Register Price / Packages DEMO Option My Bookmarks Daily Newsletters Feedback/ Suggestions
Tax Management India. Com
Law and Practice  :  Digital eBook
Research is most exciting & rewarding


Case Laws Acts Notifications Circulars Classification Forms Manuals Articles News D. Forum Highlights Notes
TMI - e-Newsletter     TaxTMI    Addition u/s. 56(2)(viib) - transaction of sale of...     TaxTMI    Disallowance u/s 14A r.w.r. 8D - no proper...     TaxTMI    TDS u/s 194I - Transit Rent payable by the...     TaxTMI    Rectification of mistake u/s 154 - tax paid on more...     TaxTMI    Validity of Re-assessment proceedings u/s 147 -...     TaxTMI    Reopening of assessment - reason to believe - The...     TaxTMI    Validity of reopening of assessment u/s 147 - The...     TaxTMI    Maintainability of appeal - appeal dismissed at the...     TaxTMI    Validity of assessment order - non-speaking...     TaxTMI    Benefit of exemption from GST - educational...     TaxTMI    Levy of maximum penalty - penalty imposed on the...     TaxTMI    Validity of reopening of assessment - The High...     TaxTMI    Interest Liability on Electronic Credit Ledger...     TaxTMI    Exemption from GST - pure services or supply of...     TaxTMI    Applicable rate of tax (GST) - Classification of...     TaxTMI    Latest Case-Laws     TaxTMI    Latest Notifications + Circulars     TaxTMI    GST Council Decisions     TaxTMI       Right Stop
  TMI - Tax Management India. Com
Follow us:
  Facebook   Twitter   Linkedin   Telegram

TMI Blog

Home

Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing Corporations and Depositories

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... ll have a Cyber Security Operation Center (C-SOC) that would be a 24x7x365 set-up manned by dedicated security analysts to identify, respond, respond, recover and protect from cyber security incidents. 4. The C-SOC shall function in accordance with the framework specified in SEBI Circular CIR/MRD/DP/13/2015 dated July 06, 2015. Illustrative list of broad functions and objectives to be carried out by a C-SOC are mentioned hereunder: 4.1. Prevention of cyber security incidents through proactive actions: (a) Continuous threat analysis, (b) Network and host scanning for vulnerabilities and breaches, (c) Countermeasure deployment coordination, (d) Deploy adequate and appropriate technology at the perimeter to prevent attacks originating from external environment and internal controls to manage insider threats. MIIs may implement necessary controls to achieve zero trust security model. 4.2. Monitoring, detection, and analysis of potential intrusions / security incidents in real time and through historical trending on security-relevant data sources. 4.3. Response to confirmed incidents, by coordinating resources and directing use of timely and appropriate counterm .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... ing programs at the MII and for its members / participants / intermediaries with regard to cyber security, situational awareness and social engineering. 5.7. The C-SOC should be capable to prevent attacks similar to those already faced. The C-SOC should also deploy multiple honey pot services which are dynamic in characteristics to avoid being detected as honey pot by attackers. 6. As building an effective C-SOC requires appropriate mix of right people, suitable security products (Technology), and well-defined processes and procedures (Processes), an indicative list of areas that MIIs should consider while designing and implementing a C-SOC are as follows: 6.1. The MII shall ensure that the governance and reporting structure of the C-SOC is commensurate with the risk and threat landscape of the MII. The C-SOC shall be headed by the Chief Information Security Officer (CISO) of the MII. The CISO shall be designated as a Key Managerial Personnel (KMP) and relevant provisions relating to KMPs in the SEBI Securities Contracts (Regulation) (Stock Exchanges and Clearing Corporations) Regulations, 2012 and the subsequent circulars issued by SEBI relating to KMPs, shall apply to th .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... should document the cases and escalation matrices for declaring a disaster. 7. In view of the feedback received from MIIs, it has been decided that MIIs may choose any of the following models to set-up their C-SOC : (i) MII s own C-SOC manned primarily by its internal staff, (ii) MII s own C-SOC, staffed by a service provider, but supervised by a full time staff of the MII. (Refer to 7.3) (iii) C-SOC that may be shared by the MII with its group entities (that are also SEBI recognized MIls), (iv) C-SOC that may be shared by the MII with other SEBI recognized MII(s). 7.1. The responsibility of cyber security of an MII, adherence to business continuity and recovery objectives, etc. should lie with the respective MII, irrespective of the model adopted for C-SOC. 7.2. The respective risk committee(s) of the MII should evaluate the risks of outsourcing the respective activity. 7.3. The MII may outsource C-SOC activities in line with the guidelines as given in Annexure-A. 8. A report on the functioning of the C-SOC, including details of cyber-attacks faced by the MII, major cyber events warded off by the MII, cyber security breaches, data breaches should be pla .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... he event as an incident using Knowledgebase. (f) Escalating exceptions Events to L2 level. (g) Log Incident tickets in service management tool and assign it to the respective team. (h) Follow-up for the closure of the incident tickets generated. 1.2. Security Analyst Level 2 (L2): Combination of Outsource / In-House (a) Exception Analysis. (b) Analysis of extended events. (c) Confirmation of False +ve update Knowledge Base. (d) Qualify Incident provide mitigation suggestions. (e) Escalate incident to next level. (f) Update /configuration correlation rules after approval. 1.3. Security Analyst Level 3 (L3): Combination of Outsource / In-House (a) Analysis of escalated Incidents. (b) Define correlation rules. (c) Analysis of impact on SIEM over all correlation rules and operations for the correlation rules suggested by Level 2 Analyst. (d) Approve correlation rules after the impact analysis. (e) Perform impact analysis before deployment of correlation rules. (f) Perform impact analysis for update and upgrade of SIEM Advance security solutions components. (g) Define Mitigation suggestions for newly identified incidents. .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... https://www.sans.org/event/cyber-defence-canberra-2018/course/security-essentials-bootcamp-style 2) SEC301: Introduction to Cyber Security https://www.sans.org/course/introduction-cyber-security Security Analyst Level 2 (L2): 1) SEC542: Web App Penetration Testing and Ethical Hacking https://www.sans.org/event/cyber-defence-canberra-2018/course/web-app-penetration-testing-ethical-hacking 2) SEC566: Implementing and Auditing the Critical Security Controls - In-Depth https://www.sans.org/private-training/course/implementing-auditing-critical-security-controls 3) SEC575: Mobile Device Security and Ethical Hacking https://www.sans.org/private-training/course/mobile-device-security-ethical-hacking Security Analyst Level 3 (L3): 1) SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling https://www.sans.org/event/cyber-defence-canberra-2018/course/hacker-techniques-exploits-incident-handling 2) FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting https://www.sans.org/event/digital-forensics-summit-2018/course/advanced-incident-response-threat-hunting-training 3) SEC501: Advanced Security Essen .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

