On November 29, 2020, the UAE announced the new-generation smart designs of passports and Emirates IDs for additional security features. The UAE Cybersecurity Council was also formed to create a stronger cyber infrastructure and contribute to the regulatory framework covering all kinds of cybercrimes.
Saudi Arabia, on the other hand, continued its rollout of the 5G network, but is also steadily focusing on its new vulnerabilities — being a highly-targeted country of cyberattacks based on geopolitical stands. Such actions illustrate the fast pace digitisation efforts by the countries of the Gulf Cooperation Council (GCC).
But as GCC states seek to be digitalisation front-runners, they also become more vulnerable to cyber threats — a cynical effect of increasing digital dependency. To secure their digital economies and societies, many invested extensively in building cybersecurity strategies and legislation.
The SAMA Cyber Security Framework
Saudi Arabian oversight agencies and government entities developed mandatory guidelines to provide prescriptive measures and strengthen security postures in response to cyber threats. One of these is the implementation of the Cyber Security Framework (CSF), created by the Saudi Arabian Monetary Agency (SAMA).
The Framework controls the cybersecurity activities of all SAMA-regulated Member Organisations, including banks, insurance institutions, credit bureaus, and financing companies. Its objectives are as follows:
- To create a common approach for addressing cyber security within the Member Organisations.
- To achieve an appropriate maturity level of cyber security controls within the Member Organisations.
- To ensure cyber security risks are properly managed throughout the Member Organisations.
The CSF also provides cybersecurity controls for information assets of the SAMA’s financial institutions, including:
- Electronic information
- Physical information (hard copy)
- Applications, software, electronic services, and databases
- Computers and electronic machines (e.g., ATM)
- Information storage devices (e.g., hard disk, USB stick)
- Premises, equipment, and communication networks (technical infrastructure)
In March 2022, SAMA released the Cyber Threat Intelligence (CTI) Principles, which became a vital part of the CSF and a requirement for achieving SAMA CSF compliance. Financial institutions can utilise CTI to boost oversight in the threat landscape and create actionable threat intelligence.
CTI Principles illustrate the best practices in producing, processing, and distributing threat intelligence for the financial institutions in KSA. These include Core, Strategic, Operation, and Technical and Tactical CTI Principles — which are all relevant in complying with the Framework.
Enhancing Your Company’s Cyber Resilience
With cyber risks climbing atop the CEO’s priority issues, regulators have introduced best practices and aim to encourage companies to adopt them. However, SAMA established the CSF to mandate its member organisations to follow the principles and security controls set in the framework.
Find out more in the next article about how Convene, a board management solution, can help comply with the SAMA Cyber Security Framework.
Jielynne is a Content Marketing Writer at Convene. With over six years of professional writing experience, she has worked with several SEO and digital marketing agencies, both local and international. She strives in crafting clear marketing copies and creative content for various platforms of Convene, such as the website and social media. Jielynne displays a decided lack of knowledge about calculus, but proudly aces in literary arts and content marketing.
- Connect:
-
-
