The Indian Institute of Banking and Finance (IIBF) has released the updated IT Security Certification Exam Syllabus. This comprehensive syllabus is structured to help banking professionals strengthen their understanding of cybersecurity principles, regulatory frameworks, and IT risk management practices essential in today's digital banking environment. The syllabus covers critical areas such as information security, IT governance, cyber threats, secure infrastructure, business continuity, and regulatory compliance. In this blog, we have provided the module-wise syllabus topics in detail and provided a direct link to download the syllabus PDF.
What are the modules covered under the IIBF IT Security syllabus?
The IIBF IT Security syllabus is divided into four main modules. Module A covers IT Security Overview, including basic concepts, policies, governance, and security standards. Module B focuses on IT Security Controls such as asset classification, physical, software, network, and development controls. Module C deals with IT Security Threats, including cyber attacks, incident management, business continuity, and disaster recovery. Module D covers Information Systems Audit and Regulatory Compliance, with emphasis on audits, RBI guidelines, and key regulatory frameworks.
| Module | Unit Titles & Key Focus Areas |
|---|
| Module A: IT Security Overview | Unit 1: Introduction to Information Security (Concepts, Goals, Types) Unit 2: Corporate IT Security Policies (Policy Features, Legal Needs) Unit 3: Organisational Security & Risk Management (Risk Metrics, Attack Types) Unit 4: Security Governance (Frameworks, Compliance, Monitoring) Unit 5: Physical & Environmental Security (Security Equipment, IPS) Unit 6: Hardware Security (Routers, Switches, Hubs) Unit 7: Software & Operational Security (Cloud, Banking, User Controls) Unit 8: Security Standards & Best Practices (ISO 27001, COBIT, CIA Triad) |
| Module B: IT Security Controls | Unit 9: Asset Classification & Controls (Hardware/Software Protection, OSI Model) Unit 10: Physical & Environmental Controls (Lighting, e-Waste) Unit 11: Software Security Controls (OS, Databases, Mobile/Internet Banking) Unit 12: Network Controls (VLANs, IDS, Firewalls, Protocols) Unit 13: Software Development Controls (Secure Coding, Cloud, Big Data) |
| Module C: IT Security Threats | Unit 14: Security Threats Overview (Cyber Espionage, Terrorism) Unit 15: Software Attack Prevention & Detection (Malware, Virus Controls) Unit 16: Incident Management (Response Plans, Awareness) Unit 17: Fault Tolerant Systems (HA, SOA Principles) Unit 18: Business Continuity & Disaster Recovery (Downtime Phases, Backups) |
| Module D: IS Audit & Regulatory Compliance | Unit 19: Information Systems Audit (Audit Types, Planning, COBIT, Reports) Unit 20: Regulatory Mechanism in Banks (RBI Guidelines, Gopalakrishna Committee, SEBI, IRDAI) |
What is the IIBF IT security exam pattern 2026?
The exam assesses candidates on critical IT security topics, including cybersecurity threats, risk mitigation, IT governance, regulatory frameworks, and secure banking operations.
| Component | Details |
|---|
| Subject of Examination | IT Security |
| Medium of Examination | English Only |
| Total Questions | 120 Objective (MCQs) |
| Total Marks | 100 Marks |
| Exam Mode | Online Mode |
| Negative Marking | No |
| Passing Criteria | Minimum 50 out of 100 Marks |
| Exam Duration | 2 Hours (120 Minutes) |
What are the topics covered under Module A of the IIBF IT Security syllabus?
