Last year, Saudi Arabia’s NCA (National Cybersecurity Authority) issued guidelines to help organisations protect sensitive information and prevent cyber attacks.
The rules apply to all government agencies and private-sector organisations that own, operate or host sensitive national infrastructure. They are based on the best practices described in the international standard for information security, ISO 27001, meaning there is an existing, proven framework for you to follow.
The Standard is growing increasingly popular in Saudi Arabia, with last year’s ISO survey reporting a 10% annual increase in certifications. However, if you’re not following the Standard’s requirements, here’s what you need to know.
How does ISO 27001 work?
ISO 27001 lays out best practice for an ISMS (information security management system), which is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information.
Confidentiality refers to the ability to make sure data is only accessed by authorised people, integrity refers to the accuracy and completeness of records, and availability refers to the ability to ensure that data is accessible when required.
An ISMS covers not only technical defences but also those related to common risks concerning people, resources, assets and processes.
How does ISO 27001 help organisations?
An ISO 27001-compliant ISMS can help organisations:
- Respond to evolving security threats:An ISMS can easily be adapted to take into account new vulnerabilities and changes in cyber criminals’ tactics.
- Reduce costs associated with information security: Organisations in the Gulf spend about 13.1 million SAR following a data breach. The most obvious way of reducing this cost is to mitigate the risk of a data breach, which is one of the main objectives of an ISMS.
- Increase resilience to cyber attacks: An ISMS can also reduce costs if a breach does occur, as you’ll be able to identify the source of the breach quickly and limit the amount of work needed to fix the problem.
- Enhance company culture: Staff awareness is a key part of any ISMS, meaning information security will become embedded in your employees’ day-to-day activities.
Read our ISO 27001 fact sheet
If you want to learn more about keeping your information secure, download our free ISO 27001 fact sheet, which explains:
- How ISO 27001 can improve information security;
- The benefits of achieving certification;
- What to consider when tackling the Standard; and
- How to overcome the initial barriers of implementation.