SAMA Cyber Security Resilience Program
Saudi Arabian Monetary Authority established a Cyber security Framework to enable Financial Institutions regulated by SAMA (“the Member Organizations”) to effectively identify and address cybersecurity risks. The framework must be adopted by the Member Organizations in order to maintain the security of information assets and online services. The Framework is based on the SAMA requirements and industry cyber security standards, such as NIST, ISO, and PCI DSS.
These advanced consultancy services have been tailor-made and developed for the banking and corporate sectors based on universal security framework for securing the critical core and payment applications, critical systems infrastructure and security, components that store process, and transmit critical data.
Covering all aspects of critical systems, solutions workflows, and integration process with other critical systems, our consultants concerned with protecting critical and account data of the individual customer and preventing fraudulent and theft activity from occurring.
ScanWave provides managed services in various domains such as Penetration Testing (for both Infrastructure and Applications), Vulnerability Management, SOC and SIEM management that can be leveraged meet the compliance requirements.
SAMA Cyber Security Resilience Objective
The framework, based on industry-leading cyber security standards and practices, has three key objectives:
1To create a common approach for addressing cyber security within the Member Organizations.
2To achieve an appropriate maturity level of cyber security controls within the Member Organizations.
3To ensure cyber security risks are properly managed throughout the Member Organizations.
The general security objectives comprise the following:
1Confidentiality: Information assets are accessible only to those authorized to have access (i.e., protected from unauthorized disclosure or (un)intended leakage of sensitive data).
2Integrity: Information assets are accurate, complete and processed correctly (i.e., protected from unauthorized modification, which may include authenticity and non-repudiation).
3Availability: Information assets are resilient and accessible when required (i.e., protected from unauthorized disruption).
SAMA Cyber Security Resilience Scope and Applicability
SAMA framework defines principles and objectives for initiating, implementing, maintaining, monitoring and improving cyber security controls in Member Organizations.
The Framework provides cyber security controls which are applicable to the information assets of the Member Organization, including:
- Electronic information.
- Physical information (hardcopy).
- Applications, software, electronic services and databases.
- Computers and electronic machines (e.g., ATM).
- Information storage devices (e.g., hard disk, USB stick).
- Premises, equipment and communication networks (technical infrastructure).
The Framework is applicable to all Member Organizations regulated by SAMA, which include the following:
- All Banks operating in Saudi Arabia.
- All Insurance and/or Reinsurance Companies operating in Saudi Arabia.
- All Financing Companies operating in Saudi Arabia.
- All Credit Bureaus operating In Saudi Arabia.
- The Financial Market Infrastructure.