INDIAN INSTITUTE OF BANKING & FINANCE

(An ISO 21001 - 2018 CERTIFIED ORGANISATION)

Kohinoor City, Commercial-II, Tower-1, 2nd Floor, Kirol Road, Kurla (West), Mumbai - 400 070
Website: www.iibf.org.in

Certificate Examination in IT Security

(in Remote Proctored mode)
Rules & Syllabus 2025
OBJECTIVE
The objective of the course is to make the bank employees aware of the IT security
requirements and proper implementation thereof for protecting organizational interest. This
course has been developed on the basis of discussions that a committee of IBA had on IT
security based on Goplakrishnan Committee Report.
REMOTE PROCTORED MODE
Remote proctoring allows candidates to take an examination at a location of his/her choice
while ensuring the integrity of the examination. These systems require students to confirm their
identity, and, during the examination, the system monitors students through video, mic, etc.
looking for behaviour that could indicate unfair practices (cheating). Examinations are
conducted over internet using a Desktop/Laptop. Taking examination using any other device
is not permitted e.g. mobile, tabs, etc.
DIPLOMA IN INFORMATION SYSTEM AUDIT (DISA)
Candidates who clear all the following three Certificate examinations under the revised
syllabus will be given a "DIPLOMA IN INFORMATION SYSTEM AUDIT (DISA)" from May
2017:
a) Certificate Examination in IT Security (Revised Syllabus)
b) Certificate Examination in Prevention of Cyber Crimes and Fraud Management (Revised
Syllabus)
c) Certificate Examination in Information System Banker (Revised Syllabus)
Candidates who clear all the above three Certificates under revised syllabus will however have
to apply for DISA certificate by paying Rs. 500/- plus taxes as applicable.
For candidates who have already cleared any or all the above three examinations under the
old syllabus, i.e. prior to May 2017 need to apply and clear the examination under revised
syllabus to become eligible for DISA Certificate.
ELIGIBILITY
1. Members and Non-Members of the Institute
2. Candidates must have passed the 12 th standard examination in any discipline or its
equivalent.
SUBJECT OF EXAMINATION
IT Security
PASSING CRITERIA:
Minimum marks for pass in the subject is 50 out of 100.
EXAMINATION FEES*:
Particulars For Members For Non-Members
First attempt Rs.1,100/- * Rs.1,600/- *
Subsequent each attempt Rs.1,100/- * Rs.1,600/- *
* Plus Convenience charges and Taxes as applicable.
Please Note: Candidates are required to Register for every attempt separately.
While registering online for the examination candidates will have to choose examination date /
time slot of his/her choice, the exam date/time will be allotted on first-cum-first-serve basis.
Candidates are required to take utmost care and precaution in selecting Exam Date and
1
 Time slot, as there is no provision to change the Exam date and Time slot in the system.
Hence no request for change of Exam date and time slot will be entertained for any
reason.
The fee once paid will NOT be refunded or adjusted on any account.
MEDIUM OF EXAMINATION:
Examination will be conducted in English only.
PATTERN OF EXAMINATION:
(i) Question Paper will contain 120 objective type multiple choice questions for 100 marks.
(ii) The examination will be held in Online Mode only
(iii) There will NOT be negative marking for wrong answers.
DURATION OF EXAMINATION:
The duration of the examination will be of 2 hours.
PERIODICITY:
Examination will be conducted on pre-announced dates published on IIBF Web Site.
Institute conducts examination on 2nd & 4th Saturday and on all Sunday’s, however
periodicity of the examination may be changed depending upon the requirement of banking
industry.
PROCEDURE FOR APPLYING FOR EXAMINATION
Application for examination should be registered online from the Institute’s website
www.iibf.org.in. The schedule of examination and dates for registration will be published on
IIBF website.
PROCESS
Registration
1) Application for examination should be registered online from the Institute’s website
www.iibf.org.in. The schedule of examination and dates for registration will be
published on IIBF website.
2) At the time of registration, the candidate will select date/time of the examination.
3) At the time of registration, the candidate can register for e-learning/e-book, if
required, by paying the requisite additional fees.
4) The study material can be in the form of e-book and/or e-learning.
5) Based on the option selected (e-book/e-learning) the candidate will be provided
login ID password to access the study material.
6) On successful registration admit letter will be generated. Candidates can download
it.

