3846d1c4 Da85 40e3 804f A6735bd8dac8 GECC Implementation Guidelines Ar

‫اﻟﺪﻟﻴﻞ اﻹرﺷﺎدي ﻟﺘﻄﺒﻴﻖ اﻟﻀﻮاﺑﻂ‬
‫اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫‬
‫ ‬
‫)‪ (GECC – 1 : 2023‬‬
‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬
‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬

‫‪o be saved‬‬
‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪2‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬


‫ﺑﺴﻢ اﻟﻠﻪ اﻟﺮﺣﻤﻦ اﻟﺮﺣﻴﻢ‬

‫ﺑﺮوﺗﻮﻛﻮل اﻹﺷﺎرة اﻟﻀﻮﺋﻴﺔ )‪:(TLP‬‬
‫أﺣﻤﺮ – ﺷﺨﺼﻲ وﺳﺮي ﻟﻠﻤﺴﺘﻠﻢ ﻓﻘﻂ‬
‫ﺑﺮﺗﻘﺎﻟﻲ – ﻣﺸﺎرﻛﺔ ﻣﺤﺪودة‬
‫أﺧﻀﺮ – ﻣﺸﺎرﻛﺔ ﻓﻲ ﻧﻔﺲ اﻟﻤﺠﺘﻤﻊ‬
‫أﺑﻴﺾ – ﻏﻴﺮ ﻣﺤﺪود‬

‫ﻗﺎﺋﻤﺔ اﻟﻤﺤﺘﻮﻳﺎت‬
‫‪................................................................................................................................................................‬‬
‫‪................................................................................................................................................................‬‬
‫‪................................................................................................................................‬‬
‫‪..............................................................................................................................................................‬‬
‫‪...............................................................................................‬‬
‫ﻗﺎﺋﻤﺔ اﻷﺷﻜﺎل‬
‫‪..................................................................‬‬
‫‪.........................................................................‬‬ ‫‪:‬‬

‫ﻣﻘﺪﻣﺔ‬
‫‪ECC - 1: 2018‬‬
‫‪.‬‬
‫اﻟﻬﺪف‬
‫ﻧﻄﺎق اﻟﻌﻤﻞ‬
‫‪ECC-1:2018‬‬
‫‪Critical National Infrastructure‬‬

‫ﻣﻜﻮﻧﺎت وﻫﻴﻜﻠﻴﺔ اﻟﻀﻮاﺑﻂ اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫إدارة اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬ ‫اﺳﺘﺮاﺗﻴﺠﻴﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫‪٢-١‬‬ ‫‪١-١‬‬
‫‪Cybersecurity Management‬‬ ‫‪Cybersecurity Strategy‬‬
‫أدوار وﻣﺴﺆوﻟﻴﺎت اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫ﺳﻴﺎﺳﺎت وإﺟﺮاءات اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫‪Cybersecurity Roles and‬‬ ‫‪٤-١‬‬ ‫‪٣-١‬‬
‫‪Cybersecurity Policies and Procedures‬‬
‫‪Responsibilities‬‬
‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ ﺿﻤﻦ إدارة اﻟﻤﺸﺎرﻳﻊ‬
‫اﻟﻤﻌﻠﻮﻣﺎﺗﻴﺔ واﻟﺘﻘﻨﻴﺔ‬ ‫إدارة ﻣﺨﺎﻃﺮ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫ﺣﻮﻛﻤﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫‪٦-١‬‬ ‫‪٥-١‬‬ ‫‪Cybersecurity‬‬ ‫‪١‬‬
‫‪Cybersecurity in Information‬‬ ‫‪Cybersecurity Risk Management‬‬
‫‪Technology Projects‬‬ ‫‪Governance‬‬
‫اﻟﻤﺮاﺟﻌﺔ واﻟﺘﺪﻗﻴﻖ اﻟﺪوري ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬ ‫اﻻﻟﺘﺰام ﺑﺘﺸﺮﻳﻌﺎت وﺗﻨﻈﻴﻤﺎت وﻣﻌﺎﻳﻴﺮ اﻷﻣﻦ‬
‫‪Periodical Cybersecurity Review and‬‬ ‫‪٨-١‬‬ ‫اﻟﺴﻴﺒﺮاﻧﻲ‬ ‫‪٧-١‬‬
‫‪Audit‬‬ ‫‪Cybersecurity Regulatory Compliance‬‬
‫ﺑﺮﻧﺎﻣﺞ اﻟﺘﻮﻋﻴﺔ واﻟﺘﺪرﻳﺐ ﺑﺎﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ ﺑﺎﻟﻤﻮارد اﻟﺒﺸﺮﻳﺔ‬
‫‪Cybersecurity Awareness and Training‬‬ ‫‪١٠-١‬‬ ‫‪٩-١‬‬
‫‪Cybersecurity in Human Resources‬‬
‫‪Program‬‬
‫إدارة ﻫﻮﻳﺎت اﻟﺪﺧﻮل واﻟﺼﻼﺣﻴﺎت‬ ‫إدارة اﻷﺻﻮل‬
‫‪٢-٢‬‬ ‫‪١-٢‬‬
‫‪Identity and Access Management‬‬ ‫‪Asset Management‬‬
‫ﺣﻤﺎﻳﺔ اﻷﻧﻈﻤﺔ وأﺟﻬﺰة ﻣﻌﺎﻟﺠﺔ اﻟﻤﻌﻠﻮﻣﺎت‬
‫ﺣﻤﺎﻳﺔ اﻟﺒﺮﻳﺪ اﻹﻟﻜﺘﺮوﻧﻲ‬
‫‪٤-٢‬‬ ‫‪Information System and Processing‬‬ ‫‪٣-٢‬‬
‫‪Email Protection‬‬
‫‪Facilities Protection‬‬
‫أﻣﻦ اﻷﺟﻬﺰة اﻟﻤﺤﻤﻮﻟﺔ‬ ‫إدارة أﻣﻦ اﻟﺸﺒﻜﺎت‬
‫‪٦-٢‬‬ ‫‪٥-٢‬‬
‫‪Mobile Devices Security‬‬ ‫‪Networks Security Management‬‬
‫اﻟﺘﺸﻔﻴﺮ‬ ‫ﺣﻤﺎﻳﺔ اﻟﺒﻴﺎﻧﺎت واﻟﻤﻌﻠﻮﻣﺎت‬

