The National Cyber Security Authority (NCA) of Saudi Arabia developed the Essential Cyber Security Controls in the year 2018. It was developed after a comprehensive study of various national and international Cyber Security Frameworks and Standards. The NCA ECC was developed to ensure organizations maintain and support the Cyber Security initiative to protect the interests, national security, critical infrastructure, and government services. It was developed with an aim to set minimum Cyber Security requirements for information and technology assets in organizations of Saudi Arabia. The controls requirements developed are based on industry-leading practices which intend to help organizations minimize Cyber Security Risks. The Essential Cyber Security Controls (ECC) comprises-
1. 5 Cyber Security Main Domains.
2. 29 Cyber Security Sub-Domains.
3. 114 Cyber Security Controls.
The controls outlined were developed after a comprehensive review of all the legal, regulatory requirements, global Cyber Security best practices analysis of Cyber Security incidents, and attacks on government establishments, and considering opinions of various prominent business firms of the country. In addition to the ECC Standard, the National Cyber Security Authority of Saudi Arabia introduced Critical Systems Cyber Security Controls (CSCC) in the year 2019. The NCA CSCC mandates the minimum Cyber Security requirements for critical systems within national organizations.
We sit with your team to understand your business processes and the environment to accordingly consolidate the scope of Compliance.
Taking into account all the relevant business, regulatory, and compliance requirements, our team helps in defining the scope for NCA ECC Compliance.
Our team of experts will assess the current state of your NCA ECC Compliance and identify gaps in security controls, systems, and the environment against Compliance requirements.
We conduct a comprehensive Risk Assessment based on the NCA ECC Cyber Risk Management Framework to identify areas that could possibly be exploited and result in a data breach.
Our team develops effective Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels. We can also assist you in developing and implementing a data breach management response that can blend with your existing Incident Response Plan.
Our Security Analyst will help you build and roll out effective policies and procedures for your organization, in line with NCA ECC.
Our team of experts will conduct User Training programs for all personnel covered in scope on their specific Compliance responsibilities. Training materials for future use shall be provided.
After a reasonable gestation period, a separate team of qualified and experienced Auditors conduct a Pre-assessment of your setup and ensure all measures are implemented and identify any deviations from the defined NCA ECC policies and procedures.
The National Cyber Security Authority (NCA) is Saudi Arabia’s competent national entity responsible for boosting Cyber Security and protecting vital interests, national security, and sensitive infrastructure.
The National Cyber Security Authority (NCA) of Saudi Arabia introduced the Essential Cyber Security Controls to establish a strong security framework and ensure organizations maintain and support the Cyber Security initiative to protect the national security, critical infrastructure, high priority sectors, and government services.
The NCA ECC applies to government organizations in Saudi Arabia, including ministries, authorities, establishments, companies, entities, and private sector organizations owning, operating, or hosting Critical National Infrastructures (CNIs).
The Essential Cyber Security Controls consist of 5 Cyber Security main domains, 29 Cyber Security subdomains, 114 Cyber Security controls. The ECC main domains are:
• Cyber Security Governance
• Cyber Security Defense
• Cyber Security Resilience
• Third-Party and Cloud Computing Cyber Security.
• Industrial Control Systems (ICS) Cyber Security
Depending on the scope, a basic assessment including Gap Analysis should cost around $12,000 USD.