Tag Archives: UCB

Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

The Reserve Bank of India (RBI) on October 19, 2018 issued a set of guidelines for Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Such a framework was issued by the RBI as a measure to enhance security of the UCBs in light of the increasing number and impact of cyber security attacks on the financial sector including banks. [1]

  1. Board Approved Cyber Security Policy
  • All UCBs need to immediately put in place a Cyber Security policy, duly approved by their Board/Administrator, giving a framework and the strategy containing a suitable approach to check cyber threats depending on the level of complexity of business and acceptable levels of risk.
  • On completion of the process, confirmation of same within 3 months must be sent to the Department of Co-operative Bank Supervision.
  • The Cyber Security Policy should inter alia encapsulate the following concerns:
  • Preventing access of unauthorised software.
  • Network Management and Security.
  • Secure Configuration.
  • Anti-virus and Patch Management.
  • Secure mail and messaging systems.
  • The IT framework/framework must be reviewed periodically by the Board or its IT subcommittee in order to identify vulnerable areas and put in place a suitable cyber security system to address the issues after assessment.
  1. Cyber Crisis Management Plan
  • The Cyber Crisis Management plan, prepared by CERT-In (Computer Emergency Response Team – India maybe referred to by the UCBs for guidance.
  • UCBs should promptly detect any cyber intrusions (unauthorised entries) so as to respond/recover/contain impact of cyber-attacks, especially those offering services such as internet and mobile banking, RTGS/NEFT/SWIFT, credit and debit cards etc.
  1. Organizational Arrangements
  • UCBs should review the organisational arrangements so that the security concerns are brought to the notice of suitable/concerned officials to enable quick action.
  • UCBs should actively promote among their customers, vendors, service providers and other concerned parties an understanding of its cyber security objectives.
  • UCBs, as owners of customer sensitive data, should take appropriate steps in preserving the Confidentiality, Integrity and Availability of the same, irrespective of whether the data is stored/in transit within themselves or with the third party vendors; the confidentiality of such custodial information should not be compromised in any situation.
  • UCBs to put in place suitable systems and processes across the data/information lifecycle. UCBs may educate and create awareness among customers with regard to cyber security risks.
  1. Supervisory reporting framework
  • UCBs should report immediately all unusual cyber security incidents (whether they were successful or mere attempts) to Department of Co-operative Bank Supervision giving full details of the incident.
  • UCBs are advised to implement basic Cyber Security Controls and report the same to respective Regional Offices of Department of Co-operative Bank Supervision on or before March 31, 2019.

Source: http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0

https://rbidocs.rbi.org.in/rdocs/content/pdfs/63NT19102018_A1.pdf

[1] http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0.

Advertisements