Securities and Exchange Board of India (SEBI) has released another update for its “Cyber Security and Cyber Resilience Framework,” establishing a considerably short deadline to file an exhaustive information security status report. The statement applies to financial institutions and companies in stock exchanges.
The update considers any system storing personally identifiable information (PII) as critical equipment, making them subject to regular reviews and testing processes. Technology implementations interacting with critical operating and maintenance systems are also considered critical.
Entities providing investment services shall also maintain an updated inventory of their systems, including hardware, software, storage units, network resources and data flows. System administrators should perform frequent security audits, performed only by entities previously approved by CERT-In.
If that were not enough, all organizations that provide these services must submit their security reports within ten days after receiving this notification.
As many readers may guess, ten days is a ridiculously short deadline to achieve such goals, so it is anticipated that many organizations will try to challenge this decision of the Indian government.
Online platforms think this is mission impossible, especially considering that the deadline granted by the authorities includes two weekends.
Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.