Chief Information Security Officers (CISO) Forum
IDRBT formed the Chief Information Security Officers (CISO) Forum in the year 2010 with a view to provide a platform for CISOs of all banks to discuss common security concerns in the Indian Banking and Financial Sector and collaboratively provide solutions. The mission of the CISO Forum is to:
- provide a platform for learning about the latest security technologies
- share day-to-day problems in implementing security in banks
- continuously upgrade the security posture of banks.
Over time, the CISO Forum has emerged as the preferred platform to collaboratively discuss and provide solutions for Information Security concerns in the Indian Banking and Financial Sector, which contributes to enhanced Information Security in Banks. The CISO Forum is an active body for learning and doing in the area of Information Security in Banks and is serving as an effective platform for the CISOs of banks to discuss and resolve information security related issues.
The CISO Forum meets once every three months, and the latest meeting was held at Pune, Bank of Maharashtra, on June 02-03, 2023. The Director, IDRBT, and Shri Vijay Kumar, Executive Director, Bank of Maharashtra, jointly inaugurated the Forum. In his address, the Director, IDRBT, emphasised the importance of forming purple teams within banks to enhance internal cyber security practices and the various initiatives that the Institute is working on. Shri Vijay Kumar, Executive Director, Bank of Maharashtra, spoke on the 35-year evolution of technology in banking, highlighting trust as a core pillar, and stressing on the need for a robust internal threat detection framework. He suggested that human behavioral aspects need to be understood to trigger red flags, whenever necessary.
Shri A.G. Giridharan, GM, CSITE, RBI, discussed reporting lapses by banks and mentioned about RB l’s zero tolerance for delays. He stressed on the importance of regular reporting to RBI on security incidents and pointed out that daily reporting of downtime is mandatory. Shri Kalmeshwar S., DCP, Cyber Crimes, Telangana Police, shared Telangana Police’s initiatives, including about the Telangana State Centre of Excellence for Cyber Safety – an industry-led collaboration to detect fake SIM cards and fraudulent transaction patterns. Shri Manoj K. Nair, Checkpoint, discussed large language model usage in cyber-attacks, and demonstrated Al-generated phishing emails while highlighting Al’s role in attack prevention.
Dr. Rajarshi Pal, Faculty, IDRBT, spoke on Al/ML techniques for cyber security, highlighting their applications and potential pitfalls and Dr. Dipanjan Roy, Faculty, IDRBT, presented a summary on the Cyber Drill conducted in May 2023 highlighting the key learnings, challenges, and best practices identified during the drill.
Thereafter, CISOs shared their insights on Understanding/Defining Application Logs in SOC Integration and Monitoring, Security in Open-Source usage, Preparation against DDoS Attacks, Community Cloud with standardised security structure for non-critical applications, and API security. Around 50 CISOs participated.
The CISO Forum, functions under the aegis of the Institute’s Centre for Cyber Security and Data Privacy and is coordinated by Dr. B.M. Mehtre, Dr. Rajarshi Pal, and Dr. Dipanjan Roy, Faculty, IDRBT.
UCB CISO Forum
The Institute formed a CISO Forum exclusively for Urban Cooperative Banks (UCB) in the year 2021 and the first meet of the Forum was held on May 06, 2021.
The latest meeting of the UCB CISO Forum was held on June 08-09, 2023. Inaugurating the meeting, Prof. D. Janakiram, Director, IDRBT, emphasised the need for robust cyber security controls for third-party vendors and adopting cloud services, while pointing out the need for preparing a full-list of critical softwares and carrying out cyber drills regularly to maintain cyber hygiene.
Shri Kalmeshwar S, DCP Cyber Crimes, Telangana Police, spoke on how all stakeholders need to work together to develop a cyber-safe environment. Threat input response investigation, standardisation of data, frauds affecting businesses, loan app frauds, capture of digital crimes, identification of gaps and behavioral patterns, and cyber advocacy are some of the areas he dwelt upon. Shri A. S. Murty, Associate Director, C-DAC, highlighted the importance of an organisation’s readiness and capabilities to respond to and investigate cyber incidents, focusing on asset and risk management auditing, digital evidence collection and management, and the role of VAPT in identifying security gaps.
The second day started off with Shri. Sabyasachi Jena, CERT-In, discussing proactive and reactive approaches to guidelines, and presenting a CCMP plan of action that emphasised cyber resilience and different levels of assurance. Ms. Muskan, CERT-In, explained various cyber-attacks, concepts like the Cyber Kill Chain, attack frameworks, structure and stages of MITRE attack framework, use of red teaming and other tools for detecting credential access and brute forcing.
Prof. V. Ravi, Faculty, IDRBT, spoke on key regulations, customer identity verification, risk-based monitoring principles, highlighting data collection, aggregation, and anomaly detection, as well as the role of AI/ML in reducing false positives in real-time transaction monitoring. Shri. BN Rao, Broadcom, addressed data protection challenges, zero trust multi-authentication, secure digital transformation, intellectual property protection, Generative AI and privacy concerns and data loss prevention.
Dr. Rajarshi Pal, Faculty, IDRBT, explained the application of AI/ML in cybersecurity, including predictive anomaly detection, machine learning concepts, shallow learning and deep learning techniques for identifying relevant data. Dr. Dipanjan Roy, Faculty, IDRBT, presented a report on the 32nd cyber drill conducted in May 2023, in which 61 banks participated. Around 20 CISOs from various UCBs participated.
The UCB CISO Forum is coordinated by Dr. Dipanjan Roy, Faculty, IDRBT.