I want to know what makes ISO 27001 stand out among the KSA cybersecurity regulation, what controls are not included in NCA ECC that makes ISO 27001 stands out
Assign topic to the user
I’m assuming that by KSA you mean the Kingdom of Saudi Arabia and that NCA ECC are the Cyber Security Controls from the National Cyber Security Authority.
Considering that, please note that NAC ECC focuses on cybersecurity domains, while ISO 27001 is more comprehensive (you can use it in non-technological based environments for example).
Additionally, in a closer look, you can identify that all controls from ISO 27001 Annex A are covered by NAC ECC, but applied with a cybersecurity orientation.
So, the main difference between NAC ECC is not related to controls, but to their applicability (ISO 27001 is more comprehensive), and that a company can get ISO 27001 certified, and the ISO 27001 standard is recognized worldwide.
Comment as guest or Sign in
Aug 18, 2022