SlideShare a Scribd company logo

What is expected from an organization under NCA ECC Compliance?

VISTA InfoSec
VISTA InfoSec

Cybersecurity initiatives are today essential in a digitally-driven business world. This is to ensure the safety of the organization’s systems and sensitive data from accidental or deliberate incidents of breach. The growing number of cyber crimes and their operational and financial impact on business in terms of legal liability, reputational damage, and financial loss has pushed regulators to establish strong security measures and frameworks in place. The urgent need to address cybersecurity threats has resulted in the adoption of industry best practices by regulators around the world. In 2018, Saudi Arabia’s National Cybersecurity Authority (NCA) issued Essential Cybersecurity Controls (ECC) which is a minimum cybersecurity requirement for Saudi government organizations. The NCA encourages organizations in Saudi Arabia to adopt the ECC framework to improve their cybersecurity resilience. for more visit: https://www.vistainfosec.com/service/nca-ecc-compliancce/

Business
1 of 10
Download to read offline
What is expected from organizations under NCA ECC Compliance? What is expected from organizations under NCA ECC Compliance? W: www.vistainfosec.com | E: info@vistainfosec.com US Tel: +1-415-513-5261 | UK Tel: +442081333131 | SG Tel: +65-3129-0397 | IN Tel: +91 73045 57744 An ISO27001 Certified Company, CERT-IN Empanelled, PCI QSA, PCI QPA and PCI SSFA USA. SINGAPORE. INDIA. UK. MIDDLE EAST. CANADA.
Introduction NCA’S Essential Cybersecurity Controls 1. Cybersecurity Governance Cybersecurity initiatives are today essential in a digitally-driv- en business world. This is to ensure the safety of the organi- zation’s systems and sensitive data from accidental or delib- erate incidents of breach. The growing number of cyber- crimes and their operational and financial impact on busi- ness in terms of legal liability, reputational damage, and financial loss has pushed regulators to establish strong secu- rity measures and frameworks in place. The urgent need to address cybersecurity threats has result- ed in the adoption of industry best practices by regulators around the world. In 2018, Saudi Arabia’s National Cybersecu- rity Authority (NCA) issued Essential Cybersecurity Controls (ECC) which is a minimum cybersecurity requirement for Saudi government organizations. The NCA encourages orga- nizations in Saudi Arabia to adopt the ECC framework to im- prove their cybersecurity resilience. Elaborating the framework and providing details on what is expected from organizations, we have in the article explained NCA’s Essential Cybersecurity Controls. NCA ECC is a cybersecurity framework set for Saudi government organizations including ministries, authorities, establishments, and private sector organizations owning, operating, or hosting crit- ical national infrastructure. The framework was established to im- prove cybersecurity efforts within the country. The ECC frame- work consists of 114 cybersecurity controls, linked to national and international regulatory requirements and defined into five main domains including cybersecurity governance, cybersecurity defense, cybersecurity resilience, third party, and cloud comput- ing cybersecurity, and industrial control systems cybersecurity. Explaining each of the 5 domains and what is expected from the organization under these domains are all briefly described below Cybersecurity Strategy- The ECC’s Cybersecurity Governance requires organizations to develop and implement cybersecurity strategies in line with relevant laws and regulations. The cyberse- curity plans, goals, initiatives, and projects must facilitate compli- ance with related laws and regulations.
Cybersecurity Management- An independent Cybersecurity department must be established within the organization to ensure the implementation of the cybersecurity programs and initiatives within the organization. Along with the appointment of the cybersecurity function head who should be directly reporting to the head of the organization, roles and responsibilities and gov- ernance framework must be defined, documented, and approved within the organization. Cybersecurity Policies & Procedures- The orga- nization must have documented policies and procedures in place that ensures the enforce- ment of laws and regulation within the organiza- tion. The policies and procedures established must be supported by technical security stan- dards and must be reviewed periodically accord- ing to the planned intervals or upon changes to related laws and regulations. Cybersecurity Policies & Procedures- The organization must have documented policies and procedures in place that ensures the enforcement of laws and regulation within the organization. Cybersecurity Roles & Responsibilities -The roles and responsibili- ties related to cyberse- curity must be defined, documented, approved, supported, and assigned by the Authorizing Official while ensuring no con- flict of interest. The roles and responsibilities must be also periodi- cally reviewed based on the planned intervals or upon changes to related laws and regulations. Cybersecurity Roles & Responsibilities - The roles and responsibilities related to cybersecuri- ty must be defined, documented, approved, supported,andassignedbytheAuthorizingOffi- cial while ensuring no conflict of interest. The roles and responsibilities must be also periodi- cally reviewed based on the planned intervals or upon changes to related laws and regulations. Cybersecurity Risk Management- The organization is expected to adopt a methodological approach to protect the organization’s information and technology assets as per organizational policies and procedures and which should be in line with the regulations. The Risk Management approach must be defined, documented, and approved as per confidentiality, integrity, and availability con- siderations of information and technology assets and must be im- plemented by cybersecurity functions. The policies and proce- dures established must be supported by technicalsecuritystan- dards and must be reviewed periodically according to the planned intervals or upon changes to relat- ed laws and regula- tions.
