DDoS Protection , Incident & Breach Response , Security Operations
Strengthen the CISO Office
IDRBT's Sastri on Banking CISOs' Preparedness to Tackle New ThreatsBanking CISOs are grappling with the challenge of increasing DDoS attacks and cyber espionage, says Dr. A S Ramasastri, director of the Institute of Development and Research in Banking Technology.
"While there is increasing thrust given to help banks tackle these threats and enable them to thwart them through effective cyber defence methods, workshops and information sharing efforts, there is much to be achieved," Sastri says.
Current efforts many not be sufficient to tackle the new threats, and says, and so the CISO office in banks needs to be empowered to find new ways to handle them.
"One way is to take a risk-based approach by understanding and mapping organization risks and work out a cyber defence strategy to mitigate these risks," Sastri says.
Additionally, to build a risk management framework, CISOs must have more autonomy to protect information assets and provide information assurance without being treated as a subset of IT, he says.
In this interview with Information Security Media Group, Sastri stresses the need to enhance the skills of security practitioners, and says the future focus is on finding ways to tackle insider threats and imbibe skills around digital forensics. He provides perspectives on:
- IDRBT's role in enhancing information sharing between banks and telcos to find better threat mitigation techniques;
- The need for banks to leverage SoC to detect threats and prepare required frameworks;
- Evolution of new governance structure of security roles
Prior to joining the Institute, Sastri was the chief general manager-in-charge of Department of Information Technology at Reserve Bank of India, where he spearheaded many important projects including Implementation of the Next Generation RTGS, adoption of international standards like XBRL and ISO 20022, conceptualizing and guiding of banks on automated data, and preparation of IT Vision of RBI for 2011-17. He has been a member of the Institute's Governing Council, Member of Faculty of the RBI Staff College, and has authored two books on 'Quantitative Methods for Valuation of Assets' and 'Quantitative Methods for Banking and Finance.'