Scribd Logo
Upload

Welcome to Scribd!

  • CS Audit

    Uploaded by

    rajeshre2
    4 views4 pages
    The document discusses CERT-In's observation that very few cybersecurity audits have been conducted in Regional Rural Banks (RRBs) in India. It makes the following recommendations: 1. NABARD should issue directives to all regulated entities, including RRBs, to conduct comprehensive cybersecurity audits of their ICT and Fin-Tech infrastructure within the next six months using CERT-In empaneled auditors. 2. CSITE Cell identified 28 RRBs that should undergo audits based on their digital exposure and past security incidents. So far, 4 RRBs shared reports from CERT-In auditors while 1 used another auditor. 23 RRBs have yet to share

    Original Description:

    Original Title

    CS AUDIT

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses CERT-In's observation that very few cybersecurity audits have been conducted in Regional Rural Banks (RRBs) in India. It makes the following recommendations: 1. NABARD should issue directives to all regulated entities, including RRBs, to conduct comprehensive cybersecurity audits of their ICT and Fin-Tech infrastructure within the next six months using CERT-In empaneled auditors. 2. CSITE Cell identified 28 RRBs that should undergo audits based on their digital exposure and past security incidents. So far, 4 RRBs shared reports from CERT-In auditors while 1 used another auditor. 23 RRBs have yet to share

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    CS Audit

    Uploaded by

    rajeshre2
    The document discusses CERT-In's observation that very few cybersecurity audits have been conducted in Regional Rural Banks (RRBs) in India. It makes the following recommendations: 1. NABARD should issue directives to all regulated entities, including RRBs, to conduct comprehensive cybersecurity audits of their ICT and Fin-Tech infrastructure within the next six months using CERT-In empaneled auditors. 2. CSITE Cell identified 28 RRBs that should undergo audits based on their digital exposure and past security incidents. So far, 4 RRBs shared reports from CERT-In auditors while 1 used another auditor. 23 RRBs have yet to share

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1

    DOS- CSITE Cell

    CERT-In letter - Regarding less number of Cybersecurity Audits


    Conducted in Regional Rural Banks (RRBs)

    Attached is a communication dated 21st July 2023 from Director General,


    CERT-In on the captioned subject. CERT-In is currently collecting and
    analyzing the cyber security audit metadata on a quarterly basis to assess
    vulnerabilities and audit landscape under the framework of cyber security
    audit conducted by CERT-In empanelled organizations and they have
    observed that very less number of audits are initiated in Regional Rural
    Banks.

    2. To enhance the position of audits in regulated entities, it has


    recommended that NABARD may issue directives to all regulated entities
    to conduct comprehensive cyber security audits of their entire ICT and
    Fin-Tech infrastructure within the next six months by CERT-In
    empanelled organizations. The directives may also include mandate
    frequency of audits to be at least once a year, or whenever there is a
    significant change in the ICT/Fin-Tech environment. It has also advised
    for submission of compliance by NABARD to CERT-In.

    3. Present status on Cybersecurity audits in RRBs

    CSITE Cell has identified 28 RRBs out of 43 based on their higher digital
    exposure, implementation of Cyber Security Controls, high financials
    (total loans and advances) and Cyber security incidents identified in the
    past. These RRBs were advised to conduct cyber security audit by certified
    external auditor having rich experience in conducting technology audits or
    through CERT-In empaneled auditors in June 2022. The compliance
    status is as follows:

    4 RRBs have shared reports from CERT-In empaneled auditor and 1 RRB
    by other auditor. 23 RRBs are yet to share the reports and CSITE Cell has
    continuously followed up with the banks and ROs for submission of the

    NB-DOS-CSITE-CSPOL-E-2023-24-000855
    2

    report wide email dated 28 July, 04 Oct, 25 Nov 2022 and IOM dated 31
    Oct, and 16 Feb 2023.

    4. Recommendation:

    a) We may issue letter to all the RRBs to conduct cybersecurity audit by a


    CERT- In empanelled auditor (draft enclosed). Alternatively they may
    appoint CERT-In empanelled auditor for their IS audit wherein Gap
    Assessment with respect to cyber security framework and cyber security
    audit of entire IT and Fin-Tech infrastructure are part of the IS audit
    scope and must be conducted within next 5 months. However, the bank
    may not require to conduct audit if such IT audit/IS audit is conducted
    within the current FY 2023-24 by CERT-In empanelled organization.
    The bank may share the report with CSITE Cell, HO and respective
    Regional Office.
    b) We may issue reminder to ROs to follow up with the SEs (71 out of 84)
    which are yet to submit the report by CERT-In empanelled auditor.
    ROs may give priority to RRBs.
    c) We may also advise all the ROs to collect latest IS audit report from
    their respective RRBs (draft enclosed). As other RRBs may also have
    conducted audit by CERT-In empanelled auditors and it will help us to
    share the correct status with CERT-In.
    d) We may communicate the present status to CERT-In as per point no. 3
    after receiving the reports as per point 4 (b) & (c) or maximum by 15
    Sep 2023.

    NB-DOS-CSITE-CSPOL-E-2023-24-000855
    3

    Name of the Officer: Hemant Yadav


    Designation: AM
    Date: 17/08/2023 12:30:59

    For approval please.


    Name of the Officer: Ganesh Saini
    Designation: CSM
    Date: 17/08/2023 13:03:25

    Ad observed by CERT-In, we may advise all the RRBs to undertake cyber security audit
    by CERT-In empaneled auditors latest by 31 Dec 2023 (time given by CERT-In is 6
    months, however, we have restricted the time limit to 31 Dec 2023 so that we can comply
    to CERT-In time line even if there is some delay on the part of some of the RRBs)

    Draft letter to all RRBs with endorsement to ROs has been revised and put up for
    approval. Hindi translation will be done after the letter is approved.

    Name of the Officer: Pankaja Borah

    Designation: DGM

    Date: 18/08/2023 11:57:28

    We may advise all the RRBs as per the draft letter attached. Endorsement of the letter
    may be sent to RO for follow up action with RRBs for conduct of cyber security audit by
    CERT-empaneled Auditors and for submission of reports as per Annexure I. draft letter
    for approval please.
    Name of the Officer: Shri Prabhat Keshava
    Designation: GM
    Date: 18/08/2023 14:48:51

    As proposed.
    Name of the Officer: Sudhir K Roy

    NB-DOS-CSITE-CSPOL-E-2023-24-000855
    4

    Designation: CGM
    Date: 22/08/2023 14:18:00

    NB-DOS-CSITE-CSPOL-E-2023-24-000855

    You might also like