Cybersecurity Risk Management- The organization is expected to adopt a methodological approach to protect the organization’s information and technology assets as per organizational policies and procedures and which should be in line with the regulations. The Risk Management approach must be defined, documented, and approved as per confidentiality, integrity, and availability con- siderations of information and technology assets and must be im- plemented by cybersecurity functions. Cybersecurity in Information and Technology Project Manage- ment- Organizations must consider cybersecurity requirements in their Project Management Methodology and procedures to pro- tect the confidentiality, integrity, and availability of Information and Technology Assets. The requirements must essentially be a part of the overall requirements of Information and Technology projects. Cybersecurity in Human Resources- Organizations must consid- er cybersecurity in their human resource management initiatives especially before employment, during employment, and after ter- mination/separation as per organizational policies and proce- dures. This should include communicating cybersecurity responsi- bilities, non-disclosure clauses, organizational policies and proce- dures pertinent to cybersecurity, and conducting Cybersecurity awareness programs. Cybersecurity Awareness and Training Program- Organizations are expected to conduct regular Cybersecurity Awareness and Training programs for their employees. This is to ensure that the employees are aware of their responsibilities and have the essen- tial knowledge and awareness of cybersecurity measures. Compliance with Cybersecurity Standards, Laws, and Regula- tions- The organization's cybersecurity program must be aligned with the cybersecurity standards, laws, and regulations. Periodical Cybersecurity Review and Audit- The organization's cybersecurity program must be aligned with the cybersecurity standards, laws, and regulations. Further, Cybersecurity audits and reviews must be conducted by independent parties outside the cybersecurity function to ensure no conflict of interest, as per the Generally Accepted Auditing Stan- dards (GAAS), and related laws and regulations.
2. Cybersecurity Defence Asset Management - Organizations are expected to maintain an accurate and detailed inventory of information and technology assets to support the organization’scybersecurityandopera- tional requirements and maintain the confidentiality, integrity, and availabili- ty of information and technology assets. Email Protection - Organizations must define document and approve the Cybersecurity requirements to be implemented for protecting email services. This should include Analysing and filter- ing of email, Multi-factor authentication for remote and webmail access, email archives and backups, etc. Networks Security Management - Organizations should imple- ment network segmentation/segregation to secure the organiza- tion's network against cyber threats. They are required to imple- ment various cybersecurity requirements including Logical or physical segregation and segmentation of network segments, Secure browsing and Internet connectivity, strong authentication of wireless networks, Intrusion Prevention Systems (IPS), Security of Domain Name Service (DNS), security measures against Ad- vanced Persistent Threats (APT) to name a few. The implemented security measures must be reviewed periodically necessary mea- sures are in place and in alignment with the evolving threats. Identity and Access Management - Organizations are expected to main- tain secure and restricted logical access to information and technology assets to prevent unauthorized access and allow only authorized access for users which are necessary to accom- plish assigned tasks. Necessary cyber- security requirements should be imple- mented for identity and access man- agement and the same should be reviewed periodically. Information System and Information Processing Facilities Protection - Organizations must implement rele- vant and necessary security measures to protect information systems and information processing facilities against cyber risks. The implemented measures must be defined, documented, approved, and even reviewed periodically.
Mobile Device Security - Organizations are required to protect all mobile devices against cyber threats and ensure the secure handling of all sensitive information under their Bring Your Own Device policy (BYOD). The cybersecurity requirements for mobile devices must include Separation and encryption of the organization’s data, Controlled and restricted use of mobile devices, and Secure wiping of data in cases of device loss, theft, or after termination/separa- tion. Data and Information Protection - Organizations must imple- ment security measures and ensure the confidentiality, integrity, and availability of the organization’s data and information as per organizational policies and procedures, and related laws and regu- lations. The implemented measures must be reviewed periodical- ly. Cryptography - Organizations must define, document, and approve measures to implement cryptography. This is to ensure the proper and efficient use of cryptography to protect informa- tion assets as per organizational policies and procedures, and relat- ed laws and regulations. Backups and Recovery Management - Organizations must ensure the protection of the organization’s data and information including