Cyber security framework

Saudi Arabian Monetary Authority (SAMA)

To minimize negative impact, you should be informed about abnormal behavioral events within a corporate network. Risk assessment should be balanced and the management program implemented in your system needs to monitor valuable assets.

Intelligent risks evaluation pertains to not only the most protected zones of your corporate structure, but also the least expected areas. Any employee might gain access to sensitive data that could endanger the company's environment.

Сyber security
operations & technology

Get the answers on key questions about the regulatory requirements and how SearchInform helps organizations to meet them on real clients’ cases.

Learn more

Infrastructure security

The law contains a clear reference to the importance of a DLP system. Clause 3.3.8 about the infrastructure
security emphasizes the necessity of the solution introduction:

The infrastructure security standard should include:

A. The cyber security controls implemented (e.g., configuration parameters, events to monitor and retain [including system access and data], data-leakage prevention [DLP], identity and access management, remote maintenance).

B. The protection of data aligned with the (agreed) classification scheme (including privacy of customer data and, avoiding unauthorized access and (un)intended data leakage).

Learn more

Version 1.0 Page 29 of 56

Cybersecurity architecture

Clause 3.3.4 describes a system similar to our
Risk Monitor.

IT infrastructure and data inventory

Security system’s status monitoring

Security events audit

Data flows visualization

Learn more

Physical security

The physical security process should include (but
not limited to):

A. Monitoring and surveillance (e.g., CCTV, ATMs GPS tracking, sensitivity sensors).

B. Protection of data centers and data rooms.

С. Protection of information assets during lifecycle (including transport and secure disposal, avoiding unauthorized access and (un)intended data leakage.

Functions:

Web camera photos and video of employees (for example, when logging into business systems)

Audit of data transferred via communication channels or uploaded to devices

The system allows you to monitor employee activity in the workplace

Audit of operations on a file system and file servers

Activity on the Internet

User activity video recording

Corporate telephony recording

PC microphone audio recording

Software usage

Human resources

Clause 3.3.1 “Human Resources” implies the existence of particular issues which can be solved by our FileAuditor and TimeInformer solutions:

Employee presence or absence (taking into account employee activities on PCs and PACS data)

Web camera photos and video of employees (for example, when logging into business systems)

Employee performance efficiency

History of using data on PCs and on file servers

Access rights audit

Employee performance efficiency

The human resources process should define, approve and implement cyber security requirements.

The effectiveness of the human resources process should be monitored, measured and periodically evaluated.

The human resource process should include:

A. cyber security responsibilities and non-disclosure clauses within staff agreements (during and after the employment);

B. staff should receive cyber security awareness at the start and during their employment;

C. when disciplinary actions will be applicable;

D. screening and background check;

E. post-employment cyber security activities, such as:

— revoking access rights;

— returning information assets assigned (e.g., access badge, tokens, mobile devices, all electronic and physical information).”

Organizations subject to SAMA should implement security risk mitigation program and achieve the same level of cyber security controls.

SearchInform solution provides instruments which help to conform to the required approach and facilitate regulatory compliance.

Full Name

E-mail

Company

Country

Australia

Albania

Algeria

American Samoa

Andorra

Angola

Anguilla

Antarctica

Antigua and Barbuda

Argentina

Armenia

Aruba

Afghanistan

Austria

Azerbaijan

Bahamas

Bahrain

Bangladesh

Barbados

Belgium

Belize

Benin

Bermuda

Bhutan

Bolivia

Bosnia and Herzegovina

Botswana

Bouvet Island

Brazil

British Indian Ocean Territory

Brunei Darussalam

Bulgaria

Burkina Faso

Burundi

Cambodia

Cameroon

Canada

Cape Verde

Cayman Islands

Central African Republic

Chad

Chile

China

Christmas Island

Cocos (Keeling) Islands

Colombia

Comoros

Congo

Cook Islands

Costa Rica

Croatia (Hrvatska)

Cuba

Cyprus

Czech Republic

Denmark

Djibouti

Dominica

Dominican Republic

East Timor

Ecuador

Egypt

El Salvador

Equatorial Guinea

Eritrea

Estonia

Ethiopia

Falkland Islands (Malvinas)

Faroe Islands

Fiji

Finland

France

France, Metropolitan

French Guiana

French Polynesia

French Southern Territories

Gabon

Gambia

Georgia

Germany

Ghana

Gibraltar

Guernsey

Greece

Greenland

Grenada

Guadeloupe

Guam

Guatemala

Guinea

Guinea-Bissau

Guyana

Haiti

Heard and Mc Donald Islands

Honduras

Hong Kong

Hungary

Iceland

India

Isle of Man

Indonesia

Iran (Islamic Republic of)

