Compliance
RBI, SEBI CSCRF, CERT-In, ISO 27001, SOC 2 — Indian regulatory mapping.
Scenario Brief: Tracking SBOM Readiness Among SEBI-Regulated Intermediaries
Tabletop-ready compliance scenario: where stockbrokers and depository participants stand against the SEBI CSCRF Phase 2 SBOM requirement and the 30-day sprint plan.
ComplianceScenario Brief: What Tighter RBI Cyber Master Direction Controls Would Mean for PSOs
Tabletop-ready regulatory scenario: continuous control monitoring, board-level cyber risk committees, and a 4-hour SLA on critical incident notification for PSOs.
ComplianceScenario Brief: How a DPDP Penalty for S3 Misconfiguration Could Unfold
Tabletop-ready compliance scenario: how a public S3 bucket leaking identity documents could lead to a major DPDP Board penalty, and what Data…
ComplianceDPDP Phase 2 Effective Date Locked: What Indian SaaS Must Ship by August 2026
What just shifted MeitY’s notification of Phase 2 of the DPDP Rules has locked the effective date for several previously-flagged sections. The…
AcademyModule 9 · Zero Standing Privilege and Just-in-Time Access
The principle Traditional model: 100 admins, each with persistent admin rights. Attacker compromise of any admin = persistent privileged access. Insider threat…
AcademyModule 7 · Identity Governance — Lifecycle, Access Reviews, SoD
What IGA covers Lifecycle management: joiner, mover, leaver workflows. Access provisioning: who gets what, on what basis. Access reviews / certification: periodic…
AcademyModule 8 · Customer Identity (CIAM) — Scale, Fraud, KYC
CIAM vs workforce IAM — the differences Dimension Workforce IAM CIAM Scale Thousands Millions to hundreds of millions Onboarding HR-provisioned Self-service registration…
AcademyModule 5 · Federation at Scale — SAML, OIDC, SCIM Patterns
The three protocols Protocol Purpose SAML 2.0 Browser-based SSO; enterprise standard since 2005 OIDC (OpenID Connect) SSO on top of OAuth 2.0;…
AcademyModule 6 · Privileged Access Management — PAM Architecture and Operations
What privileged accounts cover Domain Admin / Enterprise Admin (Windows AD). Root / sudo on Linux servers. Database admin (DBA) for production…
AcademyModule 7 · Vendor Audits — Conducting and Surviving Them
Why this module exists. Enterprise customers increasingly conduct annual security audits of their critical vendors. Done well by both parties, this is…