Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Central Depository Services (India) Limited

Published byValentine Parks Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security Central Depository Services (India) Limited"— Presentation transcript:

1 Cyber Security Central Depository Services (India) Limited
Hong KONG th NOVEMber, 2017

2 CDSL Group Businesses Central Depository Services (India) Limited
13.6 million customer accounts covering 94% PIN codes, 589 DPs operating across 17,338 service locations, 10,217 issuing companies CAS services sending 1.2 million statements per month e-Voting Services (4,300+ companies, 15,500+ e-voting instances) eLocker Services Go Green Services for DPs Online Will Services Central Depository Services (India) Limited National Academic Depository (NAD) KYC Registration Agency (PAN based KYC) 1st and largest KRA with over 16.5 million KYCs Holding 65% of the total PAN based KYC User Agency for UIDAI (Aadhaar based eKYC and eSign) GSP services CDSL Ventures Limited IR Services facilitates policyholders to hold insurance policies in electronic form Holding 0.32 million, 60% of total eIA accounts CDSL Insurance Repository Limited Commodity Repository facilitates issuance, holding, deposits, withdrawals and transacting of warehouse receipts CDSL Commodity Repository Limited

3 Regulatory and Government Guidelines on Security
The Indian regulator (SEBI) has circulars recommending Information Security policies and Cyber Security framework guidelines to be adopted by systemically important MIIs (Exchanges, Clearing Corporations, Depositories). Accordingly CDSL has adopted Information Security and Cyber Security policies. CDSL and other market intermediaries are invited to the Technical Advisory committee and Cyber security sub committee meetings which are held periodically to discuss and deliberate on policy formulation before circulars are issued. Formation of NSCS and NCIIPC by Prime Minister’s Office (PMO) The Government of India under direct supervision of the PMO has instituted the National Security Council Secretariat (NSCS). CDSL and all market intermediaries were invited by NSCS to present the state of infrastructure and security in the organization. CDSL is registered with National Critical Information Infrastructure Protection Center (NCIIPC), the operational entity under NSCS CDSL gets regular advice / updates from NCIIPC and shares incidents and updates with them for cyber security threats. International Organization of Securities Commissions (IOSCO) Guidelines The regulator has also recommended that the cyber resilience guidelines for Financial Market Infrastructures issued by IOSCO to be followed. CDSL is in compliance with IOSCO guidelines.

4 Cyber security is a Business Issue
Digital transformation With enterprises becoming more and more connected with the increasing adoption of digital technologies, the safeguarding of the company’s digital assets has become extremely complex and challenging. The constantly changing digital technology landscape needs fast adoption of newer and sophisticated cyber security solutions. The senior management team and IT need to keep the security aspect at the top of mind as they make decisions about new products and services. Security first should be the mantra along with Digital first. Risks Management Committee The risk management committee nowadays get involved in understanding and mitigating cyber security risk as much as they get involved in operational, financial or other risks. New project initiatives or process changes with any element of security risk are deliberated before being taken up.

5 Cyber security is a Business Issue
Security practices of partners and intermediaries With the prevalence of outsourcing of services, our suppliers and partners need to also follow good security practices. There are defined outsourcing policies which are as per regulator guidelines. There is a recent initiative by the regulator to enforce certain minimum cyber security practices to be followed by the market intermediaries (depository participants and brokers), and have the depository oversee the compliance. Cybersecurity is everyone’s responsibility While the role of IT has traditionally been of being an enabler of businesses, the equally important role is of protecting and securing the businesses from cyber threats. IT with the support of senior management must create a security culture in the organization by facilitating regular user awareness training and to recognize that a careless employee can cause a cyber security breach. Cybersecurity is really a business issue not only an IT responsibility as it exceeds the boundaries of IT, and cyber risk needs to be managed with as much discipline as financial risk or operational risk. 

6 Board oversight and involvement
Cyber threat is today one of the biggest organizational risk Cyber threats have emerged as a growing risk to companies across industries with the potential of causing serious financial and reputation damage to organizations. Boards understand that cyber security is a risk management issue that affects the entire organization and requires board oversight. Security risks to the board need to be conveyed in business terms to help the board understand how cybersecurity impacts the company directly. Active board involvement is imperative Strong corporate governance requires that the board of directors actively engage on the issue and is kept informed on cybersecurity readiness of the organization. Boards must ensure there is executive ownership ideally at the top starting with the CEO. Cyber risk related insurance coverage is now being offered by insurance companies. The security maturity of the organization can reduce the cost of the premium.

7 Concerns and areas of improvement
Incident sharing While some security companies have formed partnerships and are collaborating to share cyber incidents to help them strengthen the solutions that they offer, there is no organized sharing among user companies so they can learn from other’s incidents. In BFSI, the practice to share incidents with the regulator is mandatory within stipulated time, and the regulator is expected to share the same with the other organizations masking the victim organization’s identity. The victim organization is often reluctant to share incidents to protect its reputation and there is thus a huge under reporting of incidents. Hackers collaborate While companies do not, attackers often collaborate to attack the enterprise. Cost of protection is disproportionately higher than cost of attacking. The hacker with very little financial resource can penetrate enterprises who do not continuously secure themselves. 

8 Concerns and areas of improvement
Resource shortage There is an acute shortage of skilled security resources and organizations are finding it very difficult to attract talent and competing with security organizations. The optimum mix of in-house and vendor resources need to be deployed, especially to run a centralized Security Operations Center (SOC). Skilled and trained resources are required to ensure that solutions procured are implemented with proper configuration to ensure that they work as expected. Increased security spends in an increasingly connected world With multiple security vendors offering overlapping solutions, and most companies having existing security solutions in place, the selection of new solutions is very complex and challenging. Integrated security tools working together in a seamless automated way can streamline the process of detecting and mitigating threats. The major security vendors have introduced the concept of a fabric layer which can integrate with other vendor solutions. While protecting the enterprise with sophisticated solutions and tools is expensive, there is really no guarantee that the enterprise is fully secure.

9 Security Landscape Reference Model
Operations Asset & Config management Incident management Vulnerability & Patch management Change management Access management Event monitoring & management Application Platforms Data Protection Applications Antispam DB Activity Monitoring WAF App Sec APT Data Classification Data Encryption VPN / SSL DRM Host Security Mobile / Laptop Access / Authentication Endpoints Antivirus / HIPS Patch Mgmt Config Mgmt IDM / PIM VA / PT DLP NAC MDM 2FA SSO Infrastructure Network DLP DDoS Protection Firewall / IPS SIEM / SOC DCIM Web Proxy Wireless

10 Executive Director and Group CTO
THANK YOU Joydeep Dutta Executive Director and Group CTO

Download ppt "Cyber Security Central Depository Services (India) Limited"

Similar presentations

1 Role and Responsibilities of CSD in China's Investor Protection Scheme SHEN Bing Panel Discussion at 16 th Annual Meeting of ACG Bali, September 20,

1 Role and Responsibilities of CSD in China's Investor Protection Scheme SHEN Bing Panel Discussion at 16 th Annual Meeting of ACG Bali, September 20,
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Joseph Ferracin Director IT Security Solutions Managing Security.

Joseph Ferracin Director IT Security Solutions Managing Security.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google