Iraq

Ireland

Israel

Italy

Ivory Coast

Jersey

Jamaica

Japan

Jordan

Kazakhstan

Kenya

Kiribati

Korea, Democratic People's Republic of

Korea, Republic of

Kosovo

Kuwait

Kyrgyzstan

Lao People's Democratic Republic

Latvia

Lebanon

Lesotho

Liberia

Libyan Arab Jamahiriya

Liechtenstein

Lithuania

Luxembourg

Macau

Macedonia

Madagascar

Malawi

Malaysia

Maldives

Mali

Malta

Marshall Islands

Martinique

Mauritania

Mauritius

Mayotte

Mexico

Micronesia, Federated States of

Moldova, Republic of

Monaco

Mongolia

Montenegro

Montserrat

Morocco

Mozambique

Myanmar

Namibia

Nauru

Nepal

Netherlands

Netherlands Antilles

New Caledonia

New Zealand

Nicaragua

Niger

Nigeria

Niue

Norfolk Island

Northern Mariana Islands

Norway

Oman

Pakistan

Palau

Palestine

Panama

Papua New Guinea

Paraguay

Peru

Philippines

Pitcairn

Poland

Portugal

Puerto Rico

Qatar

Reunion

Romania

Rwanda

Saint Kitts and Nevis

Saint Lucia

Saint Vincent and the Grenadines

Samoa

San Marino

Sao Tome and Principe

Saudi Arabia

Senegal

Serbia

Seychelles

Sierra Leone

Singapore

Slovakia

Slovenia

Solomon Islands

Somalia

South Africa

South Georgia South Sandwich Islands

Spain

Sri Lanka

St. Helena

St. Pierre and Miquelon

Sudan

Suriname

Svalbard and Jan Mayen Islands

Swaziland

Sweden

Switzerland

Syrian Arab Republic

Taiwan

Tajikistan

Tanzania, United Republic of

Thailand

Togo

Tokelau

Tonga

Trinidad and Tobago

Tunisia

Turkey

Turkmenistan

Turks and Caicos Islands

Tuvalu

Uganda

Ukraine

United Arab Emirates

United Kingdom

United States

United States minor outlying islands

Uruguay

Uzbekistan

Vanuatu

Vatican City State

Venezuela

Vietnam

Virgin Islands (British)

Virgin Islands (U.S.)

Wallis and Futuna Islands

Western Sahara

Yemen

Zaire

Zambia

Zimbabwe

Phone

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

Identity and access management

Clause 3.3.5 alludes to the issues which can be solved by FileAuditor and SIEM:

Monitoring of file storages regarding content conformity to an access level

Monitoring of operations on files on file servers and local workstations, in network folders

Monitoring of access to documents in a file system

Monitoring of changes made to security settings of IT systems

Monitoring of critical security events in IT systems

To ensure that the Member Organization only provides authorized and sufficient access privileges to approved users.

Control considerations:

The identity and access management policy, including the responsibilities and accountabilities, should be defined, approved and implemented.

The compliance with the identity and access policy should be monitored.

The effectiveness of the cyber security controls within the identity and access management policy should be measured and periodically evaluated.

User access requests are formally approved in accordance with business and compliance requirements (i.e., need-to-have and need-to-know to avoid unauthorized access and (un)intended data leakage)).

Changes in access rights should be processed in a timely manner.

Periodically user access rights and profiles should be reviewed.

Cryptography

Clause 3.3.9 provides us with cryptography requirements.

Our software facilitates the creation of a crypto perimeter for corporate portable storage devices where data is uploaded to flash drives and transferred freely but can be used only within a corporate network or on corporate PCs. The solution allows you to delimitate access to protected data giving access rights to specified user groups.

Secure disposal
of information assets

Clause 3.3.11 “Secure Disposal of Information Assets” highlights tasks which can be managed with the help of DLP, FileAuditor (to identify unregulated transit or storage of data that must be deleted).

Web camera photos and video of employees (for example, when logging into business systems)

Audit of data transferred via communication channels or uploaded to devices

Audit of operations on a file system and file servers

Activity on the Internet

Corporate telephony recording

PC microphone audio recording

The information assets of the Member Organization should be securely disposed when the information assets are no longer required.

To ensure that the Member Organization’s business, customer and other sensitive information are protected from leakage or unauthorized disclosure when disposed.

Control considerations:

The secure disposal standard and procedure should be defined, approved and implemented.

The compliance with the secure disposal standard and procedure should be monitored.

The effectiveness of the secure disposal cyber security controls should be measured and periodically evaluated.

Information assets should be disposed in accordance with legal and regulatory requirements, when no longer required (i.e. meeting data privacy regulations to avoid unauthorized access and avoid (un)intended data leakage).

Cyber security event management

Clause 3.3.14 “Cyber Security Event Management” describes usage of a SIEM similar to
the SearchInform software.

SearchInform SIEM collects events from different sources:

Network active equipment

Access control, authentication

Virtualization environments

Antiviruses

Event logs of servers and workstations

SIEM analyzes data, detects incidents and performs real-time incident reporting The system identifies:

Virus epidemics and separate virus infections

Critical events during the security system operating

Attempts to get unauthorized access to confidential information

Errors and failures in information systems operation

Credentials fraud

The Member Organization should define, approve and implement a security event management process to analyze operational and security loggings and respond to security events. The effectiveness of this process should be measured and periodically evaluated.

Learn more

Full-featured software with no restrictions on users or functionality

Order free trial

Cyber security framework

Necessary Cookies

Functional Cookies

Performance Cookies

Third-party Cookies