LISTEN NOW: Evolution of Data Controls in the Era of Generative AI
ViewLearn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.
Ver una demostración
The Kingdom of Saudi Arabia's Essential Cybersecurity Controls (ECC-1: 2018) provides a structured framework aimed at enhancing the cybersecurity posture of organizations operating within the KSA. This comprehensive set of guidelines covers various aspects of cybersecurity, including governance, risk management, compliance, technical controls, and incident response.
The ECC framework helps organizations protect their information assets and maintain their systems' integrity, confidentiality, and availability by establishing clear roles and responsibilities, creating strong risk management plans, and complying with relevant laws and standards.
The ECC-1: 2018 also highlights the need for regular upgrades, continuous monitoring, and ensuring cybersecurity awareness. It emphasizes the physical security of information systems and requires the use of technological controls such as encryption, network security measures, and access management.
Securiti enables organizations to comply with KSA’s Essential Cybersecurity Controls (ECC-1: 2018) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with KSA’s Essential Cybersecurity Controls (ECC-1: 2018) through automation, enhanced data visibility, and identity linking.
1-1 Cybersecurity Strategy
To ensure that cybersecurity plans, goals, initiatives, and projects are enabling compliance with related laws and regulations.
1-2 Cybersecurity Management
To ensure that the head of the organization or his/her delegate (defined as an Authorizing Official) supports the implementation and management of cybersecurity programs and objectives within the organization as per related laws and regulations.
1-3 Cybersecurity Policies and Procedures
To ensure that the organization documents, communicates, and complies with cybersecurity requirements in accordance with relevant laws and regulations and organizational requirements.
1-4 Cybersecurity Roles and Responsibilities
To ensure that roles and responsibilities are defined for all parties participating in implementing the cybersecurity controls within the organization.
1-5 Cybersecurity Risk Management
To ensure the management of cybersecurity risks using a methodological approach to protect the organization’s information and technology assets as per organizational policies and procedures and related laws and regulations.
1-6 Cybersecurity in Information and Technology Project Management
To ensure that cybersecurity requirements are included in project management methodology and procedures, protecting the confidentiality, integrity, and availability of information and technology assets according to the organization’s policies and procedures and related laws and regulations.
1-7 Compliance with Cybersecurity Standards, Laws and Regulations
To ensure that the organization’s cybersecurity program complies with related laws and regulations.
1-8 Periodical Cybersecurity Review and Audit
To ensure that cybersecurity controls are implemented and in compliance with organizational policies and procedures, as well as related national and international laws, regulations and agreements.
1-9 Cybersecurity in Human Resources
To ensure that cybersecurity risks and requirements related to personnel (employees and contractors) are managed efficiently prior to employment, during employment and after termination/separation as per organizational policies and procedures and related laws and regulations.
1-10 Cybersecurity Awareness and Training Program
To ensure that personnel are aware of their cybersecurity responsibilities and have essential cybersecurity awareness. It is also to ensure that personnel are given the required cybersecurity skills, training and credentials needed to accomplish their cybersecurity responsibilities and protect the organization’s information and technology assets.
2-1 Asset Management
To ensure that the organization has an accurate and detailed inventory of information and technology assets to support its cybersecurity and operational requirements and maintain their confidentiality, integrity, and availability.
2-2 Identity and Access Management
To ensure secure and restricted logical access to information and technology assets, prevent unauthorized access, and allow only authorized access for users necessary to accomplish assigned tasks.
2-3 Information System and Information Processing Facilities Protection
To ensure the protection of information systems and information processing facilities (including workstations and infrastructures) against cyber risks.
2-4 Email Protection
To ensure the protection of the organization’s email service from cyber risks.
2-5 Networks Security Management
To ensure the protection of an organization’s network from cyber risks.
2-6 Mobile Devices Security
To ensure the protection of mobile devices (including laptops, smartphones, and tablets) from cyber risks and the secure handling of the organization’s information (including sensitive information) while utilizing the Bring Your Own Device (BYOD) policy.
2-7 Data and Information Protection
To ensure the confidentiality, integrity, and availability of the organization’s data and information as per organizational policies and procedures and related laws and regulations.
2-8 Cryptography
To ensure the proper and efficient use of cryptography to protect information assets as per organizational policies and procedures, and related laws and regulations.
2-9 Backup and Recovery Management
To ensure the protection of the organization’s data and information, including information systems and software configurations, from cyber risks as per organizational policies and procedures and related laws and regulations.
2-10 Vulnerabilities Management
To ensure timely detection and effective remediation of technical vulnerabilities, preventing or minimizing the probability of exploiting these vulnerabilities to launch cyber attacks against the organization.
2-11 Penetration Testing
To assess and evaluate the efficiency of the organization’s cybersecurity defense capabilities through simulated cyber-attacks to discover unknown weaknesses within the technical infrastructure that may lead to a cyber breach.
2-12 Cybersecurity Event Logs and Monitoring Management
To ensure timely collection, analysis and monitoring of cybersecurity events for early detection of potential cyber-attacks in order to prevent or minimize the negative impacts on the organization’s operations.
2-13 Cybersecurity Incident and Threat Management
To ensure timely identification, detection, effective management, and handling of cybersecurity incidents and threats to prevent or minimize negative impacts on the organization’s operation, taking into consideration Royal Decree number 37140, dated 14/8/1438H.
2-14 Physical Security
To ensure the protection of information and technology assets from unauthorized physical access, loss, theft, and damage.
2-15 Web Application Security
To ensure the protection of external web applications against cyber risks.
3-1 Cybersecurity Resilience Aspects of Business Continuity Management (BCM)
To ensure the organization’s business continuity management includes the cybersecurity resiliency requirements and to remediate and minimize the impacts on systems, information processing facilities and critical e-services from disasters caused by cybersecurity incidents.
4-1 Third-Party Cybersecurity
To ensure the protection of assets against cybersecurity risks related to third parties, including outsourcing and managed services, as per organizational policies and procedures and related laws and regulations.
4-2 Cloud Computing and Hosting Cybersecurity
To ensure the proper and efficient remediation of cyber risks and the implementation of cybersecurity requirements related to hosting and cloud computing as per organizational policies and procedures and related laws and regulations. It is also to ensure the protection of the organization’s information and technology assets hosted on the cloud or processed/managed by third parties.
Securiti is the pioneer of the Data Command Center, a centralized platform that enables the safe use of data and GenAI. It provides unified data intelligence, controls, and orchestration across hybrid multicloud environments. Large global enterprises rely on Securiti's Data Command Center for data security, privacy, governance, and compliance.
Securiti’s Data Security Posture Management module enables organizations to minimize data breach risk, secure data sharing, and improve data privacy and compliance while reducing the cost and complexity of building data controls. With Securiti’s DSPM, organizations can discover and catalog all data assets, gain contextual data intelligence to classify sensitive data, prioritize and remediate data system misconfigurations based on sensitivity, prevent unauthorized data access, honor individuals' data privacy, govern data controls to prevent sensitive data sprawl and unify data intelligence and controls across cloud environments.
Securiti’s Compliance Management automation enables organizations to navigate the ever-intricate landscape of emerging AI and data regulations and streamline compliance by leveraging common controls and tests, a rich library of frameworks and regulations, pre-defined multi-compliance checks, seamless reporting, and Copilot—an LLM-powered chatbot offering insightful guidance.
Securiti’s Breach Management provides incident response workflows that help organizations respond to privacy incidents in a timely and effective manner. This is important because, under KSA laws, organizations are required to take reasonable steps to protect personal information from unauthorized access, disclosure, alteration, misuse, or deletion before processing it.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