Examination
1) Candidates will take examination under remote proctored mode on predetermined
date/time from a secured environment. (refer Do’s and Don’ts section for more
information)
2) Candidates should login to the system half an hour before the exam start time.
3) The examination proctor will verify the candidate’s face with the registered photo
image of the candidate.
4) Candidate will also be asked to display any valid original photo id-card (Aadhaar
card/e-Aadhaar/Employer's card/ PAN Card/ Driving License/ Election voter's card/
Passport etc.)
for verification purpose. After successful verification the proctor will allow the
candidate to start the examination.
5) Candidate may be required to show 360° view of the exam area using the webcam.
So that the proctor can identify the object/check the suitability of the exam
area/environment. A clear desk/table has to be ensured for appearing for the
examination. No reference materials, books, notes, periodicals, mathematical
tables, slides rules, stencils, post -its, chits, mobile phones, headsets (wired/
wireless), any other electronic gadgets are allowed to be kept on the table or the
desk.
6) Both sides of the rough sheet (if it is going to be used) should be shown to proctor
before and after the examination.
7) Once the examination begins live remote proctoring of the candidate’s activities will
take place throughout the examination period.
2
 8) Under remote proctoring candidate’s activities will be monitored using webcam, mic
etc. Computer screen, browser, mouse, keyboard etc. will be monitored.
9) Proctor, if required, can convey information/ instructions to the candidate using chat
box.
10) If a candidate indulges in unfair practices/suspicious acts, the proctor will intervene
and warn the candidate through chat box or can cancel/stop the examination
immediately as the case may be.
11) After completion of the examination/submission, provisional scorecard will be
displayed on the screen.
12) RESULT ADVICE/ CONSOLIDATED MARKSHEET/ FINAL CERTIFICATE
a. Result Advice of candidates will be hosted on Institute's website on
declaration of result, which can be downloaded by the candidates.
b. Consolidated mark sheet for candidates completing examination having
more than one subject, will be available on the Institute's website after
the declaration of results. Candidates can download the same after
entering login credentials using their members hip number and edit
profile password.
c. For passed candidates, digitally signed certificate will be sent through
e-mail registered with the Institute within 3 weeks after the declaration
of result. The Paper Certificate issued by the Institute is discontinued.
Minimum System Requirement:

I) Desktop/Laptop:
• Browser: Google Chrome version 75 & above, with cookies & popups enabled
• Video/Audio: Webcam and a good quality Mic is required
• Operating system: Windows 8 or 10
• RAM & Processor: 4 GB+ RAM, i3 5th Generation 2.2 Ghz or
equivalent/higher
• Pop-up blocker: Disabled
II) Internet Connection:
Stable internet connection with at-least 2 mbps+ upload speed

