RBI mandates strong information security policy

Sunday, 20 May 2012

Government Security

By Sree Deepak | 2 May 2011

RBI’s working group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds has asked all Indian banks to setup their respective committees to tackle rise of cyber-crimes.

The working group setup under the watchful eye of G. Gopalakrishna, Executive Director, RBI analyzed the use of Information technology in banking and identified threats in several areas like IT Governance, information security (including electronic banking channels like internet banking, ATMs, cards), IT operations, IT services outsourcing, Information System Audit, Cyber frauds, business continuity planning, customer education and legal issues. The information gathered, helped shape the guidelines on information security for all banks in India.

Photos

View photos

Related Categories

From this Section

NEWS

Under these guidelines banks are required to have their IT Security policy in place framed by a CIO and are required to have them reviewed annually. The working group also felt the need for a forum of CISOs to interact, so that they can get to have knowledge transfer on security threats. On cloud computing, the group asked banks to review security threats involved in relation to cloud computing before considering hosting data on the cloud.

On cyber crime – the group felt the need for increased authentication while banking online. The guidelines have asked banks to audit applications and check for penetration, vulnerability before rendering them live; additionally, use of spreadsheets is no longer advised on critical applications. Banks have been asked to proactively test for critical applications for vulnerability and also take charge of data security - for data residing in electronic form, data warehouses, databases and data archives.

The guidelines have also laid emphasis on reporting cyber attacks and cyber crimes to CERT-In. On physical security of Information, the working group has told the banks to conduct profound background checks who monitor sensitive data and also on people who have access to mission critical applications.