information systems and software configurations from cyber risks. The organization must accordingly define, document, approve and implement backup and recovery management and test the same for its effectiveness. Penetration Testing - Organizations must simulate cyber-at- tacks to discover unknown weaknesses within the technical infra- structure that may result in cyber-breach. This is to assess and eval- uate the efficiency of the organization’s cybersecurity defense capabilities. The penetration testing exercises must be defined, documented, approved, and periodically performed. Cybersecurity Event Logs and Monitoring Management - Orga- nizations must have in place Cybersecurity event logs and moni- toring management systems for early detection of anomalies. This is to prevent or minimize the impact of the incident on the organi- zation. Organizations are expected to activate cybersecurity event logs on critical information assets and remote access, and privi- leged user accounts, while also constantly monitor event logs and retain the records for 12 months. Vulnerability Management - Organizations must conduct a peri- odic vulnerability assessment to ensure timely detection and remediation of vulnerabilities. This is to prevent and minimize the risk of cyber-attacks due to the exploitation of unidentified vul- nerabilities.
Cybersecurity Incident and Threat Management - Organiza- tions are expected to have in place an Incident Response and Man- agement system to quickly take necessary measures in case of an incident. This is to minimize the damage caused due to the inci- dent that occurred and its impact on the organization's opera- tions. Physical Security - Organizations must implement physical secu- rity measures to protect the information and technology assets of the organization. The measures implemented must be defined, documented, and approved. The physical protection implement- ed must include restricting access to sensitive facilities, CCTV mon- itoring at entry and exits, secure destruction and re-use of physical assets holding classified information, Security of devices and equipment comprising sensitive data. Web Application Security - Organizations are expected to imple- ment security measures for web applications to ensure protection against various cyber risks. The cybersecurity requirements for external web applications must include the use of a web applica- tion firewall, use of secure protocols, multi-factor authentication for users’ access, adoption of the multi-tier architecture principle, and establishing a secure usage policy for users. Organizations must also periodically review the cybersecurity requirements for external web applications. Organizations must ensure the inclusion of the cybersecurity resil- iency requirements within the organization’s Business Continuity Management to remediate and minimize the impacts on systems, information processing facilities, and critical e-services from disas- ters caused by cybersecurity incidents. This would include having in place Incident Response Plans and Disaster Recovery Plans which must also be reviewed periodically. Third-Party Cybersecurity - In terms of third-party risks, organiza- tions are expected to have in place policies, procedures ensuring the security of outsourced services. This should include having in place contracts and agreements with the third party that must be documented and approved. The contract or agreement docu- ments must communicate disclosure policy, procedures in case of cybersecurity incidents, and requirements to comply with related organizational policies and procedures, laws, and regulations. Cloud Computing and Hosting Cybersecurity - The organiza- tions must implement cybersecurity measures for hosting and cloud computing which should be aligned with the organizational policies and procedures, and related laws and regulations. The im- plemented measures must be defined, documented, and approved. The cybersecurity requirements related to hosting and cloud computing services must be reviewed periodically. 3. Cybersecurity Resilience 4. Third-Party and Cloud Computing Cybersecurity
Industrial Control Systems (ICS) Protection - Cybersecu- rity requirements related to Industrial Controls Systems and Operational Technology (ICS/OT) must be defined, documented approved, and implemented. The imple- mentation of measures must include physical and virtual segmentation when connecting industrial production networks to other networks within the organization and networks to other networks within the organization and external networks. Other measures required to be implemented should include Continuous monitoring and activation of event logs, Isola- tion of Safety Instrumental Systems, limitation on connecting mobile devices to industrial production networks, limitation on the use of external storage media, patch management, vulnerabil- ity management, cybersecurity application management and periodic review of all measures implemented. 5. Industrial Control System Cybersecurity
VISTA InfoSec is a global cybersecurity consulting firm having nearly two decades of presence in the industry. With combined expertise, knowledge, and experience in the industry, our team of in-house experts can assist you in your journey of compliance and help you imple- ment the required security measures and controls for achieving compliance. Our solutions and advisory services are particularly effective with regards to implementing some of the identified controls outlined by the NCA. We help you translate these requirements into a systematic implementation process and ensure security and Compliance to NCA’s ECC. How can VISTA InfoSec help with NCA ECC Compliance?
www.vistainfosec.com Contact Us info@vistainfosec.com US Tel: +1-415-513-5261 | UK Tel: +442081333131 SG Tel: +65-3129-0397 | IN Tel: +91 73045 57744

