SAMA Cyber Security Framework - Principle based.
As per SAMA Cyberecurity framework, the objective of the Framework is as follows:
1. To create a common approach for addressing cyber security within the Member Organizations.
2. To achieve an appropriate maturity level of cyber security controls within the Member Organizations.
3. To ensure cyber security risks are properly managed throughout the Member Organizations.
The frameworks borrows key controls from various industry level cybersecurity standards such as NIST, ISF, ISO, Basel and PCI DSS. The purpose of the CSF is to ) to enable Financial Institutions regulated by
SAMA (“the Member Organizations”) to effectively identify and address risks related to cyber security.
All Banks operating in Saudi Arabia;
All Insurance and/or Reinsurance Companies operating in Saudi Arabia;
All Financing Companies operating in Saudi Arabia;
All Credit Bureaus operating In Saudi Arabia;
The Financial Market Infrastructure
The four domains are
1. Cyber Security Leadership and Governance.
2. Cyber Security Risk Management and Compliance.
3. Cyber Security Operations and Technology.
4. Third Party Cyber Security.