Page 31 - Banking Finance November 2022
P. 31
ARTICLE
Foster a culture of cyber security that promotes safe
and appropriate use of cyber space.
Develop and cultivate cyber security capabilities.
To create awareness among the stakeholders including
employees
Information Security and Cyber Security
Policy
Information Security covers protection of information and
information systems from unauthorised access, use,
disclosure, disruption, modification, or destruction. It's main
aim is to provide Confidentiality, Integrity, and Availability
(CIA) of information systems and the information within.
A Cyber Security Policy must address procedures and
Cyber Security is a subset of Information Security. It should be
behaviours that can be changed. It is also important to
distinct from the broader IT policy / IS Security Policy of a bank.
recognize that there are exceptions to every security rule.
Bank uses protective measures such as encryption, firewalls
Thus the policy should be as flexible as possible in order that
and other technology and security procedures to protect the
it remains viable for a longer time.
accuracy and security of sensitive personal information and to
prevent unauthorised access or improper use.
If a proper security policy is in place, then all staff will be
able to clearly understand what is permitted and what not,
Cyber security Policy in the organisation relating to the protection of information
The policy specifies what aspects of Information Security are assets and resources. This helps in raising the level of security
of paramount importance to the organisation, and thus a consciousness among all staff. In addition to this, a security
Cyber Security Policy can be treated as a basic set of policy provides a baseline from which detailed guidelines and
mandatory rules that must be observed. The policy should procedures can be established. It may also help in supporting
be observed throughout the organisation and should be in any decision to prosecute in the event of serious security
accordance with the security requirements, and the violations.
organisation's business objectives and goals.
RBI instruction regarding Cyber Security
Cyber security policy should be practical and important for
the organisation. The following should be considered for policy
cyber security policy:
Cyber-aware board and establishment of strong
The sensitivity and value of the IT assets that need to
governance
be protected
Banks need to create programmes and interventions to
The legal requirements, regulations and laws of the
sensitise the board and management about the evolving
Government in our jurisdiction
threat landscape and the current and future state of their
Bank's goals and business objectives. cyber security posture. This will help in setting the right tone
at the top and will make cyber security as important as
The practicalities in implementation, distribution and
investing in business-enabling technologies.
enforcement
International best practices in the industry to the extent
RBI also calls for banks to strengthen enterprise-wide cyber
applicable/feasible
security governance. It articulates aspects that need the
Cyber Security Framework of RBI approval of the IT sub-committee of the board.
BANKING FINANCE | NOVEMBER | 2022 | 31
