Should Indian Exchanges Adopt ISO 27001 International Information Security Standard?

in #india5 years ago

Indian crypto users have to deal with a lot of BS in this space. First it's the FUD from RBI, Indian government, it's agencies, and Indian media. Then it's the whole bunch of scammers operating in this space. Once you get past these you can't even sleep peacefully if you have any funds on an Indian exchange which is kind of inevitable if you do Crypto/INR trades regularly.

The recent bank fraud is proof of the same. I have some thoughts about these developments posted here.

While we're on the subject, it's important that moving forward, Indian exchanges must consider raising funds to meet ISO 27001 and 27002 criteria. If you are wondering what they are I have some information to share with you.

It's basically an audit process that any company, especially those in the FinTech sector must adhere to in my opinion. Complying with these aforementioned ISO standards means ensuring strong information systems are in place as well as high security processes are adhered to at all times.

According to TechTarget: ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

ISO 27001 basically uses a topdown, risk-based approach and is technology-neutral.

  1. Define a security policy.
  2. Define the scope of the ISMS.
  3. Conduct a risk assessment.
  4. Manage identified risks.
  5. Select control objectives and controls to be implemented.
  6. Prepare a statement of applicability.

The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002:2005. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls.

ISO 27002 contains 12 main sections:

  1. Risk assessment
  2. Security policy
  3. Organization of information security
  4. Asset management
  5. Human resources security
  6. Physical and environmental security
  7. Communications and operations management
  8. Access control
  9. Information systems acquisition, development and maintenance
  10. Information security incident management
  11. Business continuity management
  12. Compliance

At this point I highly doubt any Indian exchange currently is ISO 27001/27002 certified. Given the lapse in security leading the recent bank frauds I doubt if someone at these exchanges even knows what this is all about. If you are wondering, I don't have high expectations of exchanges operating out of India just yet!

Watch the following video to easily understand information pertaining to the ISO 27001 standard.

If you like my work kindly resteem it to your friends. You may also continue reading my recent posts which might interest you:

  1. Why You Should Vote For Firepower As Witness—Witness Campaign Post From India!
  2. Steem.Chat Contest #81

Follow Me: @firepower

#exchange #cryptocurrency #blog #firepower
5 years ago in #india by
$54.57
  • Past Payouts $54.57, 0.00 TRX
  • - Author $41.90, 0.00 TRX
  • - Curators $12.66, 0.00 TRX
795 votes
Reply 0

Coin Marketplace

STEEM 0.26
TRX 0.11
JST 0.032
BTC 63754.85
ETH 3055.95
USDT 1.00
SBD 3.85