Recommended

Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014Aladdin Dandis
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 

Recommended

Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014Aladdin Dandis
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSecurestorm
 
Agiliance Wp Hipaa
Agiliance Wp HipaaAgiliance Wp Hipaa
Agiliance Wp Hipaaagiliancecommunity
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guideNA Putra
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5Aladdin Dandis
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 

More Related Content

What's hot

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSecurestorm
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guideNA Putra
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 

What's hot (19)

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
 
Agiliance Wp Hipaa
Agiliance Wp HipaaAgiliance Wp Hipaa
Agiliance Wp Hipaa
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guide
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
develop security policy
develop security policydevelop security policy
develop security policy
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 

Similar to What is expected from an organization under NCA ECC Compliance?

Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxsoulscout02
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...cyberprosocial
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceLumension
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
 

Similar to What is expected from an organization under NCA ECC Compliance? (20)

ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
 

More from VISTA InfoSec

Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...VISTA InfoSec
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfVISTA InfoSec
 
HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022VISTA InfoSec
 
SOC2 Advisory and Attestation
SOC2 Advisory and AttestationSOC2 Advisory and Attestation
SOC2 Advisory and AttestationVISTA InfoSec
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableVISTA InfoSec
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates VISTA InfoSec
 
Webinar - PCI PIN, PCI cryptography & key management
Webinar - PCI PIN, PCI cryptography & key managementWebinar - PCI PIN, PCI cryptography & key management
Webinar - PCI PIN, PCI cryptography & key managementVISTA InfoSec
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy ActVISTA InfoSec
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?VISTA InfoSec
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow MappingVISTA InfoSec
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Which SOC Report Do I need?
Which SOC Report Do I need?Which SOC Report Do I need?
Which SOC Report Do I need?VISTA InfoSec
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAVISTA InfoSec
 
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery ProcessVISTA InfoSec
 
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide! SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide! VISTA InfoSec
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksVISTA InfoSec
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 

More from VISTA InfoSec (20)

Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
Future of Data Privacy Examining the Impact of GDPR and CPRA on Business Prac...
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
 
HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022HIPAA Compliance Checklist 2022
HIPAA Compliance Checklist 2022
 
SOC2 Advisory and Attestation
SOC2 Advisory and AttestationSOC2 Advisory and Attestation
SOC2 Advisory and Attestation
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Webinar - PCI PIN, PCI cryptography & key management
Webinar - PCI PIN, PCI cryptography & key managementWebinar - PCI PIN, PCI cryptography & key management
Webinar - PCI PIN, PCI cryptography & key management
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy Act
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Which SOC Report Do I need?
Which SOC Report Do I need?Which SOC Report Do I need?
Which SOC Report Do I need?
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRA
 
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
6 Amazing Key Elements To Consider The PCI DSS Card Data Discovery Process
 
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide! SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
SOC 2 Type 1 Vs. Type 2: Do You Really Need It? This Will Help You Decide!
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-converted
 

Recently uploaded

Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 

Recently uploaded (20)

Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 

What is expected from an organization under NCA ECC Compliance?

