SAMA Cyber Security Framework

ValueMentor helps customers improve their 

Cyber Resilience with SAMA Cyber Security Framework

Let us connect
Home » Saudi Arabia » SAMA CSF in Saudi Arabia

The Saudi Arabian Monetary Authority (SAMA) has undertaken the responsibility to improve Cyber Resilience by adopting the Industry best practices, Standards and other Frameworks and thus formulating the SAMA Cyber Security Framework. SAMA mandated the entities across all sectors to be compliant by the Cyber Security Framework and thus achieve the minimum level of security compliance requirements which will enable it to manage and withstand the cyber security threats

ValueMentor has helped many of its customers to achieve SAMA Cyber Security Framework Compliance requirements.

SAMA Cyber Security Framework (CSF)

SAMA CSF GAP Assessment

Assess the current state of your SAMA CSF Compliance using the SAMA CSF gap assessment methodology.

SAMA CSF Risk Assessment

Perform SAMA CSF risk assessment based on the SAMA Cyber Risk Management Framework

SAMA CSF Risk Treatment Plan

Develop Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels.

SAMA CSF Policies & Procedures

Our security analysts will develop the required Information Security policies and procdures for you.

Security Testing

Perform periodic vulnerability assessments and penetration testing

Security Awareness

All your employees receive security awareness through cloud portal helping you improve human side of security.

Technology Implementations

Advisory on remediation of technology gaps and implementation of technical controls

SAMA CSF Progress Reviews

Perform periodic SAMA CSF Implementation progress reviews to measure the maturity level

SAMA CSF Internal Audits

Internal audits help you identify deviations from the defined SAMA CSF policies and procedures

Start a SAMA CSF Project

Assessment

Phase 1 – Assessment

The first phase of a SAMA CSF Compliance project is to assess the current state of compliance.

Identify Critical Assets

  • Project Initiation
  • Understand the organization
  • Identify critical business services
  • Identify information infrastructurE

Gap & Risk Assessment

  • Assessment of current state and mapping it to SAMA CSF Standard
  • Identification of threats and vulnerabilities exploiting the gaps resulting in risk.

CSF Controls Identification

  • Identify cybersecurity controls that can mitigate the risks and thereby result in SAMA CSF Compliance.
  • Define SAMA CSF Risk treatment plan

SAMA CSF Compliance Reports

  • Develop the SAMA CSF compliance reports

Phase 2 – Control Development

This second phase of the project is to develop the controls to treat the risks identified. SAMA CSF Risk Treatment Plan provides the directions for this phase of the implementation.

Policies & Procedures

Policies and procedures provide the basis for implementing cybersecurity within the organization.

Security Awareness

Humans are often considered as the weakest link in cyber security. Security awareness improves the cyber security posture.

Technology Controls

  • Security Architecture
  • Technology gaps
  • Configuration advisory

Management Controls

  • Operational controls
  • Physical Security
  • Managerial Controls 
Control-Development
Security-Services

Phase 3 – Security Services

This phase of the engagement supplements existing security practices in the organization. Some of the key service performed by ValueMentor team are:

Periodic Security Testing

  • Vulnerability Assessments
  • Penetration Testing
  • Security configuration reviews

SIEM & Incident Response

  • SIEM Solution deployment
  • 24×7 Security Monitoring
  • Security Device Management

Managed Network Security

  • Next Gen Firewalls, UTMs
  • URL Filter, Web Security
  • Wi-Fi Security
  • VPN and remote access security

    Data & Endpoint Security

    • DLP Solutions
    • Patch Management
    • End point security
    • Mobile Device Management

      Phase 4 – Compliance Review

      Periodic review of the SAMA CSF Compliance status is critical for the success of the Information Security Management System. 

      ISMS Performance Review

      Assess the performance of the ISMS against the defined metrics. This is a key measure towards continual improvement of the ISMS

      SAMA CSF Internal Audits

      Perform periodic ISMS audits to assess the compliance to the defined policies and procedures

      Mock Compliance Audit

      Perform mock compliance audits help you identify the weak areas of ISMS implementation.

      External Audit Support

      Assist the customer during the compliance audit to meet the required SAMA CSF requirements.

      Compliance-Review

      Would you like to speak to a SAMA CSF Consultant?

      Contact Us

      Related Insights

      ISO 27001 Consulting

      ISO 27001 Consulting

      ISO 27001 Gap Analysis, ISO 27001 Risk Assessment & ISO 27001 Compliance services ISO 27001 Implementation Services Customers subscribe to our...

      read more