RBI Cyber Security Framework For Banks
Determine the effectiveness of IT Security Controls
Need for Cyber Security Framework for Banks
Banks’ use of information technology has expanded quickly and is now a key component of their operational strategy. The financial services industry topped the list of 26 different industries that are most targeted by cybercriminals. Financial services remain the industry most susceptible to malicious email traffickers, as consumers are seven times more likely to be the victim of an attack originating from a spoofed email with a bank brand versus one from any other industry.
How it works?
Audit Methodology
The Cyber Security Framework for Banks is audited corresponding to the below audit domains. These domains are segregated based on the Level designated for the concerned UCB. Also, the applicability of domains differs as per the Bank’s Level i.e., Level 1, Level 2, Level 3, or Level 4.
We share audit charter with the auditee highlighting the roles and responsibilities of the audit function as well as the audit objectives.
Audit Initiation
We provide Auditee a DRL highlighting the required policies and further analysis of the same will be performed in line with the compliance.
Document
Requirement List
Quantitative/Qualitative Risk Assessment will be conducted for every business process in scope and risk will be analyzed.
Identification &
Analysis
Action points as well as risk response methodology will be suggested via GAP Assessment Report and an action plan will be asked from the auditee.
Risk Response
We Conduct review again post-deployment of the mitigations.
Post-Deployment
Review
RBI Circulars
The following circulars prescribing basic cyber security controls were issued to all the Banks:
Cyber Security Framework in Banks: DBS. CO/CSITE/BC.11/33.01.001/2015-16
Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs): DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19
Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach: DoS.CO/CSITE/BC.4083/31.01.052/2019-20
Cyber Security controls for Third party ATM Switch Application Service Providers: DoS.CO/CSITE/BC.4084/31.01.015/2019-20
The common vulnerabilities we tackled in the past
The most frequent application vulnerabilities are not very different from the OWASP top 10 list.
Accounts Takeover
Subdomain Takeover
Blind XSS to Compromise Admin Panels
Sensitive Info Leakage on Public Repos
Remote Code Executions
Source Code Leakage
Broken Authentication
Broken Session Management
Broken Access Control
Cross-Site Request Forgery
Do you know?
Want a quick Audit?
Detect & prevent attacks, before they succeed.
Stay ahead of the rapidly evolving threat landscape and keep your data protected without having to spend a fortune.
What do you get?
Audit Draft
Report
Draft report of the audit emphasizing the initial discoveries/findings.
Final Audit
Report
A comprehensive report that elaborates the final audit findings.
Remediation
Support
Through a GAP Assessment Report, remediations to the identified non-compliant controls will be advised.
Compliance
Letter
A letter that confirms that the requirements are met and all the applicable controls/regulations are fulfilled.
Take a peek into sample report
Our deliverables are comprehensive in nature that addresses both technical and business audiences.
Have you implemented the right security practice?
TRUST WE GAINED
