NABARD Cyber Security Framework
National Bank for Agriculture and Rural Development (NABARD) is an apex development finance institution fully owned by Government of India. The bank has been entrusted with “matters concerning policy, planning, and operations in the field of credit for agriculture and other economic activities in rural areas in India”. NABARD is active in developing & implementing Financial Inclusion.
The Cyber Security Policy should be distinct from the IT/IS Policy of the UCB so that it highlights the risks from cyber threats and the measures to address/reduce these risks. While identifying and assessing the inherent risks, UCBs should keep in view the technologies adopted, delivery channels, digital products being offered, internal and external threats etc., and rate each of these risks as Low, Medium, High and Very High.
Managing cyber risk requires the commitment of the entire organization to create a cyber-safe environment. This will require a high level of awareness among staff at all levels including Board and Top Management. UCBs should actively promote among their customers, vendors, service providers and other concerned parties an understanding of its cyber security objectives. Security awareness among customers, employees, vendors, service providers, etc. about the potential impact of cyber-attacks helps in cyber security preparedness of UCBs.
Digital Task Force Provides Information Security Audits, Vulnerability Assessment & Penetration Testing (VAPT), Drafting of Cyber & ISMS Policies & Procedures as suggested by Reserve Bank of India. After successful Audits and Drafting of Policies, we also provide monitoring and implementation of drafted Policies & Procedures through our AMC (Annual Maintenance Contract).
Cyber Security Controls for Primary Urban Cooperative Banks (UCBs):
- Cyber Security Operations Centre (CSOC)
- Roles and Responsibilities of DR/ DC & BCP
- Cyber Security And Cyber Resilience Strategy & Framework
- control on Organization’s Critical Information Infrastructure (CII)
- Audits & VAPT Plans
- Cyber Threat and Incident Management
- Data Markup and Recovery Plan Inventory Management of Business IT Assets
- Preventing access of unauthorized software
- Environmental Controls
- Network Management and Security
- Secure Configuration
- Anti-virus and Patch Management
- Secure mail and messaging systems
- Removable Media
- User/Employee/Management Awareness
- Customer Education and Awareness
- Backup and Restoration
- Vendor/Outsourcing Risk Management