by Apurva Venkat

IDFC can help measure cyber resilience readiness

Nov 23, 2017
AuthenticationCloud SecurityCybercrime

This is how IDFC strengthened the audit and compliance efficiencies and assessed its cyber resilience readiness. 

In order to strengthen the audit and compliance efficiencies for a bank, it is prudent to transform the internal audit into a continuous monitoring and a continuous auditing system.

To achieve this IDFC Bank was looking for a solution which can assess the cyber resilience readiness in continuous monitoring and auditing mode. The bank built an analytical solution which took into account the cybersecurity approach advised by all major global financial regulators such as RBI, HKMA, MAS, OCC, FSA and FSI.

Cyber Security Maturity Model (CSMM):

 The CSMM assesses the organization on five key principles comprising enterprise security controls, IT infrastructure security, endpoint security, and security monitoring and outsourcing. The bank converted these five principles into 300 controls or data points to assess the cyber security practice institutionalized within IDFC bank.

The Maturity Indicator uses six maturity levels i.e. MIL0 (Incomplete), MIL1 (Performed), MIL2 (Planned), MIL3 (Managed), MIL4 (Measured), MIL5 (Defined) based on Carnegie Mellon University (CMU) Maturity Model.


The solution enabled IDFC bank to adapt more quickly and effectively to changes in the risk and regulatory environment due to the continuous assessment.

“The solution has increased the cost-effectiveness of controls and monitoring process. It has also increased collaboration between management and internal audit which helped in minimizing the duplication of controls and efforts,” says Mithilesh Singh, Director-Technology Audit, IDFC Bank.

This solution helped the management of IDFC to determine more quickly and accurately where it should be focusing attention and resources in order to improve processes, implement course corrections, address risks, or launch initiatives to better enable the enterprise to achieve cybersecurity resiliencies. The solution further helped the organization to adopt the changes in the risk and regulatory climate more quickly and effectively.