Examination not allowed on mobiles or tablets

Do’s and Don’ts

1. The candidate will take the examination from a secured environment.
i. Place having desk and chair preferably with plain backdrop (area behind the
candidate) with adequate lighting so that the candidate is visible to the proctor. The
place should be noise free with no public movement in the surroundings.
All the items should be removed from the desk except computer/external webcam (if
internal webcam is not available) /keyboard/mouse, other permitted items, if any.
ii. Examination will not be conducted if the examination area is a Public place, a noisy
environment, having inadequate lighting, having public movement in examination
area/around the candidate, having other computer or similar device in the examination
area.
iii. The examination cannot be taken sitting on a couch, bed or on the floor.
2. Candidate’s will take examination on a registered date/time from a secured environment.
Candidate who tries to appear after the scheduled examination date/time will not be
allowed to appear for the examination.
3. Candidate’s should login to the system half an hour before the examination start time.
4. No other persons are allowed in the examination area during the examination.
5. Candidate must keep ready his/her original photo identity card that has name and photo
on the same side, admit letter, rough sheet, pen/pencil and calculator.
6. Candidates must dress decently as though they are in a public place and will be video
recorded
7. Candidates must not talk to anyone during the examination period or talk/read to oneself
loudly.
8. In case of emergency he/she can talk to helpdesk in case of any technical issue with
permission from proctor.
9. Candidates must not use headphones, ear buds, or any other type of listening equipment.
10. Candidates must not communicate with any other person by any means.
3
11. Candidates must not use any phone for any reason.
12. Candidates must not leave the room/examination area during the examination for any
reason without the permission of the proctor. Leaving the room/examination area or
moving to another room/area during the examination for any reason will be treated as a
violation of examination rules.
13. Candidates must not setup the computer at the time of examination. All the settings need
to done much before the examination time and tested properly. For any failure of the
computer system during the examination period, Institute will not be responsible a nd
candidate will lose his/her attempt.
14. Candidates must not switch off the webcam or mic or cover the webcam during the
examination.
15. Candidates must not navigate away from examination window.
16. Candidate’s face must be positioned in the middle of the camera view and candidate’s
face must be visible throughout the Examination.
17. Don't Position camera too low, too high or hooked onto a different monitor. Weird camera
angles can be very distracting -- and unflattering -- during examination. The candidate
should make sure that the camera is at eye level and on the monitor which is used for
the examination.
18. Candidate must not look away from laptop/desktop screen, must face computer screen.
19. Candidate must not seek any assistance or refer study material/mobile/ for answering the
questions.
20. Candidate must ensure that he/she has attempted every question and reviewed the
accuracy of his/her answers before submitting the paper. Once submitted (even by
mistake), re-examination will not be permitted.
21. On the exam day candidate is advised to ensure that the Laptop is fully charged and in
case of Desktop it is connected to an uninterrupted power source for smooth conduct of
examination.
22. Candidates are not permitted to logout/switch-off the computer for the sake of going to
washroom and if they log out/switch-off, re-login will not be permitted.
23. Candidates will be allowed to use battery operated portable calculator during the
examination. The calculator can be of any type up to 8 functions i.e. (Addition,
Subtraction, Multiplication, Division, Percentage, Sq. root, Tax+ and Tax -), having 12
digits. Attempt to use any other type of calculator not complying with the specifications
indicated above or having more features than mentioned above shall tantamount to use
of unfair means. Scientific/Financial calculator is NOT allowed.
Debarment/Cancellation of examination:
1) If a candidate indulges in unfair practices/suspicious acts, the proctor will intervene
and warn or cancel the test.
2) For any case of misconduct, the proctor can warn/cancel the test immediately as
the case may be.
3) For any unfair act (cheating) during the examination, the result of such examination
may be cancelled and he/she will be liable for punishment. Institute will also inform
the employer of the candidate by giving the details of unfair practice and
punishment levied on the candidate.
4) If the unfair act is determined after the examination, the result of such examination
will be cancelled and he/she will be liable for punishment.
5) If any candidate attempts copying Onscreen question, takes photoshots or violates
any of the examination rules, it will be considered to be an act of misconduct and
he/she will be liable for punishment.
6) PLEASE REFER INSTITUTE'S WEBSITE UNDER THE MENU “EXAM RELATED”
FOR DETAILS OF DEBARMENT PERIOD FOR UNFAIR PRACTICES ADOPTED
BY CANDIDATES DURING CONDUCT OF INSTITUTE'S EXAMINATIONS.

Privacy
During the remote proctored examination, Images/Videos/Sounds of the candidates and their
computer systems will be captured and stored for examination proctoring purposes. It is
envisaged that candidates who register for the remote proctored examinations a gree for the
same.
PROOF OF IDENTITY
Non-members applying for Institute’s examinations / courses are required to attach/ submit a
copy of any one of the following documents containing Name, Photo and Signature at the time
of registration of Examination Application. Application without the same shall be liable to be
rejected.
4
1) Photo ID Card issued by Employer or 2) PAN Card or 3) Driving License or 4) Election
Voter’s ID Card or 5) Passport 6) Aadhaar Card
STUDY MATERIAL/ COURSEWARE
The Institute has developed a courseware to cover the syllabus. The courseware (book) for the
subject/s will be available at outlets of publisher/s. Please visit IIBF website www.iibf.org.in
under the menu “Exam Related” for details of book/s and address of publisher/s outlets.
Candidates are advised to make full use of the courseware. However, as banking and finance
fields are dynamic, rules and regulations witness rapid changes. Therefore, the courseware
should not be considered as the only source of information while preparing for the
examinations. Candidates are advised to go through the updates put on the IIBF website from
time to time and go through Master Circulars/ Master Directions issued by RBI and publications
of IIBF like IIBF Vision, Bank Quest, etc. All these sources are important from the examination
point of view. Candidates are also to visit the websites of organizations like RBI, SEBI, BIS,
IRDAI, FEDAI etc. besides going through other books & publications covering the subject/
exam concerned etc. Questions based on current developments relating to the subject / exam
may also be asked.
E-LEARNING:
Institute facilitates e-learning to enhance the understanding of the concepts. Candidates can
access the e-learning (From Desktops and Laptops only) through our website www.iibf.org.in
at their convenience and from their place of choice.
• At the time of registration, the candidate can register for e-learning/e-book, if required, by
paying the requisite additional fees.
• The study material can be in the form of e-book and/or e-learning.
• Based on the option selected (e-book/e-learning) the candidate will be provided login ID
password to access the study material.
DISCLAIMER:
• The above said facility of e-learning offered to the candidates is solely at the discretion
of the Institute and subject to such terms/ conditions as may be deemed fit by the institute
from time to time. Hence no candidate has any right/ claim whatsoever against the
institute by reason of any technical glitc hes or any shortcomings as the case may be and
the decision of the institute in the event of any dispute there-under will be final and
conclusive.
CUT-OFF DATE OF GUIDELINES/ IMPORTANT DEVELOPMENTS FOR
EXAMINATIONS
The Institute has a practice of asking questions in each exam about the recent developments /
guidelines issued by the regulator(s) in order to test if the candidates keep themselves abreast
of the current developments. However, there could be changes in the developments / guidelines
from the date the question papers are prepared and the dates of the actual examinations.
In order to address these issues effectively, it has been decided that:
(i) In respect of the examinations to be conducted by the Institute for the period March to
August of a calendar year, instructions/ guidelines issued by the regulator(s) and important
developments in banking and finance up to 31st December will only be considered for the
purpose of inclusion in the question papers".
(ii) In respect of the examinations to be conducted by the Institute for the period September
to February of a calendar year, instructions / guidelines issued by the regulator(s) and
important developments in banking and finance up to 30th June will only be considered
for the purpose of inclusion in the question papers.

