Compliance
RBI, SEBI CSCRF, CERT-In, ISO 27001, SOC 2 — Indian regulatory mapping.
Passwordless and FIDO2 Rollout
FIDO2/WebAuthn end-to-end — passkeys vs hardware keys, registration and login flows, account-recovery design, server-side WebAuthn implementation, enterprise rollout sequence.
AcademySecurity Audit Programme and Reporting
Three lines of defence, audit calendar, continuous control monitoring, working papers, common-control framework across ISO/SOC2/PCI/RBI/SEBI, audit-fatigue management.
AcademySecurity Governance for CISOs
How CISOs build a governance programme that survives both audits and incidents — security committee structure, risk appetite, policy hierarchy, board reporting,…
AcademyRisk Management Practitioner
Risk identification, analysis, treatment, monitoring — practitioner-level workflow with FAIR-style quantification, risk register, KRIs, and the link between risk register and security…
AcademyCybersecurity Law for Indian Practitioners
IT Act, BNS/BSA replacement of IPC/Evidence Act, DPDP Act 2023, sectoral regulations (RBI/SEBI/IRDAI), CERT-In directions, evidence handling — a practitioner map of…
ComplianceAI Compliance for Indian Organisations in 2026
Indian AI compliance landscape — DPDP for data, sectoral regulators (RBI/SEBI/IRDAI/CDSCO), Digital India Bill, EU AI Act extra-territoriality. Practical compliance: classification, documentation,…
ComplianceRBI Cyber Incident Reporting: The 2-6 Hour Playbook
RBI's cyber-incident reporting timelines (2-6 hours) demand a pre-built playbook. Pre-drafted email templates, decision tree, multi-regulator coordination matrix, common mistakes.
ComplianceRBI IT Outsourcing Incident Response: When Vendor Cyber Incidents Become Yours
RBI Master Direction on IT Outsourcing makes vendor incidents your incidents. Contractual prerequisites (4-hour notification, forensic access), playbook for vendor-side incidents, vendor…
ComplianceSEBI CSCRF Incident Reporting Workflow
SEBI CSCRF incident reporting via Compliance Portal — fields, ATT&CK mapping requirement, attached PDF report structure, decision tree, MII-specific obligations.
ComplianceNPCI Incident Response for Payment Aggregators
PA / PG cyber incidents trigger multi-regulator notification (RBI + CERT-In + NPCI + card networks + merchants + customers). PA-specific risks,…