UCB RBI Guidelines IS/Cyber Security Audit
Basic Cyber Security Framework for Urban Cooperative Banks (UCBs)
The Reserve Bank of India (RBI) on October 19, 2018 issued a set of guidelines for Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Such a framework was issued by the RBI as a measure to enhance security of the UCBs in light of the increasing number and impact of cyber security attacks on the financial sector including banks.
1) Board Approved Cyber Security Policy
- All UCBs need to immediately put in place a Cyber Security policy, duly approved by their Board/Administrator, giving a framework and the strategy containing a suitable approach to check cyber threats depending on the level of complexity of business and acceptable levels of risk.
- On completion of the process, confirmation of same within 3 months must be sent to the Department of Co-operative Bank Supervision.
- The Cyber Security Policy should inter alia encapsulate the following concerns:
Preventing access of unauthorized software. - Network Management and Security.
- Secure Configuration.
- Anti-virus and Patch Management.
- Secure mail and messaging systems.
- The IT framework/framework must be reviewed periodically by the Board or its IT subcommittee in order to identify vulnerable areas and put in place a suitable cyber security system to address the issues after assessment.
2) Cyber Crisis Management Plan
- The Cyber Crisis Management plan, prepared by CERT-In (Computer Emergency Response Team – India maybe referred to by the UCBs for guidance.
- UCBs should promptly detect any cyber intrusions (unauthorized entries) so as to respond/recover/contain impact of cyber-attacks, especially those offering services such as internet and mobile banking, RTGS/NEFT/SWIFT, credit and debit cards etc.
3) Organizational Arrangements
- UCBs should review the organizational arrangements so that the security concerns are brought to the notice of suitable/concerned officials to enable quick action.
- UCBs should actively promote among their customers, vendors, service providers and other concerned parties an understanding of its cyber security objectives.
- UCBs, as owners of customer sensitive data, should take appropriate steps in preserving the Confidentiality, Integrity and Availability of the same, irrespective of whether the data is stored/in transit within themselves or with the third party vendors; the confidentiality of such custodial information should not be compromised in any situation.
- UCBs to put in place suitable systems and processes across the data/information lifecycle. UCBs may educate and create awareness among customers with regard to cyber security risks.
4) Supervisory reporting framework
- UCBs should report immediately all unusual cyber security incidents (whether they were successful or mere attempts) to Department of Co-operative Bank Supervision giving full details of the incident.
- UCBs are advised to implement basic Cyber Security Controls and report the same to respective Regional Offices of Department of Co-operative Bank Supervision on or before March 31, 2019.
Sources:
- https://rbi.org.in/scripts/PublicationReportDetails.aspx?ID=1159
- https://rbi.org.in/scripts/NotificationUser.aspx?Id=11772
- https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11397
- https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=8515
- https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=8365
Why choose MICRON INFOCOM?
Full lifecycle
Turn goals into outcomes through a lifecycle of services.
Disciplined approach
Time-tested assessments, methodologies, and frameworks.
Extensive track record
Delivering successful business transformation projects.