Technology Vision For Cyber Security For Urban Co-operative Banks – 2020-2023
- On 24th September, 2020, the Reserve Bank of India(RBI) released Cyber Security Vision Framework for Urban Cooperative Banks (UCBs).
- In recent time, the number, frequency and impact of cyber incidents/attacks have increased manifold in the financial sector including Urban Co-operative Banks (UCBs).
- Therefore, it has, become essential to enhance the security posture of UCBs so as to prevent, detect, respond to and recover from cyber-attacks.
The framework aims at enhancing the cyber security posture of the UCB sector through a five-pillared strategic approach –GUARD
- Governance Oversight
- Utile Technology Investment
- Appropriate Regulation and Supervision
- Robust Collaboration
- Developing IT and Cyber Security Skills Set
Mission – Specific Action Points
Focus on Board Oversight
- The Board of Directors shall be ultimately responsible for the information security of the UCBs and shall play a proactive role in ensuring an effective IT (Information Technology) and IS (Information Security) governance.
IT Vision Document
- UCBs could play a crucial role in strengthening financial inclusion.
- Therefore, UCBs need to develop their own technology vision document outlining their plans to incorporate IT solutions into their business in a secure manner.
Utile Technology Investment
Creation of Fund for Implementation of Cyber Security Projects
- Fund for cyber security projects may be created out of UCBs’ annual net profits over a period of time.
Management of Business IT Assets
- In order to have proper monitoring of life cycle of its IT assets, both hardware and software, UCBs shall venture to invest and upgrade their IT infrastructure.
- Furthermore, a comprehensive process for Software License Management (SLM) shall be implemented by the UCBs.
Banking Services Availability
- In order to avoid major operational disruptions, UCBs shall have a Business Continuity Plan (BCP).
- The focus may be on prioritizing systems and processes in order to keep business operating smoothly and safely.
Appropriate Regulation and Supervision
Supervisory Reporting Framework
- Considering the large number of UCBs, an effective supervision of UCBs will be setup to monitor compliance of UCBs with respect to cyber security guidelines.
Appropriate Guidance in Implementing Secure Practices
- A uniform Cyber Security Hygiene document for all the cooperative banks shall be issued.
- It shall cover various best practices such as Privilege access management, network segmentation,secure configuration and security incident.
Forum to Share Best Practices
- UCBs may explore the possibility of setting up a forum at State/regional level with stakeholders from various banks.
Adoption of Cloud Services
- Cost effective technologies such as cloud based services may be used for implementing IT solutions and cyber security controls after taking appropriate risk assessment.
Developing IT and Cyber Security Skills Set
Imparting Technical Skills to manage IT and Cyber Security
- Targeted skill-oriented training and certification programmes would be designed to impart technical skills to personnel for managing the risk of cyber security.
- Steps would be taken to tap expertise available in various institutes/ universities across the country to provide such training in regional languages.
Providing Training for all UCBs on Cyber Security
- Awareness training programmes would be imparted to all UCBs through various training institutes of the RBI and other such institutes approved by RBI.
- The main objective is to communicate the cyber security challenges and regulatory expectations to the UCBs in local language for better understanding of the cyber security.
- The implementation of the approach outlined in Technology Vision document will strengthen the cyber resilience ecosystem of the Urban Co-operative Banks.