyber Security’ for UCBs – 2023 

And we can help you in the journey of enhancing the cyber security posture of your institution (bank) against evolving IT and cyber threat environment through the RBI five-pillared strategic approach GUARD: 

Governance Oversight,

Utile Technology Investment,

Appropriate Regulation and Supervision,

Robust Collaboration and

Developing necessary IT, cyber security skills set. 

WHAT DO WE HAVE TO OFFER? 

We can be your one stop shop, for all your IT, IS and Cybersecurity requirements, and thereby establishing a long-term relationship – such that we serve you as your strategic advisor on matters related to Cybersecurity. The five pillar and 12 controls as listed below will be the guiding objectives for your bank’s CS/IS/IT program.

Governance Oversight

i. Focus on Board Oversight over Cyber security

ii. IT Vision document 

Utile Technology Investment

iii. Creation of reserve/ fund for implementation of IT/ cyber security projects

iv. Management of Business IT Assets

v. Banking Services Availability 

Appropriate Regulation and Supervision

vi. Supervisory reporting framework

vii. Appropriate guidance in implementing secure practices 

Robust Collaboration

viii. Forum to share best Practices and discuss practical issues and challenges

ix. CISO Forum for UCBs

x. Adoption of Cloud Services – Phase I 

Developing necessary IT, cyber security skills set

xi. Imparting technical Skills to manage IT and Cyber Security

xii. Providing awareness/ training for all UCBs on cyber security 

NEED OF DEDICATED CYBERSECURITY PARTNER 

As cyber threats to the banking industry evolve, the information security risk to financial institutions matures. 

Financial services organizations recognize the changing security landscape and cite avoiding data breaches as their primary mandate, with banking compliance becoming their second most important driver. 

Extremely sensitive and valuable data resides in the financial services sector—everything from personally identifiable information (PII) to check routing data to global stock and investment algorithms. The loss of this data and intellectual property has a major effect on a bank’s brand reputation and customer loyalty. When consumers and business customers place their trust and their money in your institution, your reputation for information security is paramount. 

While in comparison to several other sectors, banks (ALL KINDS) are definitely seen to be more proactive in investing and improving security practice, such measures may still be inadequate considering the challenges with the traditional approach to IT security are: 

·      Proliferation of attack vectors and enhanced attack surface

·      Proliferation of digital and shifting customer preference

·      Sophistication of threat actors and enhanced targeting of banks

·      Banking increasingly operating as a ‘boundary-less’ ecosystem

OUR CUSTOMIZED UCB IS & CYBER SECURITY SOLUTIONS 

With our strong & exclusive BFSI specific know-how, you will receive tailor-made cyber security services meeting your institution needs, such as: 

·       Information Security ( IS ) Guidelines

·       Basic Cyber Security and Resilience Requirements.

·      Baseline Cyber Security and Resilience Requirements – Level I

·      Vendor/Outsourcing Risk Management 

·      Baseline Cyber Security and Resilience Requirements (in addition to the requirements given in Annex I) – Level II 

     Network Management and Security

     Secure Configuration

     Application Security Life Cycle (ASLC)

     Change Management

     Periodic Testing

     User Access Control / Management

     Authentication Framework for Customers

     Anti-Phishing

     Data Leak Prevention Strategy

     Audit Logs & Incident Response and Management

·      Baseline Cyber Security and Resilience Requirements (in addition to the requirements given in Annex I & II) – Level III 

     Network Management and Security

     Advanced Real-time Threat Defence and Management

     Maintenance, Monitoring, and Analysis of Audit Logs

     User / Employee/ Management Awareness

     Risk based transaction monitoring 

·      Baseline Cyber Security and Resilience Requirements (in addition to the requirements given in Annex I, II & III) – Level IV 

     Arrangement for continuous surveillance – Setting up of Cyber Security Operation Centre (C-SOC)

     Participation in Cyber Drills

     Forensics and Metrics

     IT Strategy and Policy

     IT and IS Governance Framework

     Chief Information Security Officer (CISO) 

OUR OTHER STANDARD BFSI OFFERINGS: 

ü IS ( Information System ) Audit

ü Assessment of Cyber Security controls (Baseline, Level I, II, III AND IV)

ü Remediation of previous audit findings (Compliance).

ü Review and preparation of IS and Cybersecurity Policies.

ü Vulnerability Assessment and Penetration Testing (VAPT)

ü SOC as a Service.

ü Business Continuity

ü Cyber Attack Drills

ü Embedded System Security Audit

ü Cyber Intelligence

ü Code Review & Audit

ü Security Training & Staff Skill Building

ü Customer Education

ü Data Protection & Privacy Assessments

ü Virtual CISO and DPO

ISO Certification and surveillance audits

Categories:

Tags:

Comments are closed

Recent Comments
    Categories
    Header BG
    Welcome to SecMyIT
    Open chat
    1
    Chat on WhatsApp
    Hello,
    How we can help you?