5
The table given below further clarifies the situation.

Particulars Cut-off Date of Guidelines/ Important

Developments for Examination/s Developments for Examination/s
For the examinations to be conducted by 31st December 2023
the Institute for the period March 2024 to
August 2024
For the examinations to be conducted by 30th June 2024
the Institute for the period September 2024 to
February 2025

The details of the prescribed syllabus which is indicative are furnished in the booklet. However,
keeping in view the professional nature of examinations, all matters falling within the realm of the
subject concerned will have to be studied by the candidate as questions can be asked on all
relevant matters under the subject. Candidates appearing for the examination should particularly
prepare themselves for answering questions that may be asked on the latest developments taking
place under the various subject/s of the said examination although those topics may not have been
specifically included in the syllabus. The Institute also reserves to itself the right to vary the
syllabus/ rules/ fee structure from time to time. Any alterations made will be notified from time to
time. Further, questions based on current developments in banking and finance may be asked.
Candidates are advised to refer to financial newspapers/ periodicals more particularly “IIBF
VISION” and “BANK QUEST” published by the Institute.
SYLLABUS
MODULE A: IT SECURITY OVERVIEW
Unit 1: Introduction to Information Security - Data and Information, Information Classification,
Need to Know, Information Security, Other Applicable Attributes of Information Security, Physical
Security, Logical Security, Advantages of organization’s information security programme,
Disadvantages of organization’s information security programme, Goals of Information security,
Types of information security, The services of information security.
Unit 2: Corporate IT Security Policies - Meaning of Corporate IT Security, Need for a Corporate
IT Security Policy, Legal Requirements, Essential Features of Corporate IT Security Policy,
Physical Security Policy, Methodology of Framing an IT Security Policy, Awareness Initiatives,
Aspects of security measurement.
Unit 3: Organisational Security and Risk Management - Organisational Security, Public Sector
Organisation, Right to Information Act, 2005, Risk Metrics, Downstream Liability, Risk
Management in Banking, Classifications of security attacks in IT security, The information security
attacks.
Unit 4: Security Governance - Concepts, Policies, Framework, Key Responsibility Areas,
Security Governance in Public Sector Undertakings, Security Governance in Banks, Compliance
to Policies is a Must in Any Organization, Monitoring.
Unit 5: Physical and Environmental Security - Concepts, Physical Security Equipment,
Intrusion Prevention Systems (IPSs), Environmental Security.
Unit 6: Hardware Security - Hardware, Network Related Devices Like Routers, Switches, Hubs.
Unit 7: Software and Operational Security - Concepts, Cloud Computing, Operational Security,
Banking, Telecom Industry, IT Industry, BPO and KPO Industries, User Level Controls, Software
Security Techniques.
Unit 8: Security Standards and Best Practices - ISO 27000 Standards, ISO – ISMS, Benefits
of ISO 27001, Cobit-Control Objectives in IT, CIA triad - Confidentiality, Integrity, Availability,
Importance of Confidentiality, Components of Confidentiality, Different types of Confidentialities.

