Markets regulator Sebi plans to rope in third party agency to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks.
Markets regulator Sebi plans to rope in third party agency to identify and classify security holes in its entire information technology infrastructure and suggest measures to mitigate such risks. To provide these services, Sebi has issued a notice inviting expression of interest (EoI) from the interested parties. This comes at a time when several malware attacks have come to light globally, including in India.
Recently, the US Securities and Exchange Commission (SEC) reported a breach on its IT platform for company filings. The regulator said that the incident occurred in 2016 but it had observed last month that information could be used for illicit gain through trading. “In August 2017, the commission learnt that an incident previously detected in 2016 may have provided the basis for illicit gain through trading,” SEC noted.
The Securities and Exchange Board of India (Sebi) said selected bidder would be responsible for carrying out an assessment of threat and vulnerabilities and assess the risks in the regulator’s information technology infrastructure. This will include identifying existing threats and suggest remedial solutions and recommendations on the same to mitigate all identified risks and enhance the security of information systems. Information system infrastructure includes networking systems, security devices, servers and databases. Besides, the agency will be responsible for carrying out enterprise-wide system audit focused on configuration, security aspects, risk assessment, deployment, administration, access control, back up and business continuity.
The audit will also cover review of standard operating procedures, automation and monitoring of all IT assets. Spelling out the eligibility criteria, Sebi said the applicant should have been in operation for at least five years and should have registered profit for at least three years during the last five financial years. Among other terms, the bidder should not be a black- listed firm and should have registered office in India preferably in Mumbai. The regulator said that interested agencies need to submit application till October 6.