Sebi on Friday asked market infrastructure institutions to set up a round-the-clock cyber security operation centre manned by dedicated security analysts to identify, respond, recover and thwart cyber attacks.
The cyber security operation centre (C-SOC) of market infrastructure institutions (MIIs) -- clearing corporations, depositories and exchanges-- need to prevent cyber attacks through proactive actions including continuous threat analysis.
Appropriate alert mechanisms should be implemented including a comprehensive dashboard, tracking of key security metrics and provide cyber threat scorecards, Sebi said in a circular.
In order to detect security incidents in real time, Sebi said, the centre should go for 24X7 monitoring and analysis of relevant logs of MII's network devices, data traffic, cyber intelligence feeds sourced from reliable vendors, inputs received from other MIIs as also from external agencies such as CERT-In, among others.
The latest framework comes after Sebi, earlier this week, issued detailed guidelines on cyber security for stock brokers and depository participants.
The regulator has directed bourses, clearing corporations and depositories to take necessary steps to put in place appropriate systems and processes for implementation of the framework within six months.
According to Sebi, the centre should be headed by MII's chief information security officer, who will work closely with various departments including network team, cyber security team and IT. Such officer will directly report to the MD and CEO of the MII.
Sebi said MIIs can choose from one of the four models to set up their cyber security operation centre.
The models include -- MII's own C-SOC manned primarily by its internal staff; MII's own C-SOC, staffed by a service provider, but supervised by a full time staff of the MII.
The other two models to choose from are C-SOC that can be shared by the MII with its group entities; and C-SOC that may be shared by the MII with other Sebi recognised MIIs.
In case wherein a MII currently has a cyber security operation centre set-up that is different from that prescribed by Sebi, then such infrastructure institutions need "to adopt and transit to one of the models...within a period of one year".
A report on the functioning of the centre including details of cyber attacks faced by the MII, major cyber events warded off by the MII, cyber security breaches, data breaches need to be placed on a quarterly basis before the board of such infrastructure institutions.