We must thank IT virtualization as it led us to cloud technology. Today's IT infrastructures are already running their mission critical business applications on virtual machines. Like the physical infrastructure, virtualization is also cursed with cyber security challenges. This article talks about a typical open source virtualization solution and depicts the steps to secure its.
Keywords: pentesting, penetration testing, pentesting services, penetration testing services, security penetration testing, pentesting companies, best pentesting companies, pentest, pentesting consultants, list of pentesting companies, pentesters, penetration testers
RBI has laid out the need for constantly evolving core processes and technologies within the security infrastructure in the organization. It has done so in the introduction of the circular issued as RBI/2015-16/418.
“Use of Information Technology by banks and their constituents has grown rapidly and is now an integral part of the operational strategies of banks. The Reserve Bank, had, provided guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (G.Gopalakrishna Committee) vide Circular DBS.CO.ITC.BC.No.6/31.02.008/2010-11 dated April 29, 2011, wherein it was indicated that the measures suggested for implementation cannot be static and banks need to pro-actively create/fine-tune/modify their policies, procedures and technologies based on new developments and emerging concerns.” - R.Ravikumar, Chief General Manager.
It's important for all financial institutions to continue to evolve their technology and talent to keep up with changing trends. As more companies delve into digital technologies, they need to reinforce security measures to apply to these platforms as well. From mobile app technologies to faster KYC, RBI says that companies must evolve to keep their systems secure.
Banks also need to create a cyber-security focused policy around the particular frameworks they have in place when it comes to network security. They have to communicate the same to the Cyber Security and Information Technology Examination (CSITE) Cell of Department of Banking Supervision. All financial institutions have to remain compliant to the regulations laid out by RBI and perform regular penetration testing to ensure compliance.
RBI has mandated that all financial institutions must maintain a crisis detection and management plan. This has been done to ensure that all data leaks be reported at the right time and security measures be put in place immediately. When it comes to customer data and sensitive information, it’s critical to ensure that a remediation plan is in place. That’s why institutions hire the best pentesting companies to draft an exhaustive plan when it comes to crisis management.
RBI has also stated the all companies must remain compliant to the governing rules around privacy, data handling and encryption. They shouldn’t cut corners and avoid technical duties owed to their customers. In one of their most recent circulars titled “Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)”, ref - RBI/2018-19/63, they explain further.
“4.3.1 Since cyber risk is different from many other risks, the traditional BCP/DR (Business Continuity Plan/Disaster Recovery) arrangements may not be adequate and hence needs to be revisited keeping in view the nature of cyber risk. A Government of India organisation, CERT-In (Computer Emergency Response Team – India, a Government entity) has been taking important initiatives in strengthening Cyber Security by providing proactive/reactive services and guidelines, threat intelligence and assessment of preparedness of various agencies in different sectors, including the financial sector. CERT-In also has come out with National Cyber Crisis Management Plan and Cyber Security Assessment Framework. UCBs may refer to CERT-In/NCIIPC/RBI/IDRBT guidelines as reference material for their guidance.” - Ranjeev Shanker, General Manager In – Charge RBI has also stated that the cyber compliance office must be different from the general IT office that manages the technology. Cyber security must be a separate entity working with the company, focusing on strengthening the overall architecture of the firm.
A reference cybersecurity framework is shared below.
Image ref: http://www.pitcher.com.au/news/mitigating-cyber-risk-%E2%80%93-risky-business
TRBI has also stated that firms should conduct pentesting regularly in an effort to strengthen the network within. They need to hire the right pentesting services companies to ensure that there are no gaps within the network. Pentesting consultants can also be hired, so long as they make the organization more compliant to the existing norms and guidelines.
Penetration testers need to perform routine checks regularly to create a more compliant and secure environment. They also need to draft policies around using specific assets, so that they can do so via a compliant protocol. Pentesting companies, like Valency Networks, allow banks to function more effectively while relying on their exhaustive security measures put in place.