Guest
SAMA and ISO 27K: common control
can i understand the common control between SAMA and ISO 27K
Assign topic to the user
Expert
Rhand Leal
Jun 25, 2020
I'm understanding that by SAMA you mean Saudi Arabian Monetary Authority.
Considering that, the 2017 version of SAMA Cyber Security Framework is based on industry cybersecurity standards, such as NIST, ISF, ISO, BASEL, and PCI.
Unfortunately, we do not know SAMA CSF deeply enough to provide you detailed information about common controls. What we can tell broadly is the relation about domains:
- Cyber Security Leadership and Governance is related to ISO 27001 clauses 4 (Context of Organization), 5 (Leadership), 7.2 (Competence), and 7.3 (Awareness), and controls from Annex A sections A.6.1 (Internal organization) and A.7.2 (During employment)
- Cyber Security Risk Management and Compliance is related to ISO 27001 clauses 6.1.2 (Information security risk assessment), 6.1.3 (Information security risk treatment), 8.2 (Information security risk assessment), 8.3 (Information security risk treatment), 9.2 (Internal audit), 9.3 (Management review), and controls from Annex A section A.18 (Compliance)
- Cyber Security Operations and Technology is related to ISO 27001 Annex A sections A.8 (Asset management) to A.16 (Information security incident management)
- Third Party Cyber Security is related to ISO 27001 Annex A sections A.15 (Supplier relationships) and A.17 (Information security aspects of business continuity management)
Comment as guest or Sign in
Jun 25, 2020
Jun 25, 2020
Jun 25, 2020