Skip to main content

The Three Lines of Defense Model

The Three Lines of Defense Model

Download this whitepaper in pdf form



There are expectations from board members, CEOs and senior management at banks to implement robust cybersecurity practices. Cybersecurity no longer is a security risk limited to IT functions of an organization and there is an increasing recognition that it is now an integral part of operational risk management. This paper describes an optimal organizational structure called the “three-line-of-defense” model to implement a robust governance structure for cyber risk management within an organization. 

This paper can be cited as: Vivek Srivastav: "The Three Lines of Defense Model," Reserve Bank Information Technology Pvt. Ltd. (2018)

Posted by Vivek Srivastav | SrVP Research and Innovation, ReBIT
on 15 February 2019