What changed
RBI introduced a Security Incident Tracking Platform developed by IDRBT, hosted on INFINET, for anonymous reporting of security incidents by banks. The platform is accessible only to Chief Information Security Officers (CISOs) and aims to facilitate information sharing on threats, external attacks, and internal compromises. IDRBT is also coordinating with CERT-In to gather global threat intelligence.
What it means for you
Banks must now actively report all information security incidents on this platform to build a shared repository for the banking industry. This will help fine-tune security policies and enable collective preventive measures. Non-compliance could lead to gaps in threat intelligence and regulatory scrutiny.
What you must do
- Ensure your CISO registers and accesses the Security Incident Tracking Platform on INFINET.
- Report all information security incidents, including external attacks and internal compromises, on the platform anonymously.
- Coordinate with IDRBT and CERT-In for threat intelligence updates and integrate insights into your security posture.
- Acknowledge receipt of this circular to RBI as instructed.
Who it affects
Chief Information Security Officers (CISOs) of all scheduled commercial banks, IT and information security teams of banks, IDRBT and CERT-In as platform operators
What is the Security Incident Tracking Platform?
It is a platform developed by IDRBT, hosted on INFINET, where banks can anonymously report information security incidents to enable industry-wide sharing and threat intelligence.
Who can access this platform?
Only the Chief Information Security Officer (CISO) of each scheduled commercial bank is provided access to maintain confidentiality.
Why is anonymous reporting important?
It encourages banks to share sensitive incident details without fear of exposure, helping build a comprehensive repository for better preventive measures across the industry.