} l 4 | 9 d n h Ü j u d 8 9 ) d i m l Ý d · 2019-03-25 · ë ' ¸ ¸ ¸ ¸ h ] | u d z | m...

Critical Systems Cybersecurity Controls(CSCC -1 :2018)

(Statement of Applicability

(Cybersecurity Governance (Cybersecurity Defense

(Cybersecurity Resilience

(Third-Party and Cloud Computing Cybersecurity)

/ /

/ /

/ /

CSCC – 1: 2018

.(ECC – 1: 2018

/ /

/ /

ECC – 1: 2018

(CSCC – 1: 2018

ECC – 1: 2018

(Main Domains •

(Subdomains •

(Controls •

التأثير على السمعة الوطنية.

االفشاء غير المصرح به لبيانات تصنيفها سري او سري جدا.

أضرار أو خسائر في األرواح .

-

connecting devices

(Router

(Switches

(Gateways

(Firewall

(Middleware

(“Critical National Infrastructures “CNIs

(Statement of Applicability

-

Cloud Computing and Hosting Cybersecurity

/ // /

ECC١: ٢٠١٨-

.(

٢ ١

CybersecurityGovernance

-Cybersecurity StrategyCybersecurity Management

Cybersecurity Policies and ProceduresCybersecurity Roles and Responsibilities

-Cybersecurity Risk Management

-

Cybersecurity in Information Technology Projects

Cybersecurity Regulatory Compliance-Cybersecurity Periodical Assessment

and Audit

- Cybersecurity in Human ResourcesCybersecurity Awareness and Training Program

2

Cybersecurity Defense

- Asset Management

- Identity and Access Management

- Information System and Processing Facilities Protection

Email Protection

- Networks Security Management

- Mobile Devices Security

- Data and Information Protection

- Cryptography

- Backup and Recovery Management

- Vulnerabilities Management

- Penetration Testing

- Cybersecurity Event Logs and Monitoring Management

Cybersecurity Incident and Threat ManagementPhysical Security

- Web Application Security

-

Application Security

CybersecurityResilience

- Cybersecurity Resilience aspects of Business Continuity Management (BCM)

ComputingCybersecurity

- Third-Party Cybersecurity

-


ICSCybersecurity

Industrial Control Systems (ICS) Protection

CybersecurityGovernance

- Cybersecurity Strategy

- Cybersecurity Risk Management

-

Cybersecurity in Information Technology Projects

- Cybersecurity Periodical Assessment and Audit

– Cybersecurity in Human Resources

- Asset Management

- Identity and Access Management

- Information System and Processing Facilities Protection

– Networks Security Management



- Cryptography

- Backup and Recovery Management

- Vulnerabilities Management

- Penetration Testing

- Cybersecurity Event Logs and Monitoring Management

- Web Application Security

-

Application Security

CybersecurityResilience

- Cybersecurity Resilience aspects of Business Continuity Management (BCM)

ComputingCybersecurity

- Third-Party Cybersecurity

-


20181-CSCC

---

:

(Cybersecurity Governance

(Cybersecurity Strategy -

ECC-1-1 - -

(Cybersecurity Risk Management -

ECC-1-5 - -

(Cybersecurity in Information Technology Projects)-

ECC-2-6-1

- - -

- -

ECC-3-6-1

.(Security Source Code Review - - -Source Code - - -

.(Authenticated API - - -- - -

Production Environment)

- -

(Cybersecurity Periodical Assessment and Audit)-

ECC-1-8-1 - -

(Cybersecurity in Human Resources)-

ECC-3-9-1

- - -- - -

- -

(Cybersecurity Defense

(Asset Management -

ECC-1-2 - -

(Identity and Access Management -Logical Access

ECC-3-2-2

- - -

Multi-Factor Authentication - - -


. - - -- - -- - -

Service Account - - -.(Interactive login

- - -

- -

ECC-2-2-3-5 - -

(Information System and Processing Facilities Protection)-

ECC-3-3-2

Whitelisting - - -

- - -.(End-point Protection)