  • 1. What is expected from organizations under NCA ECC Compliance? What is expected from organizations under NCA ECC Compliance? W: www.vistainfosec.com | E: info@vistainfosec.com US Tel: +1-415-513-5261 | UK Tel: +442081333131 | SG Tel: +65-3129-0397 | IN Tel: +91 73045 57744 An ISO27001 Certified Company, CERT-IN Empanelled, PCI QSA, PCI QPA and PCI SSFA USA. SINGAPORE. INDIA. UK. MIDDLE EAST. CANADA.
  • 2. Introduction NCA’S Essential Cybersecurity Controls 1. Cybersecurity Governance Cybersecurity initiatives are today essential in a digitally-driv- en business world. This is to ensure the safety of the organi- zation’s systems and sensitive data from accidental or delib- erate incidents of breach. The growing number of cyber- crimes and their operational and financial impact on busi- ness in terms of legal liability, reputational damage, and financial loss has pushed regulators to establish strong secu- rity measures and frameworks in place. The urgent need to address cybersecurity threats has result- ed in the adoption of industry best practices by regulators around the world. In 2018, Saudi Arabia’s National Cybersecu- rity Authority (NCA) issued Essential Cybersecurity Controls (ECC) which is a minimum cybersecurity requirement for Saudi government organizations. The NCA encourages orga- nizations in Saudi Arabia to adopt the ECC framework to im- prove their cybersecurity resilience. Elaborating the framework and providing details on what is expected from organizations, we have in the article explained NCA’s Essential Cybersecurity Controls. NCA ECC is a cybersecurity framework set for Saudi government organizations including ministries, authorities, establishments, and private sector organizations owning, operating, or hosting crit- ical national infrastructure. The framework was established to im- prove cybersecurity efforts within the country. The ECC frame- work consists of 114 cybersecurity controls, linked to national and international regulatory requirements and defined into five main domains including cybersecurity governance, cybersecurity defense, cybersecurity resilience, third party, and cloud comput- ing cybersecurity, and industrial control systems cybersecurity. Explaining each of the 5 domains and what is expected from the organization under these domains are all briefly described below Cybersecurity Strategy- The ECC’s Cybersecurity Governance requires organizations to develop and implement cybersecurity strategies in line with relevant laws and regulations. The cyberse- curity plans, goals, initiatives, and projects must facilitate compli- ance with related laws and regulations.
  • 3. Cybersecurity Management- An independent Cybersecurity department must be established within the organization to ensure the implementation of the cybersecurity programs and initiatives within the organization. Along with the appointment of the cybersecurity function head who should be directly reporting to the head of the organization, roles and responsibilities and gov- ernance framework must be defined, documented, and approved within the organization. Cybersecurity Policies & Procedures- The orga- nization must have documented policies and procedures in place that ensures the enforce- ment of laws and regulation within the organiza- tion. The policies and procedures established must be supported by technical security stan- dards and must be reviewed periodically accord- ing to the planned intervals or upon changes to related laws and regulations. Cybersecurity Policies & Procedures- The organization must have documented policies and procedures in place that ensures the enforcement of laws and regulation within the organization. Cybersecurity Roles & Responsibilities -The roles and responsibili- ties related to cyberse- curity must be defined, documented, approved, supported, and assigned by the Authorizing Official while ensuring no con- flict of interest. The roles and responsibilities must be also periodi- cally reviewed based on the planned intervals or upon changes to related laws and regulations. Cybersecurity Roles & Responsibilities - The roles and responsibilities related to cybersecuri- ty must be defined, documented, approved, supported,andassignedbytheAuthorizingOffi- cial while ensuring no conflict of interest. The roles and responsibilities must be also periodi- cally reviewed based on the planned intervals or upon changes to related laws and regulations. Cybersecurity Risk Management- The organization is expected to adopt a methodological approach to protect the organization’s information and technology assets as per organizational policies and procedures and which should be in line with the regulations. The Risk Management approach must be defined, documented, and approved as per confidentiality, integrity, and availability con- siderations of information and technology assets and must be im- plemented by cybersecurity functions. The policies and proce- dures established must be supported by technicalsecuritystan- dards and must be reviewed periodically according to the planned intervals or upon changes to relat- ed laws and regula- tions.
