1 / 7

IRDA Directives for Information & Cyber Security Framework for Indian Insurance Sector

IRDA Directives for Information & Cyber Security Framework for Indian Insurance Sector. Contents. The Evolving Cyber Threat Landscape needs Increased Regulations Increased Regulatory Requirements IRDA Directives – Are you IRDA Compliant?

jpaine
Download Presentation

IRDA Directives for Information & Cyber Security Framework for Indian Insurance Sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IRDA Directives for Information & Cyber Security Framework for Indian Insurance Sector

  2. Contents The Evolving Cyber Threat Landscape needs Increased Regulations Increased Regulatory Requirements IRDA Directives – Are you IRDA Compliant? Three Pronged Approach to Managing Cyber Risks and being IRDA Compliant India Contacts

  3. The Evolving Cyber Threat Landscape needs Increased Regulations Disruptive Innovations in the Banking and Financial sector are not only bringing about newer opportunities but are also paving in new threats. Digitization has changed the Banking eco-system from the traditional banking models. With the advent of Omni channel Banking, consumers now interact across Multiple Channels, newer technologies are playing its part and there is high penetration of mobile, internet and smartphones across consumers.This is changing consumer behavior, including buying behavior, with social networking, word of mouth, peer reviewing of products, and online research becoming the norm. Digital payments are becoming significant in India, and the evidence of the digital disruption is mounting in financial Industry which is leading to more profound open areas for Cyber attacks. According to a recent Cyber Security study by analysts, Banking & Financial Institutions are operating on boundary-less and unregulated ecosystems and thus are more vulnerable to be exploited by the ever evolving Cyber Threats. Incidents like Account Takeovers, Vishing, Fraudulent monetary transfers, ATM Skimming, Mobile Banking Exploitation using malwares are prevalent and are only evolving with the cyber criminals getting more innovative the attacks are only going to get bigger. Banking & Financial Institutions now need to ensure they follow the compliance and mandates from regulations within their industry, the adherence to the regulations is essential for the security of their business and to keep up with cyber-crimes.

  4. Increased Regulatory Requirements IRDA Directives or guidelines on Information Security, Electronic transaction, Technology Risk Management and Cyber Frauds, define the fundamental information security requirements which all Insurance agencies need to follow. In addition to the above guidelines, there are multiple regulatory requirements related to Internet Insurance transaction, Payment Systems, Mobile Banking, IT Outsourcing, etc., which may be applicable to a particular Insurance companies depending on the context of the organization and the nature of its operations in India. To proactively manage the vulnerabilities that could be exploited by hackers, patches and updates have to be rolled out .However, as the compromise often involves internal systems, such steps may not necessarily solve all the problems for an organization. IRDA’s circular last year covered several notable suggestions, ranging from arrangements for continuous surveillance, creation of a cyber security policy that is distinct from the broader IT policy and an immediate assessment of gaps in preparedness to be reported to the regulator. To diminish future risks and fortify safety mechanisms, institutions using global payment services should conduct a complete security review of their IT infrastructure. Lastly, a proactive forensic analysis of all the systems may be beneficial to ascertain if there has already been a breach or compromise. IRDA Vision & Objective • To ensure that a board approved Information and cyber security policy is in place with all regulated entities. • To ensure that necessary implementation procedures are laid down by the regulated entities for Information Security Risk Management, Enterprise risk management, Cyber Security related issues. • To ensure that the regulated entities are adequately prepared to mitigate Information and cyber security related risks. • To ensure that an in-built governance mechanism is in place within the regulated entities for effective implementation of Information and cyber security frame work. • :

  5. IRDA Directives – Are you IRDA Compliant? • Conduct third party and vendor audits on planned and adhoc basis to measure the effectiveness of the controls implemented. • All user-IDs and their access right shall be reviewed by the respective business functional owner on a regular basis to avoid existence of stray/orphan user accounts and ensuring that access rights are based on the need to know basis principle. • Supplement passwords (e.g. by using strong authentication' such as smartcards, biometrics or tokens), if and when necessary. • Restrict the business application/system/ network/computing device capabilities that can be accessed (e.g. by providing menus /groups that enable access only to the particular capabilities needed to fulfil a defined role) • Additional controls should be applied to special access privileges, including high level privileges (e.g. 'root' in Unix or ‘Administrator' in Windows systems/powerful utilities and privileges that can be used to authorize payments or perform financial transactions)

  6. Three Pronged Approach to Managing Cyber Risks and being IRDA Compliant Banking & Financial firms have traditionally focused their investments on becoming secure. However, this approach is no longer adequate in the face of the rapidly changing threat landscape. Put simply, Insurance companies should consider building cyber risk management programs in coherence with the IRDA guidelines to have the ability of being secure, aware and proactive at taking decisive actions to curb these threats. An effective cyber risk management solution would broadly have three capabilities: Identity Governance & Administration, User Activity Monitoring, Access Management & Authentication with analytics being run at the core which can then talk to Identity Management, Access Management, Privileged Account Management, File Integrity Monitoring and SIEM to provide rich data for the Subject matter Experts to work with. This situation will help the organizations to better be prepared for the digital revolution and the issues that come along with them. Identity Access Security • Governance • Provisioning • Privileged Identity • Self Service • Social Registration • Unified Identity • Roles • Analytics • Risk Based Access • SSO • Privileged Access • Federation • Multi-Factor • Mobile • Social Access • Analytics • SIEM • File Integrity • Privileged Monitoring • Configuration Monitoring • Change Monitoring • Analytics

  7. For Face to Face Meeting and/or Workshop on Cyber Security Framework for Indian Insurance Sector contact us - Email: -Rachana.Karanth@microfocus.com Phone: +91 080 4002 2063 www.microfocus.com India Offices: Bangalore Laurel', Block 'D', 65/2 Bagmane Tech Park, C.V. Raman Nagar, Byrasandra Post Bangalore - 560093 New Delhi Unit No 03 & 04 1st Floor, Salcon Ras Vilas District Center Saket New Delhi - 110017 Mumbai Leela Galleria, 1st Floor, Andheri Kurla Road, Andheri, (East) Mumbai - 400059

More Related