RBI – Cyber Security Framework for Urban Cooperative Banks
The Reserve Bank of India (RBI) has released a Cyber Security Framework for Urban Cooperative Banks (UCBs) to help them protect their information systems and data from cyber threats.
RNR, as a CERT-In Empaneled Security Auditor, is licensed to assist you in understanding, managing, and complying with RBI Guidelines & Circulars that are issued on a regular basis. The RBI published a new Cyber Security Framework for Urban Cooperative Banks (UCBs) on October 19, 2018. These standards were then updated again on December 31, 2019.
The following is an overview of some of the key concepts and requirements of the new Urban Cooperative Banks (UCBs) Cyber Security Framework:
RNR, as a CERT-In Empanelled Security Auditor, has the authority to assist you in comprehending, managing, and adhering to the RBI’s Guidelines & Circulars that are regularly issued. On October 19, 2018, the RBI introduced a new Cyber Security Framework specifically for Urban Cooperative Banks (UCBs). These guidelines were subsequently updated on December 31, 2019. Here is a brief overview of some important points and requirements from the new Cyber Security Framework for UCBs. To gain a deeper understanding of the framework and how RNR can support you in meeting the RBI’s mandates, you can download our Whitepaper.
Fundamental Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)
- Board approved Cyber Security Policy
- Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
- IT Architecture/Framework should be security compliant
- Cyber Crisis Management Plan
- Organisational Arrangements
- Cyber Security awareness among Top Management/Board/other concerned parties
- Ensuring protection of customer information
- Supervisory reporting framework
Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)
Level I Requirements
- Baseline Cyber Security and Resilience Requirement
- Vendor/Outsourcing Risk Management
Level II Requirements
- Network Management and Security
- Secure Configuration
- Application Security Life Cycle (ASLC)
- Change Management
- Periodic Testing
- User Access Control / Management
- Authentication Framework for Customers
- Anti-Phishing
- Data Leak Prevention Strategy
- Audit Logs
- Incident Response and Management
Level III Requirements
- Network Management and Security
- Secure Configuration
- Application Security Life Cycle (ASLC)
- User Access Control
- Advanced Real-time Threat Defence and Management
- Maintenance, Monitoring, and Analysis of Audit Logs
- Incident Response and Management
- User / Employee/ Management Awareness
- Risk based transaction monitoring
Level IV Requirements
- Arrangement for continuous surveillance – Setting up of Cyber Security Operation Centre (C-SOC)
- Participation in Cyber Drills
- Incident Response and Management
- Forensics and Metrics
- IT Strategy and Policy
- IT and IS Governance Framework
- IT Strategy Committee
- IT Steering Committee
- Chief Information Security Officer (CISO)
- Information Security Committee
- Audit Committee of Board (ACB)
What we do
RNR’s framework specifies the remedial actions that UCBs must take to address any gaps in their cyber security posture. These remedial actions may include:
- Implementing additional security controls
- Conducting additional training for employees
- Updating security policies and procedures
- Submitting a report to the RBI on the remedial actions taken
UCBs that fail to comply with the framework may be subject to penalties by the RBI. But do not worry, RNR got you covered. Contact RNR to discover more about the Cyber Security Framework and how we can assist you with meeting RBI standards.
Overall Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) has four levels of requirements, RNR is here to assist you with each level. Get in touch with us to know these four levels.
What is Application Security?
Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities
RNR Application Security Testing is designed to help you identify vulnerabilities in your applications, ensuring comprehensive coverage for both web and mobile infrastructure as well as online services. By doing so, it helps minimize risks and enables you to meet regulatory compliance requirements. Our approach to application security goes beyond simply scanning for software flaws. Instead, we focus on pinpointing and prioritizing the most vulnerable areas of your online application, providing practical solutions to address them effectively.
Leave us message