Central Bank of Jordan - Cyber Security Framework
Enterprise customers in the phase of identifying all security threat and fix all identified security gaps based on cyber security resilience framework for the corporate and banking Industry covering security controls for ISO 27001, ISO 27002, ISO 27005, ISO 22301, NIST CSF, NIST SP 800, CIS, PCI DSS, SANS, COBIT 2019, etc.… toward certification purpose and meeting international and local standards and frameworks requirements.
These advanced consultancy services have been tailor-made and developed for the banking and corporate sectors based on universal security framework for securing the critical core & payment applications, critical systems infrastructure and security, components that store process, and transmit critical data.
Covering all aspects of critical systems, solutions workflows, and integration process with other critical systems, our consultants concerned with protecting critical and account data of the individual customer and preventing fraudulent and theft activity from occurring.
In addition to the requirement for rigorous security management and policy procedures, ScanWave very much concerned with network architecture and the integrity of the security systems.
CBJ Cyber Security Framework Scope and Structure
The scope of the framework covers cybersecurity controls and practices that are applicable to banking industry, and include – but not limited to:
- Cyber risk management.
- Cybersecurity strategies, policies, procedures and standards.
- People qualification.
- IT systems, infrastructures, networks and processes.
- Electronic service delivery channels.
- External dependencies on third-parties.
The Framework is structured into five main parts:
1Part 1: Cybersecurity Management Controls.
2Part 2: Cybersecurity Technical and Operational Controls.
3Part 3: Crisis Management and Contingency Planning.
4Part 4: Collaboration.
5Part 5: Assessment.
CBJ Cyber Security Framework Program Phases
- Prioritize and Scope: Business/mission objectives and high-level organizational priorities. This information allows organizations to make strategic decisions regarding the scope of systems and assets that support the selected business lines or processes within the organization.
- Create a Current Profile: Identifies the requirement to define the current state of the organization's cyber security program by establishing a current state profile.
- Create a Target Profile: Allows organizations to develop a risk-informed target state profile. The target state profile focuses on the assessment of the Framework categories and subcategories describing the organization’s desired cyber security outcomes.
- Conduct a Risk Assessment:
1Allow organizations to conduct a risk assessment using their currently accepted methodology. Determine, Analyze, and Prioritize Gaps: Organizations conduct a gap analysis to determine opportunities for improving the current state. The gaps are identified by overlaying the current state profile with the target state profile.
2Implement Action Plan: After the gaps are identified and prioritized, the required actions are taken to close the gaps and work toward obtaining the target state.
3Orient: Provides organizations an opportunity to identify threats and vulnerabilities of systems identified in the prioritize and scope steps.