SEBI has come out with a consultation paper titled ‘'Consolidated Cyber Security and Cyber Resilience Framework’ on boosting cyber security framework for market intermediaries, market infrastructure institutions, and other regulated entities (RE) and which looks at providing a common structure for multiple approaches to cyber security to prevent any cyber-risks/incidents. The framework is based on five concurrent and continuous functions of cyber security as defined by National Institute of Standards and Technology (NIST) -- Identify, Protect, Detect, Respond, and Recover. 

• Under the Identify function, the REs will also need to identify critical systems, formulate a comprehensive cybersecurity and cyber resilience policy and do scenario-based testing for assessing risk, among other things.
• Under the Protect function, REs will be required to implement network segmentation techniques to restrict access to sensitive information, hosts, and services; conduct a periodic audit by a CERT-In empanelled auditor to audit the implementation and compliance to standards mentioned in this new framework; and do vulnerability assessment and penetration testing (VAPT) to test the IT environment, among other things.
• Under the Detect function, REs will need to establish security mechanisms through Security Operation Centre (SOC) for continuous monitoring of security events and timely detection of anomalous activities and MIIs will need to include red-teaming exercises, among other things. Red teaming involves simulating a cyber attack to assess an entity’s security framework.
• Under the Respond function, all REs will need to have a Cyber Crisis Management Plan (CCMP) and investigate alerts from detection systems for root-cause analysis, among other things.
• Under the Recover function, REs will need to have a well-documented response and recovery plan for cyber incidents and need to inform of actions taken during the recovery process to all related stakeholders, among other things.

Click here to access the SEBI Consultation Paper -