Register Daily Newsletters My Bookmarks My Queries (D. Forum) My Replies (D. Forum) My Articles My Inbox (PM) Feedback/ Suggestions
Tax Management India. Com
Law and Practice  :  Digital eBook
Research is most exciting & rewarding

   For Sales / Support:
WhatsApp WhatsApp 9911796707
Case Laws Acts Notifications Circulars Classification Forms Manuals Articles News D. Forum Highlights Notes
TMI - e-Newsletter     TaxTMI    Specialized Investment Funds Get New Rules:...     TaxTMI    MHA Sets New 3-Year Validity and 4-Year Utilization...     TaxTMI    Customs Tariff Update: Fixed Valuation Rates...     TaxTMI    Tax Return Filing Modernized: New Electronic Rule...     TaxTMI    Exporters Win: Refund Claim Upheld Despite Document...     TaxTMI    Govt Raises Excise Duty on Petrol and Diesel to Rs....     TaxTMI    Insolvency Professionals Regulations Updated: Time...     TaxTMI    Insolvency Resolution Professionals Must Now Use...     TaxTMI    Interactive Flat Panel Displays Clarified:...     TaxTMI    Government Extends Sea Cargo Manifest Regulations...     TaxTMI    Customs Importers Must Upload Complete E-Sanchit...     TaxTMI    Financial Intermediaries Must Meet Strict...     TaxTMI    SEBI Mandates Standardized System and Network Audit...     TaxTMI    RBI Sets Foreign Portfolio Investment Limits for...     TaxTMI    Data Management Charges Not Taxable as Technical...     TaxTMI    Latest Case-Laws     TaxTMI    Latest Notifications + Circulars     TaxTMI    GST Council Decisions     TaxTMI       Right Stop
  TMI - Tax Management India. Com
Follow us:
  Facebook   Twitter   Linkedin   Telegram

TMI Blog

Home

Guidelines for MIIs regarding Cyber security and Cyber resilience

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... rity framework to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in securities market. It is also important that MIIs establish and continuously improve their Information Technology(IT) processes and controls to preserve confidentiality, integrity and availability of data and IT systems. 2. With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase. Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII's owned or controlled systems, networks and assets. 3. In view of the above, based on the .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... itories Act, 1996 read with Regulation 97 of Securities and Exchange Board of India (Depositories and Participants) Regulations, 2018 to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. 9. The circular is issued with the approval of Competent Authority. 10. This circular is available on SEBI website at www.sebi.gov.in under the category "Legal" and dropdown "Circulars". Yours faithfully, Ansuman Dev Pradhan Deputy General Manager +91-22-26449622 [email protected] Annexure-A MIIs are required to implement the following practices: - 1) MIIs shall maintain offline, encrypted backups of data and shall regularly test these backups at least on a quarterly basi .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... ess vulnerabilities, especially those on internet-facing devices, to limit the attack surface. 6) MIIs should patch and update software and OSs to the latest available versions and it must be reviewed on a quarterly basis to ensure the implementation of the same. 7) MIIs should implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g. phishing) or incidents. 8) MIIs should implement filters at the email gateway to filter out emails with known malicious indicators, such as known malicious subject lines, and block suspicious Internet Protocol (IP) addresses, malicious domains/URLs at the firewall. 9) MIIs should ensure Endpoint Detection and Response (E .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... sure the implementation of the same. b) MIIs should ensure that no unnecessary software is installed on DCs, as these can be leveraged to run arbitrary code on the system. c) MIIs should ensure that access to DCs should be restricted to the Administrators group- Users within this group should be limited and have separate accounts used for day-to-day operations with non-administrative permissions. d) MIIs should ensure that DC host firewalls are configured to prevent direct internet access. e) MIIs shall undertake the penetration testing activity (internal and external) for known Active Directory Domain Controller abuse attacks. Weaknesses shall be remediated on topmost priority. 16) Delegated access and unused tokens should be rev .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... ork elements should only be restricted through enterprise identified intranet systems. 24) MIIs should have system(s) in place to manage and incorporate IOCs /malware alert/vulnerability-alert (received from CERT-in or NCIIPC or any linked MII or any other government agency) in their systems. 25) MIIs shall devise standard operating procedure (SoP) to implement the advisories issued by CERT-In, NCIIPC or any other government agency in their IT environment within defined timeframe and the said SoP shall be shared with SEBI. 26) MII's response and recovery plan should be subjected to review and testing. Tests should address an appropriate broad scope of scenarios including simulation of extreme but plausible cyber-attacks. Tests should .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

 

 

 

 

Quick Updates:Latest Updates

What's New:
    Latest Case Laws
What's New:
    Latest Notifications
What's New:
    Latest Circulars
F: Legal Challenge: Taxpayer Appeals Tribunal's Summary Rejection of Late...
F: Tax Notices Pile Up: Missed Deadline Risks Penalties Under Sections 27...
F: Tax Dept May Scrutinize Cash Gifts Between Relatives, Examining Transa...
F: Navigating Tax Return Corrections: Missed Deadline Options for Taxpaye...
F: Tax Strategies for Salaried Employees: Navigating Residential Flat Own...
H: Royalty Payments Excluded from Import Goods' Assessable Value Under Ru...
H: Gold Smuggling Suspect Denied Bail: Lawful Search Confirms Economic Cr...
A: Importer Successfully Challenges Customs Duty Assessment by Highlighti...
A: Corporate Compliance Alert: Indian Private Limited Companies Must Subm...
A: Input Tax Credit Interest Calculation: Holistic Credit Assessment Prev...
A: Exporters Win Relief: Pre-Import Condition Violation Penalties Deemed ...
A: Legal Professionals Can Claim IDS Refunds When Input Tax Exceeds Outpu...
A: Green Aviation Revolution: Pioneering Electric, Hydrogen, and Sustaina...
A: Transforming Tyre Waste Crisis: Innovative Recycling Technologies and ...
A: FMCG Brands Drive Eco-Awareness Through Strategic Marketing, Packaging...
A: Tire Waste Crisis: Innovative Recycling Technologies and Collaborative...
A: Steel Imports Get Digital Makeover: New Online Platform Mandates Regis...
A: Status Holder Scheme Empowers Exporters with Performance-Based Recogni...
A: Comprehensive Customs Data Platform Revolutionizes Import Tracking, Ve...
H: Pandemic Disruptions Justify Audit Report Filing Delay, Relief Granted...
H: Tax Surcharge for Private Discretionary Trusts Calculated Using Gradua...
H: Borrowed Funds Scrutiny: Direct Investment Validates Interest Expense ...
H: Tribunal Rejects Tax Revision Order, Finds No Conclusive Evidence of U...
H: Assets Transfer Doesn't Qualify as Demerger: Tribunal Validates Transa...
H: Tribunal Mandates Precise Comparable Selection Methodology for IT Serv...
H: Unexplained Cash Possession: Inconsistent Statements Sink Appellant's ...
H: Economic Fraud Case: Supreme Court Revokes Anticipatory Bail, Emphasiz...
H: Investors Lose Challenge to Corporate Probe After Deliberate Avoidance...
H: Corporate Governance Dispute: NCLAT Rejects Appeal Against AGM Interim...
H: Late EPFO Claims Rejected: Resolution Plan Finality Upheld Under Insol...