 

 

 

 

Quick Updates:Latest Updates

What's New:
    Latest Case Laws
What's New:
    Latest Notifications
What's New:
    Latest Circulars
N: Foreign Exchange Management (Deposit) (Fourth Amendment) Regulations, 2024.
H: Detention of goods alongwith penalty - Expired e-way Bill - The High C...
N: Export of food commodities through National Cooperative Exports Limite...
H: Reversal of ITC - The High Court found that certain findings recorded ...
H: Exemption from Tax - Classification of goods sold - emery cloth - uncl...
F: Addition of unaccounted supplies in the Returns
H: Levy of GST on un-denatured Extra Neutral Alcohol supplied by the peti...
H: Imposition of GST under the reverse charge mechanism on the mining lea...
N: Seeks to further amend List 34A and List 34B in the Appendix to the Ta...
H: Rejection of refund on the ground of delay - time limitation - The Hig...
H: Addition u/s 68 - ITAT confirmed the additions - The High Court upheld...
H: Validity of Reassessment proceedings - reason to believe escapement of...
H: Faceless Assessment - Non affording a reasonable opportunity to be hea...
H: Validity of order passed u/s 147 r.w.s.144B - availability of alternat...
H: Validity of reassessment proceedings - non-issue of the statutory noti...
N: Amendment in the Export policy of Onions
H: Deduction u/s 80IAB on the disallowance of depreciation on Water-use R...
H: Penalty u/s 271(1)(b) - Non-compliance with a notice issued u/s 142(1)...
F: ITC of FY 2017-18 blocked
H: Income taxable in India or not - Business of supplying reservoir simul...
H: TP Adjustment - MAM - Management consultancy services - The tribunal n...
A: GST APPEALS: WHAT ONE SHOULD KNOW
A: Who is The Regulatory Body of GIFT City in India?
F: GST PENALTY SECTION 122
C: Entities allowed to use e-KYC Aadhaar Authentication services of UIDAI...
A: Proper officer shall pass an order within seven days of service of not...
A: Collection of Entry Fee from visitors for Temple Hall Exempt under GST
A: State-wise Professional Tax Payment Deadlines in India: A Comprehensiv...
A: Low tax effect in pending appeals- The administrative role to withdraw...
C: Clarification on the applicability of 3% amount on account of non-achi...