Cyber Security Framework
Saudi Arabian Monetary Authority (SAMA)
SearchInform solution helps your organization guard confidential information and transactions, identify security threats and build a well-defined framework for safe performance in the financial sector and automated regulatory compliance
Cyber Security Operations & Technology
Infrastructure Security
The law contains a clear reference to the importance of a DLP system. Clause 3.3.8 about the infrastructure security emphasizes the necessity of the solution introduction:
“6. The infrastructure security standard should include:
a. the cyber security controls implemented (e.g., configuration parameters, events to monitor and retain [including system access and data], data-leakage prevention [DLP], identity and access management, remote maintenance);
…
c. the protection of data aligned with the (agreed) classification scheme (including privacy of customer data and, avoiding unauthorized access and (un)intended data leakage);”
Version 1.0 Page 29 of 56
Physical Security
Functions:
- The system allows you to monitor employee activity in the workplace
- Software usage
- Activity on the Internet
- PC microphone audio recording
- Corporate telephony recording
- User activity video recording
- Web camera photos and video of employees (for example, when logging into business systems)
- Audit of operations on a file system and file servers
- Audit of data transferred via communication channels or uploaded to devices
“3. The physical security process should include (but not limited to):
b. monitoring and surveillance (e.g., CCTV, ATMs GPS tracking, sensitivity sensors);
c. protection of data centers and data rooms;
…
e. protection of information assets during lifecycle (including transport and secure disposal, avoiding unauthorized access and (un)intended data leakage.”
Human Resources
Clause 3.3.1 “Human Resources” implies the existence of particular issues which can be solved by our FileAuditor and TimeInformer solutions:
- Employee presence or absence (taking into account employee activities on PCs and PACS data)
- Time spent on websites and work with specific software, including activity categorization (work-related, non-work related, neutral, non-specific)
- Employee performance efficiency
- Access rights audit
- History of using data on PCs and on file servers
- Content scanning, categorization of stored information
“Control considerations
1. The human resources process should define, approve and implement cyber security requirements.
2. The effectiveness of the human resources process should be monitored, measured and periodically evaluated.
3. The human resource process should include:
a. cyber security responsibilities and non-disclosure clauses within staff agreements (during and after the employment);
b. staff should receive cyber security awareness at the start and during their employment;
c. when disciplinary actions will be applicable;
d. screening and background check;
e. post-employment cyber security activities, such as:
1. revoking access rights;
2. returning information assets assigned (e.g., access badge, tokens, mobile devices, all electronic and physical information).”
Organizations subject to SAMA should implement security risk mitigation program and achieve the same level of cyber security controls.
SearchInform solution provides instruments which help to conform to the required approach and facilitate regulatory compliance.
Sign up for a free trial
Identity and Access Management
Clause 3.3.5 alludes to the issues which can be solved by FileAuditor and SIEM:
- Monitoring of access to documents in a file system
- Monitoring of operations on files on file servers and local workstations, in network folders
- Monitoring of file storages regarding content conformity to an access level
- Monitoring of changes made to security settings of IT systems
- Monitoring of critical security events in IT systems
Objective
To ensure that the Member Organization only provides authorized and sufficient access privileges to approved users.
Control considerations
1. The identity and access management policy, including the responsibilities and accountabilities, should be defined, approved and implemented.
2. The compliance with the identity and access policy should be monitored.
3. The effectiveness of the cyber security controls within the identity and access management policy should be measured and periodically evaluated.
4. user access requests are formally approved in accordance with business and compliance requirements (i.e., need-to-have and need-to-know to avoid unauthorized access and (un)intended data leakage));
5. changes in access rights should be processed in a timely manner;
6. periodically user access rights and profiles should be reviewed;
Cryptography
Clause 3.3.9 provides us with cryptography requirements.
Our software facilitates the creation of a crypto perimeter for corporate portable storage devices where data is uploaded to flash drives and transferred freely but can be used only within a corporate network or on corporate PCs. The solution allows you to delimitate access to protected data giving access rights to specified user groups.
Secure Disposal of Information Assets
Clause 3.3.11 “Secure Disposal of Information Assets” highlights tasks which can be managed with the help of DLP, FileAuditor (to identify unregulated transit or storage of data that must be deleted).
Identification of undeleted copies:
- On local PCs (documents folder, desktop, etc. including screen printing)
- In network folders
- On file servers
- In the cloud
- In NAS
- In DBMS
- In business systems (CRM, etc.)
Principle
The information assets of the Member Organization should be securely disposed when the information assets are no longer required.
Objective
To ensure that the Member Organization’s business, customer and other sensitive information are protected from leakage or unauthorized disclosure when disposed.
Control considerations
1. The secure disposal standard and procedure should be defined, approved and implemented.
2. The compliance with the secure disposal standard and procedure should be monitored.
3. The effectiveness of the secure disposal cyber security controls should be measured and periodically evaluated.
4. Information assets should be disposed in accordance with legal and regulatory requirements, when no longer required (i.e. meeting data privacy regulations to avoid unauthorized access and avoid (un)intended data leakage).
Cyber Security Event Management
Clause 3.3.14 “Cyber Security Event Management” describes usage of a SIEM similar to the SearchInform software.
SearchInform SIEM collects events from different sources:
- Event logs of servers and workstations
- Network active equipment
- Access control, authentication
- Antiviruses
- Virtualization environments
SIEM analyzes data, detects incidents and performs real-time incident reporting.
The system identifies:
- Virus epidemics and separate virus infections
- Attempts to get unauthorized access to confidential information
- Errors and failures in information systems operation
- Credentials fraud
- Critical events during the security system operating
Principle
The Member Organization should define, approve and implement a security event management process to analyze operational and security loggings and respond to security events. The effectiveness of this process should be measured and periodically evaluated.