RBI mandates urban cooperative banks to appoint CISOs

Reserve Bank of India’s technology vision for cybersecurity for urban cooperative banks includes the mandatory appointment of CISOs and the establishment of a CISO forum.

India  >  Indian Rupee currency symbol / abstract business data
HYWARDS / Getty Images

On 24 September, the Reserve Bank of India (RBI) issued a circular addressed to urban cooperative banks in India highlighting the importance of cybersecurity, and prescribed appropriate measures towards building resilient cybersecurity controls for the sector.

The approach, RBI explains, will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks having mature cybersecurity infrastructure and practices.

RBI mandated that the boards of UCBs shall be assigned the primary responsibility for implementing the cybersecurity controls.

Acknowledging the fact that implementing a new cybersecurity framework will be an expensive process, RBI said that the responsibility for implementation, monitoring, compliance and response would have to be assigned from the board level and percolate down to the end-user.

Among its directives, the most important one for the community of cybersecurity leaders in the country is that the IT/IS governance framework would include appointing a Chief Information Security Officer (CISO) at all urban co-operative banks.

GUARDing India’s co-operative banking sector

RBI’s vision to enhance the cybersecurity posture of urban co-operative banks against emerging cyber threats is built on a five-pillared strategic approach termed GUARD. This comprises Governance oversight, Utile technology investment, Appropriate regulation and supervision, Robust collaboration, and Developing necessary IT and cybersecurity skillsets.

While ‘Governance oversight’ focuses on board oversight and IT vision, ‘Utile technology investment’ involves the creation of reserve funds for implementation of IT and cybersecurity undertaking, management of business IT assets and availability of banking services.

The point on ‘Appropriate regulation and supervision’ entails a supervisory reporting framework and appropriate guidance in implementing secure practices.

CISO forum for co-operative banks

Identifying the importance of keeping track of technology changes, RBI emphasized the need for robust collaboration among co-operative banks by directing the sector to create not just a forum to share best security practices, but also a committee for CISOs in the co-operative banking sector.

The CISO Forum will explore new technologies and concepts and discuss ways in which they could add substantial business benefits.

Furthermore, the Institute for Development and Research in Banking Technology (IDRBT) may set up a separate CISO forum to engage closely with urban co-operative banks in the country.

In months to come, the apex bank will issue a uniform cybersecurity hygiene document which will cover numerous best practices including privilege access management, network segmentation, secure configuration, and security incident and event management.

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies