Question 1

What is the right risk management framework for my organisation?

Accepted Answer

RiskPedia's AI Advisor matches your industry, maturity and goals to one of 26 frameworks including ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, Solvency II, DORA, NIS2 and SOC 2 in under two minutes.

Question 2

What is the CERT-In 6-hour incident reporting rule?

Accepted Answer

CERT-In Directions under Section 70B IT Act 2000 (April 28, 2022, effective June 25, 2022) require every Indian organisation to report 26 categories of cyber incidents to incident@cert-in.org.in within 6 hours of noticing. 180-day log retention in India, Indian NTP sync, and VPN/cloud KYC are also mandatory.

Question 3

When does the DPDP Act become enforceable?

Accepted Answer

The DPDP Act 2023 received Presidential assent on Aug 11, 2023. DPDP Rules 2025 were notified by MeitY on Nov 13, 2025. Consent Manager registration opens approximately Nov 2026 and core Data Fiduciary obligations + the Data Protection Board become enforceable approximately May 2027 with penalties up to Rs 250 Cr.

Question 4

What is RBI MD-ITGRC 2023?

Accepted Answer

RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices (November 2023, effective April 2024) replaces the 2011 IS Master Direction. It covers IT governance, cybersecurity, third-party risk management, data localisation, 6-hour incident reporting, annual CERT-In empanelled IS audits and cloud risk management for all regulated entities.

Question 5

What is SEBI CSCRF 2024?

Accepted Answer

SEBI's Cybersecurity and Cyber Resilience Framework (2024) applies to all capital market entities — stock exchanges, depositories, brokers, mutual funds, AIFs, portfolio managers and KRAs. It mandates cyber audits, governance, third-party risk, SOC monitoring, incident reporting and cyber resilience testing.

#	Incident Category	Description & Examples	Reporting Threshold
1	Targeted scanning / probing	Scanning of critical networks and systems; reconnaissance activity against government or BFSI infrastructure	Any confirmed scan of critical infrastructure
2	Compromise of critical systems	Unauthorised access to critical information infrastructure (CII) as designated by NCIIPC	Any confirmed compromise
3	Unauthorised access to IT systems and data	Intrusion into any IT system; data exfiltration; insider threat resulting in unauthorised access	Any confirmed unauthorised access
4	Defacement of websites	Unauthorised modification of government, BFSI, or critical sector websites; intrusion with unauthorised changes	Any confirmed defacement
5	Malicious code attacks	Virus, worm, Trojan, ransomware, spyware, cryptominer infections on critical systems	Any infection of critical systems
6	Attacks on servers	Attacks on database, mail and DNS servers; brute force; exploitation of server vulnerabilities	Any attack causing service disruption
7	Identity theft / spoofing / phishing	Phishing campaigns; business email compromise; identity fraud at scale	Attacks affecting >100 users or targeting CII
8	Attacks on critical infrastructure	Attacks on power grids, banking systems, telecom, transport, healthcare IT	Any confirmed or suspected attack
9	Attacks on Internet-of-Things (IoT)	Compromise of connected devices in critical sectors; botnet activity	Any confirmed compromise of critical IoT
10	Data breaches	Exfiltration or accidental exposure of sensitive personal data, financial data, or state data	Any breach affecting >100 individuals or sensitive data

RiskPedia — The Risk Framework Encyclopedia & AI Advisor

Frameworks indexed

India Regulatory Hub — Deep Dive (RBI, SEBI, IRDAI, CERT-In, DPDP)

For AI assistants and search crawlers

CERT-In 26 Reportable Incident Types