Expert Advice Community

Guest

SAMA and ISO 27K: common control

  Quote
Guest
Guest user Created:   Jun 25, 2020 Last commented:   Jun 25, 2020

SAMA and ISO 27K: common control

can i understand the common control between SAMA and ISO 27K

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 25, 2020

I'm understanding that by SAMA you mean Saudi Arabian Monetary Authority.

Considering that, the 2017 version of SAMA Cyber Security Framework is based on industry cybersecurity standards, such as NIST, ISF, ISO, BASEL, and PCI.

Unfortunately, we do not know SAMA CSF deeply enough to provide you detailed information about common controls. What we can tell broadly is the relation about domains:

  • Cyber Security Leadership and Governance is related to ISO 27001 clauses 4 (Context of Organization), 5 (Leadership), 7.2 (Competence), and 7.3 (Awareness), and controls from Annex A sections A.6.1 (Internal organization) and A.7.2 (During employment)
  • Cyber Security Risk Management and Compliance is related to ISO 27001 clauses 6.1.2 (Information security risk assessment), 6.1.3 (Information security risk treatment), 8.2 (Information security risk assessment), 8.3 (Information security risk treatment), 9.2 (Internal audit), 9.3 (Management review), and controls from Annex A section A.18 (Compliance)
  • Cyber Security Operations and Technology is related to ISO 27001 Annex A sections A.8 (Asset management) to A.16 (Information security incident management)
  • Third Party Cyber Security is related to ISO 27001 Annex A sections A.15 (Supplier relationships) and A.17 (Information security aspects of business continuity management)
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 25, 2020

Jun 25, 2020