Connect with us
Jul 05, 2024
SEBI announces CSCRF – A new framework for cyber resilience and cybersecurity for all SEBI regulated entities
Cybersecurity and Cyber Resilience Framework (CSCRF) is a standard-based framework and broadly covers the five cyber resiliency goals, viz. Anticipate, Withstand, Contain, Recover, and Evolve which are adopted from CERT-In Cyber Crisis Management Plan (CCMP), for countering Cyber Attacks and Cyber Terrorism. Under this framework registered entities will be graded into five categories based on various parameters: Market Infrastructure Institutions (MIIs); Qualified REs; Mid-size REs; Small-size REs and self-certification REs.
The framework is expected to provide the following benefits:
1. Cyber Risk Governance and Management Framework.
2. Data classification and localization: To set up robust security controls for data generated / managed /processed by REs, CSCRF classifies data in two categories: 'Regulatory Data' and 'IT and Cybersecurity Data'. While 'Regulatory Data' is mandatorily localized, dispensation for 'IT and Cybersecurity Data' for offshoring has been given with suitable guardrails.
3. Implementation of Security Operations Centre (SOC) and measuring its efficacy on a periodic basis.
4. Guidelines for API security and mobile application security.
5. Cyber Capability Index (CCI) to assess cyber resilience.
6. Software Bill of Materials (SBOM) to mitigate supply chain risks.
The new standards and practices will need to be adopted by six categories of entities that already have the regulator-prescribed cybersecurity and resilience structures in place by January 1, 2025; and by other entities by April 1, 2025.
SEBI bans the association of regulated entities with unregistered finfluencers
The Securities and Exchange Board of India (SEBI) approved a proposal on June 27 to ban regulated entities, such as brokers, from associating with unregistered entities, including "finfluencers." SEBI stated that regulated persons and their agents should not have any associations, such as financial transactions, client referrals, IT system interactions, or other similar relationships, with any person who provides advice, recommendations, or makes claims of return or performance related to securities, unless permitted by the SEBI board
Exceptions:
These restrictions will not apply to:
• Persons regulated by the SEBI board or their agents who are exclusively engaged in investor education and do not provide advice, recommendations, or claims of return or performance.
• Specified digital platforms that have mechanisms to prevent and address unauthorized advice, recommendations, or claims of return or performance, to the satisfaction of the SEBI board.
MeitY to come out with a first draft on AI policy in the next 5-6 months
The Ministry of Electronics and Information Technology (MeitY) is studying AI policy frameworks in different countries, and will unveil the first draft of a national AI policy in the next five to six months. The new AI regulatory framework will have deep fake regulation as an integral component. The Indian government has also taken steps to promote the development and deployment of indigenous AI models with the IndiaAI Mission, announced in March 2024.
Bringing a Silent Revolution through the Boardroom
Institute of Directors (IOD) is an apex national association of Corporate Directors under the India's 'Societies Registration Act XXI of 1860'. Currently it is associated with over 30,000 senior executives from Govt, PSU and Private organizations of India and abroad.
Owned by: Institute of Directors, India
Disclaimer: The opinions expressed in the articles/ stories are the personal opinions of the author. IOD/ Editor is not responsible for the accuracy, completeness, suitability, or validity of any information in those articles. The information, facts or opinions expressed in the articles/ speeches do not reflect the views of IOD/ Editor and IOD/ Editor does not assume any responsibility or liability for the same.
About Publisher
Bringing a Silent Revolution through the Boardroom
Institute of Directors (IOD) is an apex national association of Corporate Directors under the India's 'Societies Registration Act XXI of 1860'. Currently it is associated with over 30,000 senior executives from Govt, PSU and Private organizations of India and abroad.
View All BlogsMasterclass for Directors
Categories