- - -

Workstations - - -Management Network

Non-console Administartive Access - - -

( - - -

- -

(Networks Security Management -

ECC-3-5-2

- - -Firewall rules - - -

- - -

- - -.(Network APT - - -

- - -

.(Distrbuted Denial of Service Attack “DDoS - - -

- -

(Mobile Devices Security -

BYOD

Ecc-3-6-2BYOD

- - -.(Full Disk Encryption - - -

- -

(Data and Information Protection -

ECC-3-7-2

- - -- - -

.(Data Leakage Prevention - - -Retention Period - - -

- - -

- -

(Cryptography -

ECC-3-8-2

.(Data-In-Transit - - -.(Data-At-Rest - - -

- - -.(Symmetric - - -

.(Asymmetric - - -

- -

(Backup and Recovery Management -

ECC-3-9-2

- - -

- - -

- -

ECC-3-3-9-2 - -

(Vulnerabilities Management -

ECC-3-10-2

- - -

- -

ECC-1-3-10-2 - -

(Penetration Testing -

ECC-3-11-2

- - -

- -

ECC-2-3-11-2 - -

(Cybersecurity Event Logs and Monitoring Management)-

ECC-2-12-3

Event logs - - -

- - -.(File Integrity Management

.(User Behavior Analytics ”UBA - - -

- -

ECC-5-3-11-2 - -

(Web Application Security -

ECC-3-15-2

Secure Session Management - - -.(Timeout Lockout Authenticity)

- -

(Multi-tier Architecture ECC-2-3-15-2.(3-Tier Architecture)

- -

(Application Security -

Multi-tier Architecture - - - .(3-Tier Architecture)

.(HTTPS - - -- - -


Secure Session Management - - -.(Timeout Lockout Authenticity)

- -

(Cybersecurity Resilience

(Cybersecurity Resilience aspects of Business Continuity Management “BCM”) -

ECC-3-1-3

- - -- - -- - -

- -

(Third-Party and Cloud Computing Cybersecurity)

(Third-Party Cybersecurity -

Managed Services Outsourcing

ECC-1-4- - -- - -

- -

(Cloud Computing and Hosting Cybersecurity) -

ECC-3-2-4

- - -- -

(Zero-Day Malware Advanced Persistent

Threat (APT) Protection

Asset

Attack

Audit

Authentication

Availability

Backup

Bring Your Own Device (BYOD)

Change Management

Software-as-Service“SaasPlatform-as-Service “PaaS

.Infrastructure-as-Service “IaaS

Cloud Computing

Compromise

Information

Critical National Infrastructure

Cryptography

Cyber-Attack

Cyber Risks

Cybersecurity Resilience

//

Cybersecurity

Cyberspace

Data and Information

Disaster Recovery

Key Performance Indicators “KPIs“Effectiveness

Event

.(HTTP

Hyper Text Transfer Protocol Secure (HTTPS)

Incident

Non-Repudiation Integrity

One-Time-.("Password

Multi-Factor Authentication (MFA)

Multi-tier Architecture

Organization Staff

Outsourcing

Patch

Penetration Testing

Phishing Emails

CCTV.

Physical Security

Policy

Privacy

Privileged Access Management

Procedure

Process

Recovery

Retention

and Hardening

Third-Party

Threat

Vulnerability

Web Application Firewall

Malware

.(Signature-based Protection Zero-Day Malware

Objects FunctionsProtocols

Application Program

Interface (API)

Hardware Software Stress Testing

Data-In-Transit

Tapes(Disk) Data-At-Rest

Symmetric Encryption

Algorithms

Asymmetric Encryption Algorithms

User Behavior Analytics (UBA)

In- At-Rest(In-Transit Use

Data Leakage Prevention

Distributed Denial of Service Attack

Source Code

Service Accounts

End-point Protection

APTAdvanced Persistent Threat

APIApplication Program Interface

BCMBusiness Continuity Management

BYODBring Your Own Device

CNICritical National Infrastructure

DDoSDistributed Denial of Service Attack

ECCEssential Cybersecurity Controls

HTTPSHyper Text Transfer Protocol Secure

ICSIndustrial Control System

MFAMulti-Factor Authentication

UBAUser Behavior Analytics

} l 4 | 9 d n h Ü j u d 8 9 ) d i m l Ý d · 2019-03-25 · ë ' ¸ ¸ ¸ ¸ h ] | u d z | m...

Documents