} l 4 | 9 d n h Ü J u D 8 9 ) d i M l Ý d · 2019-03-25 · ë ' ¸ ¸ ¸ ¸ h ] | u d Z | m A F...
Transcript of } l 4 | 9 d n h Ü J u D 8 9 ) d i M l Ý d · 2019-03-25 · ë ' ¸ ¸ ¸ ¸ h ] | u d Z | m A F...
(Statement of Applicability
(Cybersecurity Governance (Cybersecurity Defense
(Cybersecurity Resilience
(Third-Party and Cloud Computing Cybersecurity)
التأثير على السمعة الوطنية.
االفشاء غير المصرح به لبيانات تصنيفها سري او سري جدا.
أضرار أو خسائر في األرواح .
-
connecting devices
(Router
(Switches
(Gateways
(Firewall
(Middleware
(“Critical National Infrastructures “CNIs
CybersecurityGovernance
-Cybersecurity StrategyCybersecurity Management
Cybersecurity Policies and ProceduresCybersecurity Roles and Responsibilities
-Cybersecurity Risk Management
-
Cybersecurity in Information Technology Projects
Cybersecurity Regulatory Compliance-Cybersecurity Periodical Assessment
and Audit
- Cybersecurity in Human ResourcesCybersecurity Awareness and Training Program
2
Cybersecurity Defense
- Asset Management
- Identity and Access Management
- Information System and Processing Facilities Protection
Email Protection
- Networks Security Management
- Mobile Devices Security
- Data and Information Protection
- Cryptography
- Backup and Recovery Management
- Vulnerabilities Management
- Penetration Testing
- Cybersecurity Event Logs and Monitoring Management
Cybersecurity Incident and Threat ManagementPhysical Security
- Web Application Security
-
Application Security
CybersecurityResilience
- Cybersecurity Resilience aspects of Business Continuity Management (BCM)
ComputingCybersecurity
- Third-Party Cybersecurity
-
Cloud Computing and Hosting Cybersecurity
ICSCybersecurity
Industrial Control Systems (ICS) Protection
CybersecurityGovernance
- Cybersecurity Strategy
- Cybersecurity Risk Management
-
Cybersecurity in Information Technology Projects
- Cybersecurity Periodical Assessment and Audit
– Cybersecurity in Human Resources
- Asset Management
- Identity and Access Management
- Information System and Processing Facilities Protection
– Networks Security Management
- Mobile Devices Security
- Mobile Devices Security
- Cryptography
- Backup and Recovery Management
- Vulnerabilities Management
- Penetration Testing
- Cybersecurity Event Logs and Monitoring Management
- Web Application Security
-
Application Security
CybersecurityResilience
- Cybersecurity Resilience aspects of Business Continuity Management (BCM)
ComputingCybersecurity
- Third-Party Cybersecurity
-
Cloud Computing and Hosting Cybersecurity
(Cybersecurity Governance
(Cybersecurity Strategy -
ECC-1-1 - -
(Cybersecurity Risk Management -
ECC-1-5 - -
(Cybersecurity in Information Technology Projects)-
ECC-2-6-1
- - -
- -
ECC-3-6-1
.(Security Source Code Review - - -Source Code - - -
.(Authenticated API - - -- - -
Production Environment)
- -
(Cybersecurity Periodical Assessment and Audit)-
ECC-1-8-1 - -
(Cybersecurity in Human Resources)-
ECC-3-9-1
- - -- - -
- -
(Cybersecurity Defense
(Asset Management -
ECC-1-2 - -
(Identity and Access Management -Logical Access
ECC-3-2-2
- - -
Multi-Factor Authentication - - -
Multi-Factor Authentication - - -
. - - -- - -- - -
Service Account - - -.(Interactive login
- - -
- -
ECC-2-2-3-5 - -
(Information System and Processing Facilities Protection)-
ECC-3-3-2
Whitelisting - - -
- - -.(End-point Protection)
