SEBI Cyber Security Audit
SEBI circular on cybersecurity and cyber resilience framework for regulated entities requires mandatory cyber security and resilience audits. With the recent amendments in May and June 2022, such audits are to be done twice a year. SEBI also requires entities to identify critical assets in their organisation and also maintain an updated list of the same.
The SEBI circular on cybersecurity and cyber resilience framework has the following key phases.
Phase 1: IDENTIFY critical assets and risks.
Phase 2: PROTECT assets by implementing suitable controls and measures.
Phase 3: DETECT incidents, anomalies and attacks using monitoring tools and processes that are befitting.
Phase 4: RESPOND by taking immediate steps after identification of an incident, anomaly or attack.
Phase 5: RECOVER from incident through incident management, DR & BCP Framework.