  • 4. Cybersecurity Risk Management- The organization is expected to adopt a methodological approach to protect the organization’s information and technology assets as per organizational policies and procedures and which should be in line with the regulations. The Risk Management approach must be defined, documented, and approved as per confidentiality, integrity, and availability con- siderations of information and technology assets and must be im- plemented by cybersecurity functions. Cybersecurity in Information and Technology Project Manage- ment- Organizations must consider cybersecurity requirements in their Project Management Methodology and procedures to pro- tect the confidentiality, integrity, and availability of Information and Technology Assets. The requirements must essentially be a part of the overall requirements of Information and Technology projects. Cybersecurity in Human Resources- Organizations must consid- er cybersecurity in their human resource management initiatives especially before employment, during employment, and after ter- mination/separation as per organizational policies and proce- dures. This should include communicating cybersecurity responsi- bilities, non-disclosure clauses, organizational policies and proce- dures pertinent to cybersecurity, and conducting Cybersecurity awareness programs. Cybersecurity Awareness and Training Program- Organizations are expected to conduct regular Cybersecurity Awareness and Training programs for their employees. This is to ensure that the employees are aware of their responsibilities and have the essen- tial knowledge and awareness of cybersecurity measures. Compliance with Cybersecurity Standards, Laws, and Regula- tions- The organization's cybersecurity program must be aligned with the cybersecurity standards, laws, and regulations. Periodical Cybersecurity Review and Audit- The organization's cybersecurity program must be aligned with the cybersecurity standards, laws, and regulations. Further, Cybersecurity audits and reviews must be conducted by independent parties outside the cybersecurity function to ensure no conflict of interest, as per the Generally Accepted Auditing Stan- dards (GAAS), and related laws and regulations.
  • 5. 2. Cybersecurity Defence Asset Management - Organizations are expected to maintain an accurate and detailed inventory of information and technology assets to support the organization’scybersecurityandopera- tional requirements and maintain the confidentiality, integrity, and availabili- ty of information and technology assets. Email Protection - Organizations must define document and approve the Cybersecurity requirements to be implemented for protecting email services. This should include Analysing and filter- ing of email, Multi-factor authentication for remote and webmail access, email archives and backups, etc. Networks Security Management - Organizations should imple- ment network segmentation/segregation to secure the organiza- tion's network against cyber threats. They are required to imple- ment various cybersecurity requirements including Logical or physical segregation and segmentation of network segments, Secure browsing and Internet connectivity, strong authentication of wireless networks, Intrusion Prevention Systems (IPS), Security of Domain Name Service (DNS), security measures against Ad- vanced Persistent Threats (APT) to name a few. The implemented security measures must be reviewed periodically necessary mea- sures are in place and in alignment with the evolving threats. Identity and Access Management - Organizations are expected to main- tain secure and restricted logical access to information and technology assets to prevent unauthorized access and allow only authorized access for users which are necessary to accom- plish assigned tasks. Necessary cyber- security requirements should be imple- mented for identity and access man- agement and the same should be reviewed periodically. Information System and Information Processing Facilities Protection - Organizations must implement rele- vant and necessary security measures to protect information systems and information processing facilities against cyber risks. The implemented measures must be defined, documented, approved, and even reviewed periodically.
  • 6. Mobile Device Security - Organizations are required to protect all mobile devices against cyber threats and ensure the secure handling of all sensitive information under their Bring Your Own Device policy (BYOD). The cybersecurity requirements for mobile devices must include Separation and encryption of the organization’s data, Controlled and restricted use of mobile devices, and Secure wiping of data in cases of device loss, theft, or after termination/separa- tion. Data and Information Protection - Organizations must imple- ment security measures and ensure the confidentiality, integrity, and availability of the organization’s data and information as per organizational policies and procedures, and related laws and regu- lations. The implemented measures must be reviewed periodical- ly. Cryptography - Organizations must define, document, and approve measures to implement cryptography. This is to ensure the proper and efficient use of cryptography to protect informa- tion assets as per organizational policies and procedures, and relat- ed laws and regulations. Backups and Recovery Management - Organizations must ensure the protection of the organization’s data and information including information systems and software configurations from cyber risks. The organization must accordingly define, document, approve and implement backup and recovery management and test the same for its effectiveness. Penetration Testing - Organizations must simulate cyber-at- tacks to discover unknown weaknesses within the technical infra- structure that may result in cyber-breach. This