TMI BlogCyber Security and Cyber Resilience framework of Stock Exchanges, Clearing Corporations and DepositoriesX X X X Extracts X X X X X X X X Extracts X X X X ..... ll have a Cyber Security Operation Center (C-SOC) that would be a 24x7x365 set-up manned by dedicated security analysts to identify, respond, respond, recover and protect from cyber security incidents. 4. The C-SOC shall function in accordance with the framework specified in SEBI Circular CIR/MRD/DP/13/2015 dated July 06, 2015. Illustrative list of broad functions and objectives to be carried out by a C-SOC are mentioned hereunder: 4.1. Prevention of cyber security incidents through proactive actions: (a) Continuous threat analysis, (b) Network and host scanning for vulnerabilities and breaches, (c) Countermeasure deployment coordination, (d) Deploy adequate and appropriate technology at the perimeter to prevent attacks originating from external environment and internal controls to manage insider threats. MIIs may implement necessary controls to achieve zero trust security model. 4.2. Monitoring, detection, and analysis of potential intrusions / security incidents in real time and through historical trending on security-relevant data sources. 4.3. Response to confirmed incidents, by coordinating resources and directing use of timely and appropriate counterm ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ing programs at the MII and for its members / participants / intermediaries with regard to cyber security, situational awareness and social engineering. 5.7. The C-SOC should be capable to prevent attacks similar to those already faced. The C-SOC should also deploy multiple honey pot services which are dynamic in characteristics to avoid being detected as honey pot by attackers. 6. As building an effective C-SOC requires appropriate mix of right people, suitable security products (Technology), and well-defined processes and procedures (Processes), an indicative list of areas that MIIs should consider while designing and implementing a C-SOC are as follows: 6.1. The MII shall ensure that the governance and reporting structure of the C-SOC is commensurate with the risk and threat landscape of the MII. The C-SOC shall be headed by the Chief Information Security Officer (CISO) of the MII. The CISO shall be designated as a Key Managerial Personnel (KMP) and relevant provisions relating to KMPs in the SEBI Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2012 and the subsequent circulars issued by SEBI relating to KMPs, shall apply to th ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... should document the cases and escalation matrices for declaring a disaster. 7. In view of the feedback received from MIIs, it has been decided that MIIs may choose any of the following models to set-up their C-SOC : (i) MII s own C-SOC manned primarily by its internal staff, (ii) MII s own C-SOC, staffed by a service provider, but supervised by a full time staff of the MII. (Refer to 7.3) (iii) C-SOC that may be shared by the MII with its group entities (that are also SEBI recognized MIls), (iv) C-SOC that may be shared by the MII with other SEBI recognized MII(s). 7.1. The responsibility of cyber security of an MII, adherence to business continuity and recovery objectives, etc. should lie with the respective MII, irrespective of the model adopted for C-SOC. 7.2. The respective risk committee(s) of the MII should evaluate the risks of outsourcing the respective activity. 7.3. The MII may outsource C-SOC activities in line with the guidelines as given in Annexure-A. 8. A report on the functioning of the C-SOC, including details of cyber-attacks faced by the MII, major cyber events warded off by the MII, cyber security breaches, data breaches should be pla ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... he event as an incident using Knowledgebase. (f) Escalating exceptions Events to L2 level. (g) Log Incident tickets in service management tool and assign it to the respective team. (h) Follow-up for the closure of the incident tickets generated. 1.2. Security Analyst Level 2 (L2): Combination of Outsource / In-House (a) Exception Analysis. (b) Analysis of extended events. (c) Confirmation of False +ve update Knowledge Base. (d) Qualify Incident provide mitigation suggestions. (e) Escalate incident to next level. (f) Update /configuration correlation rules after approval. 1.3. Security Analyst Level 3 (L3): Combination of Outsource / In-House (a) Analysis of escalated Incidents. (b) Define correlation rules. (c) Analysis of impact on SIEM over all correlation rules and operations for the correlation rules suggested by Level 2 Analyst. (d) Approve correlation rules after the impact analysis. (e) Perform impact analysis before deployment of correlation rules. (f) Perform impact analysis for update and upgrade of SIEM Advance security solutions components. (g) Define Mitigation suggestions for newly identified incidents. ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... https://www.sans.org/event/cyber-defence-canberra-2018/course/security-essentials-bootcamp-style 2) SEC301: Introduction to Cyber Security https://www.sans.org/course/introduction-cyber-security Security Analyst Level 2 (L2): 1) SEC542: Web App Penetration Testing and Ethical Hacking https://www.sans.org/event/cyber-defence-canberra-2018/course/web-app-penetration-testing-ethical-hacking 2) SEC566: Implementing and Auditing the Critical Security Controls - In-Depth https://www.sans.org/private-training/course/implementing-auditing-critical-security-controls 3) SEC575: Mobile Device Security and Ethical Hacking https://www.sans.org/private-training/course/mobile-device-security-ethical-hacking Security Analyst Level 3 (L3): 1) SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling https://www.sans.org/event/cyber-defence-canberra-2018/course/hacker-techniques-exploits-incident-handling 2) FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting https://www.sans.org/event/digital-forensics-summit-2018/course/advanced-incident-response-threat-hunting-training 3) SEC501: Advanced Security Essen ..... X X X X Extracts X X X X X X X X Extracts X X X X
|