What is Cert-Fin? Discuss its role and impact on India's cybersecurity architecture.

Published: May 3, 2018

Cert-Fin will be an umbrella Cert for the financial sector and report to Indian Computer Emergency Response Team (Cert-In) at the national level, in accordance with the information technology Act and rules.
Features of Cert-Fin

  • Cert-Fin will work closely with all financial-sector regulators and stakeholders on issues of cyber security.
  • Cert-Fin will be an independent body, to be set up as a company under Section 8 of the Companies Act, 2013, with a governing board.
  • It will have an advisory board for providing direction, reviewing performance and recommendations, and allocation of resources.
  • It has also been recommended that each financial-sector regulator will have a separate entity that will provide information in real time to Cert-Fin.
  • There would be a bank-Cert (which would be the Reserve Bank of India), a securities-cert, insurance-cert and pension-cert; all of which will directly report to Cert-Fin.
  • Cert-Fin will then report to the National Critical Information Infrastructure Protection Centre (NCIIPC), which monitors and coordinates protected systems of critical national infrastructure.

Impact on cyber security and architecture
Cert-Fin will collect, analyse and disseminate information on cyber incidents across financial sectors. It will forecast and send alerts on cyber security incidents. Cert-Fin will contribute to strengthening of the cyber security of the country.

  • It will also take emergency measures on cyber security incidents.
  • It will coordinate responses and activities for cyber incidents and issue guidelines, advisories, and white papers relating to vulnerabilities and information security.
  • It will monitor efforts in the financial sector towards maintaining modern cyber security architecture, developing awareness among regulated entities and the public in general.
  • Cert-Fin will also create awareness on security issues through dissemination of information on its website and operate a 24×7 incidence response help desk.
  • It will also provide incident prevention and response services as well as quality management services and will carry out functions similar to Cert-In, which operates at the national level, for priority cyber security in financial sector.
  • Cert-Fin will offer policy suggestions for strengthening financial sector cyber security to all the stakeholders, including regulators and the government.

Model Questions Category:  

Comments