Cyber Security Framework: Saudi Arabian Monetary Authority
SAMA established a Cyber Security Framework (“the Framework”) to enable Financial Institutions regulated by SAMA (“the Member Organizations”) to effectively identify and address risks related to cyber security. To maintain the protection of information assets and online services, the Member Organizations must adopt the Framework.
Within the SAMA Framework, Cyber security is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the member organization's information assets against internal and external threats.
The Framework provides cyber security controls which are applicable to the information assets of the Member Organization, including:
- Electronic information.
- Physical information (hardcopy).
- Applications, software, electronic services and databases.
- Computers and electronic machines (e.g., ATM).
- Information storage devices (e.g., hard disk, USB stick).
- Premises, equipment and communication networks (technical infrastructure).
NNT’s Vulnerability Tracker™ identifies known vulnerabilities within software and configuration settings before they can be exploited by a cyber-attack.
- Directly addresses SAMA 3.3.3 (Asset Management), 3.3.6 (Application Security) and 3.3.17 Vulnerability Management.
- Continuously tests and assesses your IT network and any device connected to it against thousands of Network Vulnerability Tests (NVTs).
- Unique, fully meshed, distributed scanning solution providing UNLIMITED scanning, not restricted by device counts. This makes Vulnerability Tracker the most scalable, flexible and cost-effective enterprise-class scanner.
NNT Change Tracker Gen 7 R2 provides fundamental cyber security prevention and detection. It does this by leveraging the required security best practice disciplines of system configuration and integrity assurance combined with the most comprehensive and intelligent change control solution available. Change Tracker from NNT will ensure that your IT systems remain in a known, secure and compliant state at all times.
- Directly addresses 3.3.6 (Application Security), 3.3.7 (Change Management) and 3.3.8 (Infrastructure Security)
- Provides context-based File Integrity Monitoring and File Whitelisting to assure all change activity is automatically analyzed and validated.
- Certified CIS configuration hardening ensures all systems remain securely configured at all times
- Intelligent change control technology, provides unparalleled change noise reduction along with the ultimate reassurance that the changes occurring within your production environment are consistent, safe and as required.
NNT Log Tracker records full audit trails of all user and system activity then correlates events to provide early-warning of hacker behavior.
- Directly addresses 3.3.14 (Cyber Security Event Management)
- Securely protects all logs and audit trails
- Correlates logs from all devices including network devices, Unix and Windows servers, applications and databases, and analyzing them for unusual or suspicious activity
- Pre-built compliance reports and scorecards
- Accomplish More with Less with the Basic CIS Controls
- Why Isn’t There A Remediation Button within Change Tracker Gen7 R2?
- Change and Configuration Management Best Practices Guide
- What is Configuration Drift and How Can You Prevent it?
- Oracle and KPMG Urge the Adoption of DevSecOps in 2020 Cloud Threat Report
- October is National Cyber Security Awareness Month- So Just How Secure is Your Organization?
- Department of Homeland Security’s Cyber Security Still Vulnerable
- File Integrity Monitoring – 3 Reasons Why Your Security is Compromised Without it Part 3
- File Integrity Monitoring - Is FIM Better Than AV? Is a Gun Better Than a Knife?
- All Configuration Management Articles