- - -
Workstations - - -Management Network
Non-console Administartive Access - - -
( - - -
- -
(Networks Security Management -
ECC-3-5-2
- - -Firewall rules - - -
- - -
- - -.(Network APT - - -
- - -
.(Distrbuted Denial of Service Attack “DDoS - - -
- -
(Mobile Devices Security -
BYOD
Ecc-3-6-2BYOD
- - -.(Full Disk Encryption - - -
- -
(Data and Information Protection -
ECC-3-7-2
- - -- - -
.(Data Leakage Prevention - - -Retention Period - - -
- - -
- -
(Cryptography -
ECC-3-8-2
.(Data-In-Transit - - -.(Data-At-Rest - - -
- - -.(Symmetric - - -
.(Asymmetric - - -
- -
(Backup and Recovery Management -
ECC-3-9-2
- - -
- - -
- -
ECC-3-3-9-2 - -
(Vulnerabilities Management -
ECC-3-10-2
- - -
- -
ECC-1-3-10-2 - -
(Penetration Testing -
ECC-3-11-2
- - -
- -
ECC-2-3-11-2 - -
(Cybersecurity Event Logs and Monitoring Management)-
ECC-2-12-3
Event logs - - -
- - -.(File Integrity Management
.(User Behavior Analytics ”UBA - - -
- -
ECC-5-3-11-2 - -
(Web Application Security -
ECC-3-15-2
Secure Session Management - - -.(Timeout Lockout Authenticity)
- -
(Multi-tier Architecture ECC-2-3-15-2.(3-Tier Architecture)
- -
(Application Security -
Multi-tier Architecture - - - .(3-Tier Architecture)
.(HTTPS - - -- - -
Multi-Factor Authentication - - -
Secure Session Management - - -.(Timeout Lockout Authenticity)
- -
(Cybersecurity Resilience
(Cybersecurity Resilience aspects of Business Continuity Management “BCM”) -
ECC-3-1-3
- - -- - -- - -
- -
(Third-Party and Cloud Computing Cybersecurity)
(Third-Party Cybersecurity -
Managed Services Outsourcing
ECC-1-4- - -- - -
- -
(Cloud Computing and Hosting Cybersecurity) -
ECC-3-2-4
- - -- -
(Zero-Day Malware Advanced Persistent
Threat (APT) Protection
Asset
Attack
Audit
Authentication
Availability
Backup
Bring Your Own Device (BYOD)
Change Management
Software-as-Service“SaasPlatform-as-Service “PaaS
.Infrastructure-as-Service “IaaS
Cloud Computing
Compromise
Information
Critical National Infrastructure
Cryptography
Cyber-Attack
Cyber Risks
Cybersecurity Resilience
//
Cybersecurity
Cyberspace
Data and Information
Disaster Recovery
Key Performance Indicators “KPIs“Effectiveness
Event
.(HTTP
Hyper Text Transfer Protocol Secure (HTTPS)
Incident
Non-Repudiation Integrity
One-Time-.("Password
Multi-Factor Authentication (MFA)
Multi-tier Architecture
Organization Staff
Outsourcing
Patch
Penetration Testing
Phishing Emails
CCTV.
Physical Security
Policy
Privacy
Privileged Access Management
Procedure
Process
Recovery
Retention
and Hardening
Third-Party
Threat
Vulnerability
Web Application Firewall
Malware
.(Signature-based Protection Zero-Day Malware
Objects FunctionsProtocols
Application Program
Interface (API)
Hardware Software Stress Testing
Data-In-Transit
Tapes(Disk) Data-At-Rest
Symmetric Encryption
Algorithms
Asymmetric Encryption Algorithms
User Behavior Analytics (UBA)
In- At-Rest(In-Transit Use
Data Leakage Prevention
Distributed Denial of Service Attack
Source Code
Service Accounts
End-point Protection
APTAdvanced Persistent Threat
APIApplication Program Interface
BCMBusiness Continuity Management
BYODBring Your Own Device
CNICritical National Infrastructure
DDoSDistributed Denial of Service Attack
ECCEssential Cybersecurity Controls
HTTPSHyper Text Transfer Protocol Secure
ICSIndustrial Control System
MFAMulti-Factor Authentication
UBAUser Behavior Analytics