Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Improving India's Digital Economy with the RBI Security Framework

In 2016, due to the increasing use of information technology by banks and their customers, and the increase in cyber attacks against the financial sector, the Reserve Bank of India (RBI) provided cybersecurity guidelines to the country’s banks. Cyber Security Framework in Banks includes an Annex detailing minimum baseline requirements for network security and resilience. These requirements cover such areas as inventory management, secure configuration, patch management, access control, and advanced real-time threat defense. Tenable offers several SecurityCenter® dashboards to help monitor conformance with the RBI guidelines.

Implications of the RBI Framework

The Framework elevates security to a Board/C-level problem

Guidelines have been published by the RBI in the past, but they have not been widely embraced by the various financial service institutions (FSIs). The ramifications of these new guidelines are significant; the Framework elevates security to a Board/C-level problem rather than just something that’s pushed to the technology organization. This means that the priority of security operations will be elevated, that the most senior levels of management will be aware of and involved in risk management and security related decisions, and that this level of management will be monitoring the situation regularly.

The guidelines also mandate the need for continuous real-time monitoring of the security situation, so breaches will be detected and mitigated early rather than later in the attack lifecycle. This is especially important as India moves to a digital economy. Additional emphasis focuses on customer protection, cyber resilience and sharing of information between banks through reporting.

SecurityCenter dashboards

Tenable SecurityCenter Continuous View® (SecurityCenter CV™) offers several specialized dashboards that can help you comply with the requirements specified in the RBI Framework.

SecurityCenter RBI Dashboards

Without proper inventory management, unauthorized software and rogue devices could infiltrate your network

Without proper inventory management, unauthorized software and rogue devices could infiltrate your network, bringing new vulnerabilities and increasing the risk of dangerous network attacks and compromises of sensitive data. The RBI Framework covers good inventory management in baseline controls 1 (Inventory Management) and 2 (Prevent Execution of Unauthorised Software), as well as in other baseline controls that mention identifying mobile devices and controlling software installation. The RBI: Inventory Management dashboard provides an overview of system counts, mobile devices, new MAC addresses, installed software, cloud service use and changes detected throughout your network. This information will enable you to gain control over your inventory and better secure your network.

Network vulnerabilities can lead to critical failures of devices, dangerous network attacks, and compromise of sensitive data

Network vulnerabilities can lead to critical failures of devices, dangerous network attacks, and compromise of sensitive data. The RBI Framework covers vulnerability and patch management in paragraph 6 ("Testing for vulnerabilities at reasonable intervals…") and baseline controls 7 (Patch/Vulnerability and Change Management) and 18 (Vulnerability Assessment). The RBI: Vulnerability Management dashboard provides clear information about detected vulnerabilities and helps you to identify where vulnerability remediation efforts can best pay off. Having accurate information to confidently address vulnerabilities and track remediation progress will enable you to reduce risk to a manageable level in a timely manner.

Without continuously monitoring network activity, unusual activity that could be dangerous or malicious in nature might never be seen

Of course, optimal network security requires more than just preventive measures. Without monitoring configuration compliance, misconfigured devices could facilitate actions that put critical systems and sensitive data at risk. Without continuously monitoring network activity, unusual activity that could be dangerous or malicious in nature might never be seen. The RBI Framework covers continuous network monitoring in paragraph 12 ("Banks need to take effective measures … to promptly detect any cyber-intrusions…") and several baseline controls, including 5 (Secure Configuration) and 13 (Advanced Real-time Threat Defence and Management). The RBI: Compliance and Monitoring dashboard helps you lock down and monitor configurations, and detect potentially malicious activity. Continuous monitoring catches cyber attacks early, before serious damage to systems and data can be done.

Other dashboards are available in the Tenable SecurityCenter feed that can assist you in securing your network and thwarting cyber attacks. Some dashboards focus on specific threats or products; find these in the feed by searching for keywords such as “Cisco”, “database”, or “Shellshock”. These dashboards focus attention on specific systems and may be called for in response to specific threats. Other dashboards, like the RBI dashboards discussed above, cover general cyber security concepts and support drilling down into the data to obtain more detailed information. For example:

The RBI Framework is a powerful tool to help banks conform with cybersecurity best practices. Tenable SecurityCenter dashboards help monitor and measure progress against the RBI controls.


Many thanks to David Schwalenberg for his contributions to this article.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training