Indian companies listed in stock exchange to provide infosec audits and information system inventory to government. New SEBI guidelines

Securities and Exchange Board of India (SEBI) has released another update for its “Cyber Security and Cyber Resilience Framework,” establishing a considerably short deadline to file an exhaustive information security status report. The statement applies to financial institutions and companies in stock exchanges.

The update considers any system storing personally identifiable information (PII) as critical equipment, making them subject to regular reviews and testing processes. Technology implementations interacting with critical operating and maintenance systems are also considered critical.

Entities providing investment services shall also maintain an updated inventory of their systems, including hardware, software, storage units, network resources and data flows. System administrators should perform frequent security audits, performed only by entities previously approved by CERT-In.

If that were not enough, all organizations that provide these services must submit their security reports within ten days after receiving this notification.

As many readers may guess, ten days is a ridiculously short deadline to achieve such goals, so it is anticipated that many organizations will try to challenge this decision of the Indian government.

Online platforms think this is mission impossible, especially considering that the deadline granted by the authorities includes two weekends.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

To Top

Pin It on Pinterest

Share This