1. Visit us at : www.nsdl.co.in 1 NSDL THREAT PERCEPTIONS & SECURITY MEASURES

2. Visit us at : www.nsdl.co.in 2 AGENDA Introduction to Depository NSDL System Overview Threat Perception Security Measures IT Audit Practices

3. Visit us at : www.nsdl.co.in 3 NSDL - Bank -- An Analogy BANKBANKNSDLNSDL

4. Visit us at : www.nsdl.co.in 4Legislation/Regulations Service only through Participants Depository to maintain client level data Daily Reconciliation Continuos Connectivity with Encryption Backup facility at an alternate site

5. Visit us at : www.nsdl.co.in 5 NSDL System Overview CLEARING CORP. REGISTRAR /ISSUERS DEPOSITORY PARTICIPANTS STAR NETWORK SWIFT MESSAGING CONVENTION ANOTHER DEPOSITORY CC - 2 CC - 3 DP - 3DP - 4DP - 5 DEPOSITORY NSDL SR-1 SR-2 SR-3 DP - 1DP - 2 CC -1

6. Visit us at : www.nsdl.co.in 6 NSDL Today Beneficiary Accounts : 48.85 lac Positions : > 2 crore Custody : Rs. 9 lac crore Settlement thru Demat : 99.99% No. of Comp. / Securities : 5000 + / 14000+ Settlement value : > Rs. 2000 cr. Bookings : 6-12 lacs SWIFT Messages : 60-100 lacs

7. Visit us at : www.nsdl.co.in 7 Threat Perception Authenticity of Debit instruction Privacy of account holder’s information Disruption of Service Reconciliation Software Integrity

8. Visit us at : www.nsdl.co.in 8 Participants System Depository Network Depository Central System NSDL Internal Office Infrastructure Internet based Services Security Measures Scope

9. Visit us at : www.nsdl.co.in 9 Participants System Maker / Checker Implementation Audit Trails Inspection / Audit System Mandated Reconciliation Remote site backup + Log shipping Dial-up - Readiness Checks

10. Visit us at : www.nsdl.co.in 10 Depository Network Set-up Closed User Group (CUG) Network Hardware based Authentication Encryption - Dynamic Key change IP Filtering + Access List on Gateway Port Restriction Telnet / Direct Login / File Transfer prohibited Accepts only Message with valid format

11. Visit us at : www.nsdl.co.in 11 Depository System System Enforced Password Policy Failed Login Alerts Discretionary Access Control (DAC) Audit Trail De-activation of user-id with Direct Access rights MAC Address authentication for Access LAN Switch Port mapped to MAC address

12. Visit us at : www.nsdl.co.in 12 Depository Internal Office Infrastructure Office Systems –Switch based LAN / VLANs –Roving Port disabled on all LAN Switches –Local PC Data Protection Policy –Media Disposal Policy –Licensed Software Usage only

13. Visit us at : www.nsdl.co.in 13 Depository Internal Office Infrastructure - Cont. Internet Access –Governed by Internet Usage Policy –Access only through Proy Server –Firewall / IDS / URL Categorisation –E-Mail send / receive to server hosted outside –Only HTTP / HTTPs ports allowed –ICMP blocked, No access from outside

14. Visit us at : www.nsdl.co.in 14 Depository Internal Office Infrastructure - Cont. Virus Protection Mechanism –Gateway Scanner –Emails / Attachments scanned on Mail Server –Desktop Anti Virus Protection Physical Access –Proximity Card –Video Surveillance –Asset Movement Monitoring

15. Visit us at : www.nsdl.co.in 15 Internet based Services SPEED-e SSL Authentication –Password –PKI / SMART Card 3 Tier architecture Clustering Firewall / IDS

16. Visit us at : www.nsdl.co.in 16 Internet based Services - Cont.

17. Visit us at : www.nsdl.co.in 17 Software Change Management SRC (Software Review Committee) SDLC approach with documentation Separate environments (Dev./ Test / Prod) Source management system (VSS / SCLM) Acceptance Testing Managed DPM software distribution Formal Software Release Reviews

18. Visit us at : www.nsdl.co.in 18 Business Continuity Planning Facilities Dual UPS with Battery Back-up Standby Diesel generator Fire/Smoke detector & FM 200 Sprinklers Standby Air Conditioners Periodic Drill

19. Visit us at : www.nsdl.co.in 19 Business Continuity Planning System and Data Processor/Disk Sparring Standby controller/Router Dual Logging Log file replication at another site Fire proof back-up storage Safe copy of software & critical documents Periodic Operations from DRS Facility

20. Visit us at : www.nsdl.co.in 20 7 Business Continuity Planning Network NSE DRS HUB NSDL DRS NSE Primary HUB, Mumbai, Leased Line NSDLNET ISDN / PSTN NSDL NET Business Partners NSDL Primary Production Site Mumbai NSDL TC Fall Back X. 25 VSAT Cloud NSENET

21. Visit us at : www.nsdl.co.in 21 IT Audit Practices Security Committee Vulnerability Assessment Group Risk Analysis Group Security Audit and Penetration Testing Surprise audit by Security Officer Reporting to MD