Chief Information Security Officers (CISO) Forum

IDRBT formed the Chief Information Security Officers (CISO) Forum in the year 2010 with a view to provide a platform for CISOs of all banks to discuss common security concerns in the Indian Banking and Financial Sector and collaboratively provide solutions. The mission of the CISO Forum is to:

  • provide a platform for learning about the latest security technologies
  • share day-to-day problems in implementing security in banks
  • continuously upgrade the security posture of banks.

Over time, the CISO Forum has emerged as the preferred platform to collaboratively discuss and provide solutions for Information Security concerns in the Indian Banking and Financial Sector, which contributes to enhanced Information Security in Banks. The CISO Forum is an active body for learning and doing in the area of Information Security in Banks and is serving as an effective platform for the CISOs of banks to discuss and resolve information security related issues.

The 47th meeting of the CISO Forum was held at IDRBT on May 26-27, 2025. The forum commenced with an inaugural and welcome address by Dr. Deepak Kumar, Director IDRBT. In his inaugural address, Dr. Deepak emphasized the growing importance of security and data privacy in the banking sector. He introduced the Domain Registry initiative, highlighting the RBI circular mandating banks to migrate their domains to ‘.bank.in’ by October 31, 2025, with IDRBT serving as the sole registrar. He also discussed the advancements in IB-CART 3.0, developed in collaboration with Quick Heal, which offers cost-effective threat intelligence with improved Indicator of Compromise (IoC) efficiency. Additionally, he explained the strategic shift from cyber drills to tabletop exercises, ensuring a more structured and effective approach to cybersecurity preparedness.

Smt. Sailaja Rani, General Manager, CSITE, RBI, delivered a session on “Streamlining Compliance for Operational Excellence.” She emphasized the need for banks to adopt smarter, risk-based, and cost-effective compliance strategies. Smt. Rani highlighted global best practices, common compliance challenges, and gaps identified during supervisory assessments, urging banks to streamline efforts around frameworks like PCI DSS through proactive, agile auditing and automation to improve operational efficiency without compromising security.

Dr. A. R. Joshi, Executive Director, RBI, focused on “Defense against API & Application Incidents.” He stressed the critical need for strengthening application and API security within banks by leveraging AI-driven solutions, machine learning, and predictive analytics to proactively identify vulnerabilities. Dr. Joshi emphasized addressing vulnerability analysis backlogs, balancing innovation with security, and implementing a comprehensive blueprint to map attack surfaces and defenses, thereby enhancing incident response and reducing risk exposure.

The first day concluded with a Panel Discussion among CISO Peer Group, moderated by Col. Deepak Joshi, CISO CERSAI, alongside Subramanian V, CISO IDBI, and Kuldeep Pal, CISO BOI. The discussion revolved around the significant evolution of cybersecurity threats over the last decade, emphasizing the need for 24/7 monitoring and the emerging alignment of CISO roles with CTO functions. Panelists discussed audit compliance and remediation, the implications of the DPDP Act allowing users to withdraw consent, and the robust security framework of SEBI which is very strong, in security 20% role is played by technology and 80% is played by culture and awareness.

Day 2 began with a session on “360-degree Security in the AI-2-Agentic AI Era” by Shri. Suvin Mullaseril from the Palo Alto Team. He highlighted how AI and Machine Learning are revolutionizing cybersecurity by automating routine tasks, enabling real-time threat detection and mitigation, and adapting to emerging attack patterns. He also addressed the rise of Agentic AI and Non-Human Identities (NHIs), underscoring the new governance and security challenges they present, particularly in managing AI interactions and permissions for banks.

An insightful session on IDRBT’s New Initiatives provided a detailed overview of IBCART 3.0 and the Domain Registry for “.bank.in”. The team walked attendees through the step-by-step process of registering domains on the new portal, including required documents, DSC requirements, and payment procedures. It was announced that IBCART 3.0, launched on March 12, would adopt a streamlined registration and payment process, similar to the Domain Registrar, with a formal launch and discussion with CISOs slated for the first week of June.

Col. Deepak Joshi, CISO CERSAI, shared his valuable experiences in managing CKYC data and the solutions implemented to address challenges faced by his organization.

A second Panel Discussion among CISO Peer Group, moderated by Dr. Abhishek Thakur, IDRBT, explored how cybersecurity leaders are aligning business priorities with effective security strategies. The panel emphasized the importance of “security by design,” securing strong executive buy-in, and maintaining clear communication with the board to ensure cybersecurity remains a top organizational priority. They also discussed bridging the gap between cybersecurity teams and business units to foster collaboration. A significant focus was placed on AI’s dual role – as a powerful tool for defense and as a catalyst for sophisticated attacks like advanced phishing and deepfakes, highlighting the critical need for banks to leverage AI intelligently.

Finally, Shri. Vaibhav Koul of Protiviti Global Team presented on “Risk Management – Adapting to a New Era of Threats.” He emphasized the need for a paradigm shift from reactive incident response to proactive, predictive approaches. Shri Koul highlighted how AI and Machine Learning can enhance threat detection and automate responses. He also stressed best practices in crisis communication, regulatory compliance, and business continuity, advocating for aligning risk management with overall business transformation through policies that drive compliance, automation, and a forward-looking security posture.

The Forum concluded with a vote of thanks by Prof. V. Radha, Faculty, IDRBT. 46 CISOs from various banks participated.

The CISO Forum, functions under the aegis of the Institute’s Centre for Cyber Security and Data Privacy and is coordinated by Dr. Abhishek Thakur, Faculty, IDRBT.