is to assess and eval- uate the efficiency of the organization’s cybersecurity defense capabilities. The penetration testing exercises must be defined, documented, approved, and periodically performed. Cybersecurity Event Logs and Monitoring Management - Orga- nizations must have in place Cybersecurity event logs and moni- toring management systems for early detection of anomalies. This is to prevent or minimize the impact of the incident on the organi- zation. Organizations are expected to activate cybersecurity event logs on critical information assets and remote access, and privi- leged user accounts, while also constantly monitor event logs and retain the records for 12 months. Vulnerability Management - Organizations must conduct a peri- odic vulnerability assessment to ensure timely detection and remediation of vulnerabilities. This is to prevent and minimize the risk of cyber-attacks due to the exploitation of unidentified vul- nerabilities.
  • 7. Cybersecurity Incident and Threat Management - Organiza- tions are expected to have in place an Incident Response and Man- agement system to quickly take necessary measures in case of an incident. This is to minimize the damage caused due to the inci- dent that occurred and its impact on the organization's opera- tions. Physical Security - Organizations must implement physical secu- rity measures to protect the information and technology assets of the organization. The measures implemented must be defined, documented, and approved. The physical protection implement- ed must include restricting access to sensitive facilities, CCTV mon- itoring at entry and exits, secure destruction and re-use of physical assets holding classified information, Security of devices and equipment comprising sensitive data. Web Application Security - Organizations are expected to imple- ment security measures for web applications to ensure protection against various cyber risks. The cybersecurity requirements for external web applications must include the use of a web applica- tion firewall, use of secure protocols, multi-factor authentication for users’ access, adoption of the multi-tier architecture principle, and establishing a secure usage policy for users. Organizations must also periodically review the cybersecurity requirements for external web applications. Organizations must ensure the inclusion of the cybersecurity resil- iency requirements within the organization’s Business Continuity Management to remediate and minimize the impacts on systems, information processing facilities, and critical e-services from disas- ters caused by cybersecurity incidents. This would include having in place Incident Response Plans and Disaster Recovery Plans which must also be reviewed periodically. Third-Party Cybersecurity - In terms of third-party risks, organiza- tions are expected to have in place policies, procedures ensuring the security of outsourced services. This should include having in place contracts and agreements with the third party that must be documented and approved. The contract or agreement docu- ments must communicate disclosure policy, procedures in case of cybersecurity incidents, and requirements to comply with related organizational policies and procedures, laws, and regulations. Cloud Computing and Hosting Cybersecurity - The organiza- tions must implement cybersecurity measures for hosting and cloud computing which should be aligned with the organizational policies and procedures, and related laws and regulations. The im- plemented measures must be defined, documented, and approved. The cybersecurity requirements related to hosting and cloud computing services must be reviewed periodically. 3. Cybersecurity Resilience 4. Third-Party and Cloud Computing Cybersecurity
  • 8. Industrial Control Systems (ICS) Protection - Cybersecu- rity requirements related to Industrial Controls Systems and Operational Technology (ICS/OT) must be defined, documented approved, and implemented. The imple- mentation of measures must include physical and virtual segmentation when connecting industrial production networks to other networks within the organization and networks to other networks within the organization and external networks. Other measures required to be implemented should include Continuous monitoring and activation of event logs, Isola- tion of Safety Instrumental Systems, limitation on connecting mobile devices to industrial production networks, limitation on the use of external storage media, patch management, vulnerabil- ity management, cybersecurity application management and periodic review of all measures implemented. 5. Industrial Control System Cybersecurity
  • 9. VISTA InfoSec is a global cybersecurity consulting firm having nearly two decades of presence in the industry. With combined expertise, knowledge, and experience in the industry, our team of in-house experts can assist you in your journey of compliance and help you imple- ment the required security measures and controls for achieving compliance. Our solutions and advisory services are particularly effective with regards to implementing some of the identified controls outlined by the NCA. We help you translate these requirements into a systematic implementation process and ensure security and Compliance to NCA’s ECC. How can VISTA InfoSec help with NCA ECC Compliance?
  • 10. www.vistainfosec.com Contact Us info@vistainfosec.com US Tel: +1-415-513-5261 | UK Tel: +442081333131 SG Tel: +65-3129-0397 | IN Tel: +91 73045 57744