SAMA Cyber Security Framework in Saudi Arabia

Home » Home-Saudi Arabia » SAMA Cyber Security Framework in Saudi Arabia

What is SAMA CSF

The Saudi Central Bank (SAMA) has undertaken the responsibility to improve Cyber Resilience by adopting the Industry best practices, Standards and other Frameworks and thus formulating the SAMA Cyber Security Framework. SAMA mandated the entities across all sectors to be compliant with the Cyber Security Framework and thus achieve the minimum level of security compliance requirements which will enable it to manage and withstand the cyber security threats.

ValueMentor helps customers improve their Cyber Resilience with SAMA Cyber Security Framework

Would you like to speak to a SAMA CSF Consultant?


Phase 1 – Assessment

The first phase of a SAMA CSF Compliance project is to assess the current state of compliance.

Identify Critical Assets

  • Project Initiation
  • Understand the organization
  • Identify critical business services
  • Identify information infrastructurE

Gap & Risk Assessment

  • Assessment of current state and mapping it to SAMA CSF Standard
  • Identification of threats and vulnerabilities exploiting the gaps resulting in risk.

CSF Controls Identification

  • Identify cybersecurity controls that can mitigate the risks and thereby result in SAMA CSF Compliance.
  • Define SAMA CSF Risk treatment plan

SAMA CSF Compliance Reports

  • Develop the SAMA CSF compliance reports

Phase 2 – Control Development

This second phase of the project is to develop the controls to treat the risks identified. SAMA CSF Risk Treatment Plan provides the directions for this phase of the implementation.

Policies & Procedures

Policies and procedures provide the basis for implementing cybersecurity within the organization.

Security Awareness

Humans are often considered the weakest link in cyber security. Security awareness improves the cyber security posture.

Technology Controls

Management Controls

  • Operational controls
  • Physical Security
  • Managerial Controls

Phase 3 – Security Services

This phase of the engagement supplements existing security practices in the organization. Some of the key service performed by ValueMentor team are:

Periodic Security Testing

SIEM & Incident Response

  • SIEM Solution deployment
  • 24×7 Security Monitoring
  • Security Device Management

Managed Network Security

  • Next-Gen Firewalls, UTMs
  • URL Filter, Web Security
  • Wi-Fi Security
  • VPN and remote access securit

Data & Endpoint Security

  • DLP Solutions
  • Patch Management
  • Endpoint security
  • Mobile Device Management

Phase 4 – Compliance Review

Periodic review of the SAMA CSF Compliance status is critical for the success of the Information Security Management System.

ISMS Performance Review

Assess the performance of the ISMS against the defined metrics. This is a key measure towards continual improvement of the ISMS

SAMA CSF Internal Audits

Perform periodic ISMS audits to assess the compliance to the defined policies and procedures

Mock Compliance Audit

Perform mock compliance audits help you identify the weak areas of ISMS implementation.

External Audit Support

Assist the customer during the compliance audit to meet the required SAMA CSF requirements.

Would you like to speak to a SAMA CSF Consultant?


Related Insights

  • Incident Response
    November 21, 2023
  • Advanced Penetration Testing
    November 21, 2023
  • PCI DSS Compliance — SWIFT CSP Assessment — NESA Compliance — ISO 27001 Consulting — Managed Security
    November 10, 2023
Read all articles