CISOs in Banks to be upgraded.. Will we have “Executive Director-Security” in our Banks?

RBI in continuation of its fire fighting efforts after the “Mega Data Breach” in the Indian banking system has suggested that the “CISO” (Chief Information Security Officer) in a Bank which is already a senior position is to be upgraded from an “Operational Level” to a “Strategic Level”. (Refer article in IE).

The Gopalakrishna Committee which in 2011 gave a comprehensive recommendations on the E Banking security (Refer here for more information) which included the Administrative structure for Information Security Management. It included a Board Level Committee followed by an Executive Level Committee and a mandatory position of CISO etc.

Any sensible information security structure places the role of CISO as a top level officer who needs to be consulted on new product releases and other strategic initiatives besides managing the day to day security issues.

Again in June this year, RBI gave further mandatory instructions in the form of Cyber Security Framework.

Now RBI for the umpteenth time has reiterated the importance to be given to the CISO in the organization. Banks need to now look at whether the CISO should be at the Chief Officer level or at AGM/DGM level or at GM level.

Also it is important to note that the roles of the Chief Compliance officer and Chief Security Officer in an organization overlaps with the role of the CISO. For a proper functioning of the system it is necessary to identify that there is an apex level “Chief Security Officer” who oversees the work of the Information Security officer, the Physical Security Officer and the Compliance officer.

Ideally, such a person in the Bank should ideally be at the Executive Director’s level. At present there are a few Banks who may have multiple “Executive Directors”. Probably there should be one exclusively designated as “Executive Director-Security”.

We hope some Bank takes the lead in creating the CISO at the Executive Director’s level who naturally will be supported by several Deputy CISO s at lower levels.

Naavi

Related Article:

RBI points out many shortcomings of Banks

Banks should not get away

People Distrust on Plastic money Grows

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

One Response to CISOs in Banks to be upgraded.. Will we have “Executive Director-Security” in our Banks?

  1. Changing designation will be useless unless the person is given objective responsibilities and accountability alongwith defined powers. Unless, the danger of rolling heads, people do not perform. Further, the working culture in banks need paradigm shift. Just by kicking us CISO to be fancy designation, things will not change.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.