Sebi takes guard against security threats, plans to hire agency

INSUBCONTINENT EXCLUSIVE:
New Delhi: Markets regulator Sebi plans to rope in an agency to identify and classify security holes in its entire information technology
infrastructure and suggest measures to mitigate such risks. Over the past few years, the regulator has been betting big on technology to
address and handle challenges arising out of technological advancements in the markets. To provide the service to the regulator's
information technology infrastructure, the Securities an Exchange Board of India (Sebi) has issued a notice inviting expression of interest
(EoI) from interested parties. Information system infrastructure includes networking systems, security devices, servers and databases. Sebi
said the selected bidder would be responsible for carrying out an assessment of threat and vulnerabilities in the regulator's information
technology infrastructure. This will include identifying existing threats if any and suggest remedial solutions and recommendations to
mitigate all identified risks, with the objective of enhancing the security of information systems, the regulator noted. The markets
watchdog said the selected agency will "perform Vulnerability Assessment and Penetration Testing (VAPT) to identify vulnerabilities,
misconfiguration and other issues that could be leveraged by an external or internal entity (or user) to impact the confidentiality,
integrity and availability of Sebi systems or exploit it for personal gains, either from internet or from Sebi's internal network". Spelling
out the eligibility criteria, the regulator said the applicant needs to have a registered office in India and should have been in operation
for at least three years. Besides, the applicant should not be in the business of selling IT security products. Among other terms, the
bidder should not be a black-listed firm "due to unsatisfactory performance, breach of general or specific instructions, corrupt or
fraudulent or any other unethical business practices". Interested agencies can submit their application till October 22. The move also comes
at a time when several malware attacks have come to light globally, including in India. Sebi, which has been focussing on technology to
address market challenges, in May invited bids to provide a data solution that can handle vast amount of data from multiple
sources. Besides, the regulator, in its annual report for 2018-19, said that it intends to deploy data analytics and new generation
technologies to deal with various challenges in the market. "Sebi would encourage adoption and usage of financial technology to further
develop and maintain an efficient, fair and transparent securities market ecosystem which also promotes innovation in the securities
market," Sebi Chairman Ajay Tyagi said in his statement in the annual report. As per the report, the regulator would continue to strengthen
market supervision through steps such as technology solutions being built to achieve the objective of identifying non-compliance and
assisting in investigations