RBI Cyber Security Framework For Banks

Determine the effectiveness of IT Security Controls

Need for Cyber Security Framework for Banks

Banks’ use of information technology has expanded quickly and is now a key component of their operational strategy. The financial services industry topped the list of 26 different industries that are most targeted by cybercriminals. Financial services remain the industry most susceptible to malicious email traffickers, as consumers are seven times more likely to be the victim of an attack originating from a spoofed email with a bank brand versus one from any other industry.

How it works?

Audit Methodology

The Cyber Security Framework for Banks is audited corresponding to the below audit domains. These domains are segregated based on the Level designated for the concerned UCB. Also, the applicability of domains differs as per the Bank’s Level i.e., Level 1, Level 2, Level 3, or Level 4.

We share audit charter with the auditee highlighting the roles and responsibilities of the audit function as well as the audit objectives.

Audit Initiation

We provide Auditee a DRL highlighting the required policies and further analysis of the same will be performed in line with the compliance.

Document
Requirement List

Quantitative/Qualitative Risk Assessment will be conducted for every business process in scope and risk will be analyzed.

Identification &
Analysis

Action points as well as risk response methodology will be suggested via GAP Assessment Report and an action plan will be asked from the auditee.

Risk Response

We Conduct review again post-deployment of the mitigations.

Post-Deployment
Review

RBI Circulars

The following circulars prescribing basic cyber security controls were issued to all the Banks:
Cyber Security Framework in Banks: DBS. CO/CSITE/BC.11/33.01.001/2015-16
Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs): DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19
Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach: DoS.CO/CSITE/BC.4083/31.01.052/2019-20
Cyber Security controls for Third party ATM Switch Application Service Providers: DoS.CO/CSITE/BC.4084/31.01.015/2019-20

The common vulnerabilities we tackled in the past

The most frequent application vulnerabilities are not very different from the OWASP top 10 list.
Accounts Takeover
Subdomain Takeover
Blind XSS to Compromise Admin Panels
Sensitive Info Leakage on Public Repos
Remote Code Executions
Source Code Leakage
Broken Authentication
Broken Session Management
Broken Access Control
Cross-Site Request Forgery

Do you know?

71%
of all data breaches are financially motivated.
$18.3M
The cost of cyberattacks in the banking industry annually per company.

Want a quick Audit?

Detect & prevent attacks, before they succeed.

Stay ahead of the rapidly evolving threat landscape and keep your data protected without having to spend a fortune.

What do you get?

Audit Draft
Report
Draft report of the audit emphasizing the initial discoveries/findings.
Final Audit
Report
A comprehensive report that elaborates the final audit findings.
Remediation
Support
Through a GAP Assessment Report, remediations to the identified non-compliant controls will be advised.
Compliance
Letter
A letter that confirms that the requirements are met and all the applicable controls/regulations are fulfilled.

Take a peek into sample report

Our deliverables are comprehensive in nature that addresses both technical and business audiences.

Businesses love us

Learn what our customers say about our work.

Have you implemented the right security practice?

BOT Force

Get Started!

Get-started-WebServices-API
Enter the Captcha

Take a peek into sample report

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Subscribe to Our Podcasts

Blog Write For Us

By failing to prepare, you are preparing to fail

Homepage: By failing to prepare, you are preparing to fail
Enter the Captcha

By failing to prepare, you are preparing to fail

Get Started!

Fixed Force

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Get Started!

Take a peek into sample report

Get CERT-In Audit

Flex Force

navy_bubble.png