With the significant acceleration of digital transformation, the rates of cyberattacks and the risks of data breaches have increased, making the Kingdom keener to provide a secure environment for data and digital operations through a robust security system. Here comes the role of the National Cybersecurity Authority in developing, implementing, and supervising strategies.

Anti-Cyber Crime Law

The Anti-Cyber Crime Law aims at preventing cybercrimes by identifying such crimes and defining their punishments. The objective is to ensure information security, protection of public interest, morals, protection of rights of the legitimate use of computers and information networks, and protection of the national economy.

National Cybersecurity Strategy

The National Cybersecurity Strategy was developed to reflect the strategic ambition of the Kingdom in a manner that is balanced between security, trust, and growth. It is created to achieve the concept of (a safe and reliable Saudi cyberspace that enables growth and prosperity). It also includes six main concepts:

  • Integration
  • Regulation
  • Assurance
  • Defense
  • Cooperation
  • Construction

Controls and policies

Basic Cybersecurity Controls

In order to reduce the cyber risks on the information and technology assets of the entities at the internal or external level, the authority has worked on 114 basic cybersecurity officers divided into five main components:

  • Cyber Security Governance
  • Enhancing Cybersecurity
  • Cybersecurity resilience
  • Third-party Cybersecurity and cloud computing
  • Cybersecurity for industrial control systems

Control details can be found in the Basic Cybersecurity Controls Handbook.

Sensitive systems controls

Sensitive systems controls aim to support basic cybersecurity controls. It provides the minimum cybersecurity requirements for sensitive systems based on best practices and standards to meet current security needs and raise the readiness of entities within the scope of these controls to protect their sensitive systems and prevent unauthorized access to them.

The cybersecurity controls for sensitive systems consist of:

  • 32 main controls.
  • 73 subsidiary controls.

It is divided into four main components:

  • Cyber Security Governance
  • Enhancing Cybersecurity
  • Cybersecurity resilience
  • Cybersecurity related to external parties and cloud computing

Control details can be found in the Sensitive Systems Cybersecurity Controls Handbook.

Cloud computing controls

Cloud computing controls come as an extension and complement to the basic cybersecurity controls and aim to define the cybersecurity requirements for cloud computing from service providers' and subscribers' perspectives to raise security and reduce cyber risks on all services and subscribers.

Cloud computing controls consist of:

  • 37 main controls
  • 96 subsidiary controls for service providers
  • 18 main controls and 26 subsidiary controls for subscribers

It is divided into four main components:

  • Cyber Security Governance
  • Enhancing Cybersecurity
  • Cybersecurity resilience
  • Cybersecurity related to external parties

You can see details of controls in the Cloud Computing Controls Guide.

Cybersecurity controls to work remotely

According to the various preventive precautions taken by the Kingdom's government to confront Coronavirus, national authorities' reliance is increasing regarding means of information and communication technology through cyberspace. This procedure enabled workers and employees to perform their work remotely without the need to come to the workplace, so a list of cybersecurity controls for remote work has been launched:

  • Cybersecurity awareness
  • Managing Entry Identities and Authorities
  • Protection of systems and information processing equipment
  • Network security management
  • Encryption
  • Monitoring Cybersecurity and managing incidents

You can view the details of the controls through the Cybersecurity Controls Handbook for Remote Work.

Average: 4 (1 vote)


No result available!