Register Price / Packages DEMO Option My Bookmarks Daily Newsletters Feedback/ Suggestions
Tax Management India. Com
Law and Practice  :  Digital eBook
Research is most exciting & rewarding


Case Laws Acts Notifications Circulars Classification Forms Manuals Articles News D. Forum Highlights Notes
TMI - e-Newsletter     TaxTMI    Seeking rectification in Form GSTR-1 - limitation...     TaxTMI    Penalty for Non-filing of monthly return - Seeking...     TaxTMI    Detention of the goods and vehicle - stock transfer...     TaxTMI    Penalty u/s 270A - allegation of misreporting as...     TaxTMI    Estimation of income - bogus purchases - The...     TaxTMI    Rejection of application for registration u/s...     TaxTMI    Condonation of delay - substantial delay of 166...     TaxTMI    Unexplained cash credit u/s 68 - The Court...     TaxTMI    Validity of Reassessment notices issued unsigned -...     TaxTMI    Demand of late fee u/s 47(1) of the CGST / SGST Act...     TaxTMI    Validity Of Order passed u/s 73 - Denial of ITC...     TaxTMI    Validity Of Order passed u/s 73 - cryptic order -...     TaxTMI    Denial of benefit u/s 115BAA - while filing its...     TaxTMI    Interest and penalty liability - Petitioner...     TaxTMI    Validity of Service of notice u/s 74(5) instead of...     TaxTMI    Latest Case-Laws     TaxTMI    Latest Notifications + Circulars     TaxTMI    GST Council Decisions     TaxTMI       Right Stop
  TMI - Tax Management India. Com
Follow us:
  Facebook   Twitter   Linkedin   Telegram

TMI Blog

Home

Advisory for SEBI Regulated Entities (REs) regarding Cybersecurity best practices

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... SEBI Regulated Entities (REs) regarding Cybersecurity best practices 1. Financial sector organizations, stock exchanges, depositories, mutual funds and other financial entities have been experiencing cyber incidents which are rapidly growing in frequency and sophistication. Considering the interconnectedness and interdependency of the financial entities to carry out their functions, the cyber risk of any given entity is no longer limited to the entity s owned or controlled systems, networks and assets 2. Further, given the sophistication and persistence of the threat with a high level of coordination among threat actors, it is important to recognize that many traditional approaches to risk management and governance that worked in .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... , and to regulate the securities market. Yours Faithfully, Shweta Banerjee Deputy General Manager Phone: 022-26449509 Email: shwetas@sebi.gov.in Annexure-A In view of the increasing cybersecurity threat to the securities market, SEBI Regulated Entities (REs) are advised to implement the following practices as recommended by CSIRT-Fin: 1. Roles and Responsibilities of Chief Information Security Officer (CISO)/ Designated Officer: REs are advised to define roles and responsibilities of Chief Information Security Officer (CISO) and other senior personnel. Reporting and compliance requirements shall be clearly specified in the security policy. 2. Measures against Phishing attacks/ websites: .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... dit should be resolved as per the timelines prescribed by SEBI. 4. Measures for Data Protection and Data breach: i. REs are advised to prepare detailed incident response plan. ii. Enforce effective data protection, backup, and recovery measures. iii. Encryption of the data at rest should be implemented to prevent the attacker from accessing the unencrypted data. iv. Identify and classify sensitive and Personally Identifiable Information (PII) data and apply measures for encrypting such data in transit and at rest. v. Deploy data leakage prevention (DLP) solutions / processes. 5. Log retention: Strong log retention policy should be implemented as per extant SEBI regulations and required by CERT-In and IT Act 2000. .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... network perimeter. 8. Cybersecurity Controls: i. Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses, block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution. ii. Block the malicious domains/IPs after diligently verifying them without impacting the operations. CSIRT-Fin/CERT-In advisories which are published periodically should be referred for latest malicious domains/IPs, C C DNS and links. iii. Restrict execution of powershell and wscript in enterprise environment, if not required. Ensure installation and use of the latest version of .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... nted in letter and spirit by the regulated entities. Additionally, the advisories should be implemented promptly as and when received. 11. Concentration Risk on Outsourced Agencies: i. It has been observed that single third party vendors are providing services to multiple REs, which creates concentration risk. Here, such third parties though being small non-financial organizations, if any cyber-attack, happens at such organizations, the same could have systemic implication due to high concentration risk. ii. Thus, there is a need for identification of such organizations and prescribing specific cyber security controls, including audit of their systems and protocols from independent auditors, to mitigate such concentration risk. .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

 

 

 

 

Quick Updates:Latest Updates

What's New:
    Latest Case Laws
What's New:
    Latest Notifications
What's New:
    Latest Circulars
F: Sec 16(4) Reversal of ITC when 3B is filed belatedly
F: sales Against 0.1% GST- if export not done within 90 Days
F: Composition scheme
A: FILING APPEAL BEFORE SUPREME COURT – LOW TAX EFFECT
A: A Simple Analysis of Duty Drawback
A: Can a Registered Person claim an Input Tax Credit of IGST whose Place ...
H: Cancellation of GST Registration - Legal Validity of Retrospective Can...
H: Levy of penalty - goods were undervalued - The High Court, after caref...
H: Levy of Penalty u/s 129(3) of the Central Goods and Service Tax Act, 2...
H: Levy of GST - Royalty- seigniorage fee paid by the petitioner to the G...
H: Credit of TDS - Non-reflection of TDS credit in its 26AS statement - T...
H: Foreign Tax Credit u/s. 90 - denial of tax credit paid in the source c...
H: Penalty proceedings for a default committed by a deceased - legal repr...
H: Estimation of income - Bogus purchases - Second reopening assessment p...
H: Revision u/s 263 - Upon examination, the Tribunal found that the Asses...
H: Validity of the assessment order passed u/s 143(3) - Assumption of jur...
H: Lack of jurisdiction of AO in issuing notice u/s.143 (2) - Change of r...
H: Addition u/s 68 r.w.s. 115BBE - Bogus LTCG - The Tribunal examined the...
H: AO/CPC jurisdiction u/s 143(1) to carry out 43B(a) disallowance - The ...
H: Revocation of the custom broker license - The Tribunal observed that t...
H: Initiation of CIRP - Financial creditor within the meaning of sub-sect...
A: ADDITIONAL GROUNDS OF APPEAL AND ORDER IN APPEAL IN GST
A: Know the Challenges and Issues with GST
C: Framework for Category I and II Alternative Investment Funds (AIFs) to...
C: Flexibility to Alternative Investment Funds (AIFs) and their investors...
N: Securities Contracts (Regulation) (Stock Exchanges and Clearing Corpor...
A: WRONG FIXATION OF FEES PAYABLE TO INTERIM RESOLUTION PROFESSIONAL
A: MANNER OF FILING APPEAL BY COMMISSIONER
A: Recovery proceedings not to be initiated against the former director o...
A: A simplified GST guide designed for commission agents and brokers.