Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, conse...Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.展开更多
2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技...2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技术实现可互操作、基于开放的零信任架构。第二版SP 1800-35更新了原A-D卷的内容,增加了第一版本发布之后新完成的另外3个零信任实现架构;额外增加了E卷的内容,提供了零信任体系架构安全特性与网络安全标准和最佳实践之间的映射关系及风险分析。展开更多
文摘Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.
文摘2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技术实现可互操作、基于开放的零信任架构。第二版SP 1800-35更新了原A-D卷的内容,增加了第一版本发布之后新完成的另外3个零信任实现架构;额外增加了E卷的内容,提供了零信任体系架构安全特性与网络安全标准和最佳实践之间的映射关系及风险分析。