{"id":4052,"date":"2020-01-07T21:57:04","date_gmt":"2020-01-07T16:27:04","guid":{"rendered":"http:\/\/yourcareerheights.com\/?p=4052"},"modified":"2020-01-07T21:58:09","modified_gmt":"2020-01-07T16:28:09","slug":"4052","status":"publish","type":"post","link":"https:\/\/yourcareerheights.com\/?p=4052","title":{"rendered":"Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) \u2013 A Graded Approach"},"content":{"rendered":"
\n
\n\t
\n
\n

As per the Statement on Developmental and Regulatory policies of the Fifth Bi-monthly Monetary Policy Statement for 2019-20 dated December 5, 2019 the RBI has also decided to prescribe a comprehensive cyber security framework for UCBs, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them and assessment of cyber security risk.<\/h2>\n

A comprehensive Cyber Security Framework for UCBs has been formulatedby RBI\u00a0 based on a graded approach. The UCBs have been categorised into four levels based on their digital depth and inter-connectedness to the payment systems landscape<\/span>. The levels are defined as below:<\/strong><\/p>\n\n\n\n\n\n\n\n
Level<\/td>\nCriteria<\/td>\nRegulatory Prescription<\/td>\nRemarks<\/td>\n<\/tr>\n
Level I<\/td>\nAll UCBs<\/td>\nLevel I controls prescribed in\u00a0Annex I<\/a><\/td>\nIn addition to the controls prescribed to the UCBs vide circular dated October 19, 2018, bank specific email domain with DMARC controls, two factor authentication for CBS etc., are salient controls prescribed.<\/td>\n<\/tr>\n
Level II<\/td>\nAll UCBs, which are sub-members of Centralised Payment Systems1<\/a><\/sup>\u00a0(CPS) and satisfying at least one of the criteria given below:<\/p>\n
    \n
  • offers internet banking facility to its customers (either view or transaction based)<\/li>\n
  • provides Mobile Banking facility through application (Smart phone usage)<\/li>\n
  • is a direct Member of CTS\/IMPS\/UPI.<\/li>\n<\/ul>\n<\/td>\n
Level II controls given in\u00a0Annex II<\/a>, in addition to Level I controls.<\/td>\nAdditional controls include Data Loss Prevention Strategy, Anti-Phishing, VA\/PT of critical applications.<\/td>\n<\/tr>\n
Level III<\/td>\nUCBs having at least one of the criteria given below:<\/p>\n
    \n
  • Direct members of CPS<\/li>\n
  • having their own ATM Switch<\/li>\n
  • having SWIFT interface<\/li>\n<\/ul>\n<\/td>\n
Level III controls given in\u00a0Annex III<\/a>, in addition to Level I and II controls.<\/td>\nAdditional controls include Advanced Real-time Threat Defence and Management, Risk based transaction monitoring2<\/a><\/sup><\/td>\n<\/tr>\n
Level IV<\/td>\nUCBs which are members\/ sub-members of CPS and satisfy at least one of the criteria given below:<\/p>\n
    \n
  • having their own ATM Switch\u00a0and<\/span>\u00a0having SWIFT interface<\/li>\n
  • hosting data centre or providing software support to other banks on their own or through their wholly owned subsidiaries<\/li>\n<\/ul>\n<\/td>\n
Level IV controls given in\u00a0Annex IV<\/a>, in addition to Level I, II and III controls<\/td>\nAdditional controls include setting up of a Cyber Security Operation Center (C-SOC) (either on their own or through service providers), IT and IS Governance Framework<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n