SAMA (Saudi Arabian Monetary Authority) Framework

Secure your customers’ trust with a fully protected digital banking experience with extensive guidance for adhering to the requirements of SAMA cybersecurity framework.

SPEAK WITH AN EXPERT
OVERVIEW

Understanding
SAMA Framework

The Saudi Arabian Monetary Authority (also known as SAMA) introduced a framework in 2017 for the comprehensive security of banking and finance institutions known as SAMA Cybersecurity Framework (CSF). It was an amalgamation of all the best cybersecurity practices across the globe such as OWASP, NIST, PCI DSS, ISO 270001, and GDPR.

Due to the increased cybersecurity readiness among the institutions that complied with its framework, SAMA made it compulsory for all the organizations affiliated to comply with the framework to combat the most immediate and sophisticated vulnerabilities and threats. See how SharkStriker helps organizations adhere to the requirements of the SAMA CSF (Cybersecurity Framework).

SAMA Framework
APPLICABILITY

On whom does SAMA CSF apply?

The SAMA CSF is applicable to all the financial and banking institutions in Saudi Arabia to enable them with the cybersecurity resilience to be prepared and fend off the most sophisticated cyber threats.

On whom does SAMA CSF apply?
BENEFITS

What are the benefits of being compliant to SAMA CSF?

  • Helps enhance the resilience of the overall cybersecurity posture
  • Secures all the sensitive financial and personal data with information security best practices
  • Prepares financial and banking organizations for data breaches and ransomware attacks
  • Saves organizations from the threat of operational disruption due to a cyber attack
  • Assists in improving the efficiency of ISMS performance with best practices
  • Builds a culture around cybersecurity in financial and banking organizations
  •  Helps adhere to global standards like GDPR, PCI DSS, etc.
  • Improves reputation among clients
REQUIREMENTS

SAMA Cybersecurity Framework (CSF)

SAMA Cybersecurity Framework (CSF)
APPROACH

Here is how we help organizations adhere to SAMA Cybersecurity Framework

Our approach starts with assessing the existing business infrastructure to determine how compliant it is with SAMA regulations.

After the assessment, we start implementing the right tools and solutions to roll out the risk treatment plan.

The security services phase focuses on supplementing the existing infrastructure to enhance security strength and resilience. SharkStriker’s comprehensive range of services offers a complete security solution.

In the last phase, we review and audit the implementation of the SAMA compliance framework. We conduct periodic audits and reviews to strengthen the ISMS.

BEST PRACTICES

Some SAMA best practices that we help implement

  • System inventory based on storage of critical information
  • Conducting vulnerability and risk assessments
  • Identifying compliance gaps in the current information systems
  • Auditing the current posture and develop a compliance report
  • Implementing the recommended technology controls
  • Implementing the architecture that aligns with the risk treatment plan
  • Configuring of technology and tools configuration
  • Running training and awareness programs to educate employees
  • Enhancing physical security
  • Using IAMs to assign roles to different users and prevent unauthorized
  • Reviewing security configuration 
  • Conducting vulnerability and risk assessments
  • Reviewing the performance of your ISMS to find and mitigate any deviations
  • Continuously improving ISMS
  • Conduct mock audits to identify weak and exploitable areas of the ISMS
  • Assistance with external audits to ensure that your ISMS meets SAMA compliance standards and gets the certification

 

Get security and compliance experts to meet your SAMA compliance goals

SPEAK WITH OUR TEAM