This module introduces candidates to the fundamental concepts of information security, organizational risk management, IT governance, and security policy frameworks. It sets the foundation for understanding how information is protected and managed in an organizational environment.
| Unit | Topics Covered |
|---|
| Unit 1 | Introduction to Information Security – Data vs Information, Information Classification, Physical & Logical Security, Goals, Types, and Services of Information Security. |
| Unit 2 | Corporate IT Security Policies – Importance, Legal Needs, Policy Features, Awareness Initiatives, and Framing Methodologies. |
| Unit 3 | Organisational Security & Risk Management – Public Sector Frameworks, Risk Metrics, RTI Act 2005, Downstream Liability, and Types of Security Attacks. |
| Unit 4 | Security Governance – Governance Concepts, Frameworks, Public Sector and Banking Applications, Compliance and Monitoring. |
| Unit 5 | Physical & Environmental Security – Physical Security Equipment, Intrusion Prevention Systems (IPSs), and Environmental Threat Controls. |
| Unit 6 | Hardware Security – Protection of Network Devices such as Routers, Switches, and Hubs. |
| Unit 7 | Software & Operational Security – Software Controls in Cloud, Banking, IT, Telecom, BPO/KPO sectors; User-Level Controls. |
| Unit 8 | Security Standards & Best Practices – ISO 27001, COBIT, CIA Triad (Confidentiality, Integrity, Availability), and Types of Confidentialities. |
What are the topics covered under Module B of the IIBF IT Security syllabus?
This module emphasizes security controls and preventive measures for hardware, software, networks, and physical environments. It also addresses how to build secure software systems and maintain them effectively.
| Unit | Topics Covered |
|---|
| Unit 9 | Asset Classification & Controls – Control of Information, Hardware & Software Assets, OSI Model, Traditional Protection Techniques. |
| Unit 10 | Physical & Environmental Security Controls – Concepts, Environmental Management, Lighting, and e-Waste Management. |
| Unit 11 | Software Security Controls – Operating System (OS) Security, Windows, Databases, and Application-Level Security for Mobile/Internet Banking. |
| Unit 12 | Network Controls – VLANs, IDS, Firewalls, Unified Threat Management, Protocols, and Information Management Security. |
| Unit 13 | Software Development & Maintenance Controls – Security Concepts in Software Engineering, Cloud Computing, and Big Data Security. |
Join the IIBF IT Security Online Course Today
What are the topics covered under Module C of the IIBF IT Security syllabus?
Module C focuses on understanding various IT security threats and the strategies to prevent and manage them. It also includes business continuity planning and the ability to maintain IT systems under fault conditions.
| Unit | Topics Covered |
|---|
| Unit 14 | Security Threats Overview – Cyber Espionage, Terrorism, and the nature of cyber threats. |
| Unit 15 | Prevention & Detection of Software Attacks – Types of Malware, Virus Control Mechanisms, and Detection Tools. |
| Unit 16 | Incident Management – Response Strategies, Action Plans, Running Processes, and Staff Awareness. |
| Unit 17 | Fault Tolerant Systems – High Availability (HA), Concepts of Service-Oriented Architecture (SOA). |
| Unit 18 | Business Continuity & Disaster Recovery – Disaster Phases (I, II, III), Backup Strategies, and Downtime Planning. |
What are the topics covered under Module D of the IIBF IT Security syllabus?
This final module explores the auditing of information systems, regulatory guidelines by Indian financial authorities, and governance standards. It is crucial for understanding the legal and compliance frameworks governing IT systems in banks.
| Unit | Topics Covered |
|---|
| Unit 19 | Information Systems Audit – History, Roles of Internal/External Auditors, Audit Methodologies, COBIT Framework, and Reporting. |
| Unit 20 | Regulatory Mechanism in Indian Banks – RBI Guidelines, Gopalakrishna Committee, SEBI, TRAI, IRDAI, and Related Legal Enactments. |
Download IIBF IT Security Syllabus PDF
The syllabus is divided into four main modules that cover the key areas of IT security basic concepts, control measures, common threats, and regulatory requirements. Each module includes several topics that explain how information security is applied in real-life banking and financial operations. The direct link to download the IIBF IT Security Syllabus is provided below.
Download IIBF IT Security 2026 PDF