MODULE B- IT SECURITY CONTROLS

Unit 9: Asset Classification and Controls - Asset Classification and Control, Protection of
Information Assets, Control of Hardware Equipment, Traditional Methods to Control Hardware
Assets, Control of Software Assets, OSI Model.
Unit 10: Physical and Environmental Security Controls - Physical Security Layer-Concepts,
Environment Controls, Lighting, e-Waste.
Unit 11: Software Security Controls - Operating Systems (OS), Windows Security, Databases,
Application Level Security, Mobile Banking, Internet Banking, Credit Cards.
6
Unit 12: Network Controls - Concepts, Controls in a Layered Network, VLANs, Protocols used
in Network, Intrusion Detection System (IDS), Firewalls, Unified Threat Management, The
Information Management Security, Advantages of information management security.
Unit 13: Controls in Software Development and Maintenance - Software Security-Concepts,
Software Development, Cloud Computing, Big Data.

MODULE C- IT SECURITY THREATS

Unit 14: Security Threats Overview - Threats, Cyber Espionage, Cyber Terrorism.
Unit 15: Prevention and Detection of Software Attacks - Viruses and Malwares- Malware,
Controls.
Unit 16: Incident Management - Objectives of Incident Response, Action Methodology,
Processes Running, Awareness.
Unit 17: Fault Tolerant Systems - High Availability (HA), Services Oriented Architecture (SOA),
The primary aspects of Service-Oriented Architecture.
Unit 18: Business Continuity and Disaster Recovery Management - Downtime, Phase I,
Backups, Who Should Call ‘Disaster’? Phase II, Phase III.
MODULE D- IS AUDIT AND REGULATORY COMPLIANCE
Unit 19: Information Systems Audit - History of EDP Audit in Banks, IS Auditor, External v.
Internal IS Auditor, Audit Methodologies, Types of Audits, Planning Phase, Report Presentation,
Audit Policy, Cobit and Framework, Audit Reports.
Unit 20: Regulatory mechanism in Indian Banks - RBI as the Regulator, RBI’S Regulatory
Initiatives Taken so far, Gopalakrishna Working Group, Compliance in Banks, Penal Powers of
RBI, RBI’s Regulatory Mechanism Already in Place, RBI, SEBI, TRAI, IRDAI, Legal Enactments.

MULTIPLE CHOICE QUESTIONS (MCQS) AND ANSWERS

“The Institute conducts its examinations through Multiple Choice Questions (MCQs). These
MCQs are part of the Question Bank of the Institute and its Intellectual Property. As a matter of
policy, these MCQs and their answers will not be shared by the Institute with the candidates or
others and no correspondence in this regard will be entertained."
CONTACT DETAILS:
Register your queries through website www.iibf.org.in > Members / Candidates Support Services
(Help) or email all your queries to care@iibf.org.in
MEMBER SUPPORT SERVICE OFFICE:
Indian Institute of Banking & Finance
193-F, Maker Towers, 19th Floor,
Cuffe Parade,
Mumbai - 400 005,
Tel.: 08069260700
FOR TRAINING/ CONTACT CLASSES RELATED QUERIES CONTACT:
Leadership Centre
Indian Institute of Banking & Finance
Kohinoor City, Commercial-II, Tower-I, 3rd Floor,
Kirol Road, Off L. B. S. Marg, Kurla West, Mumbai 400 070.
Tel.: 022-68507000 / 080692 60710
E-mail: training@iibf.org.in
PROFESSIONAL DEVELOPMENT CENTRES:
South Zone North Zone East Zone West Zone
Indian Institute of Indian Institute of Indian Institute of Indian Institute of
Banking & Finance Banking & Finance, Banking & Finance Banking & Finance
No.94, Jawaharlal C-5/30, Safdarjung Avani Heights, 192-F,
Nehru Road, Development Area 2nd Floor, Maker Towers,
(100 Feet Road), (SDA), 59A, Jawaharlal 19th Floor,
Opp.Hotel Ambica Near SDA Local Nehru Road, Cuffe Parade
Empire, Vadapalani, Shopping complex Kolkata - 700020 MUMBAI - 400 005
Chennai - 600 026. Outer Ring Road, Opp
Tel:044 IIT Delhi, Tel: 033-46032850 Tel : 022-
24722990/24727961 NEW DELHI-110 016 Email:iibfez@iibf.org 69437301/02
Email:iibfsz@iibf.org Tel:011-2653 2194 / .in Email:iibfwz@iibf.org.in
.in 2191 (office)
Email:iibfnz@iibf.org.i
n
7
CORPORATE OFFICE: Indian Institute of Banking & Finance, Kohinoor City,
Commercial-II, Tower-1, 2nd Floor, Kirol Road, Kurla (West), Mumbai - 400 070
Tel.: 022-68507000 / 080692 60710