‫‪٨-٢‬‬ ‫‪٧-٢‬‬
‫‪Cryptography‬‬ ‫‪Data and Information Protection‬‬
‫ﺗﻌﺰﻳﺰ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫‪٢‬‬
‫إدارة اﻟﺜﻐﺮات‬ ‫إدارة اﻟﻨﺴﺦ اﻻﺣﺘﻴﺎﻃﻴﺔ‬ ‫‪Cybersecurity Defense‬‬
‫‪١٠-٢‬‬ ‫‪٩-٢‬‬
‫‪Vulnerability Management‬‬ ‫‪Backup and Recovery Management‬‬
‫إدارة ﺳﺠﻼت اﻷﺣﺪاث وﻣﺮاﻗﺒﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫اﺧﺘﺒﺎر اﻻﺧﺘﺮاق‬
‫‪Cybersecurity Event Logs and‬‬ ‫‪١٢-٢‬‬ ‫‪١١-٢‬‬
‫‪Penetration Testing‬‬
‫‪Monitoring Management‬‬
‫إدارة ﺣﻮادث وﺗﻬﺪﻳﺪات اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫اﻷﻣﻦ اﻟﻤﺎدي‬
‫‪١٤-٢‬‬ ‫‪Cybersecurity Incident and Threat‬‬ ‫‪١٣-٢‬‬
‫‪Physical Security‬‬
‫‪management‬‬
‫ﺣﻤﺎﻳﺔ ﺗﻄﺒﻴﻘﺎت اﻟﻮﻳﺐ‬
‫‪١٥-٢‬‬
‫‪Web Application Security‬‬
‫ﺟﻮاﻧﺐ ﺻﻤﻮد اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ ﻓﻲ إدارة اﺳﺘﻤﺮارﻳﺔ اﻷﻋﻤﺎل‬ ‫ﺻﻤﻮد اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫‪١-٣‬‬ ‫‪٣‬‬
‫)‪Cybersecurity Resilience Aspects of Business Continuity Management (BCM‬‬ ‫‪Cybersecurity Resilience‬‬
‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ‬

‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ ﺑﺎﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﻴﺔ‬
‫ﺑﺎﻷﻃﺮاف اﻟﺨﺎرﺟﻴﺔ واﻟﺤﻮﺳﺒﺔ‬
‫واﻻﺳﺘﻀﺎﻓﺔ‬ ‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ ﺑﺎﻷﻃﺮاف اﻟﺨﺎرﺟﻴﺔ‬
‫‪Cloud Computing and Hosting‬‬
‫‪٢-٤‬‬
‫‪Third-Party Cybersecurity‬‬
‫‪١-٤‬‬ ‫اﻟﺴﺤﺎﺑﻴﺔ‬ ‫‪٤‬‬
‫‪Cybersecurity‬‬ ‫‪Third-Party and Cloud‬‬
‫‪Computing Cybersecurity‬‬
‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ ﻷﻧﻈﻤﺔ اﻟﺘﺤﻜﻢ‬
‫ﺣﻤﺎﻳﺔ أﺟﻬﺰة وأﻧﻈﻤﺔ اﻟﺘﺤﻜﻢ اﻟﺼﻨﺎﻋﻲ‬
‫‪١-٥‬‬ ‫اﻟﺼﻨﺎﻋﻲ‬ ‫‪٥‬‬
‫‪Industrial Control Systems (ICS) Protection‬‬
‫‪ICS Cybersecurity‬‬

‫ﻫﻴﻜﻠﻴﺔ اﻟﺪﻟﻴﻞ اﻹرﺷﺎدي‬
‫‪١‬‬

‫إرﺷﺎدات ﺗﻄﺒﻴﻖ اﻟﻀﻮاﺑﻂ اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬
‫ﺣﻮﻛﻤﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ )‪(Cybersecurity Governance‬‬
‫«‬ ‫»‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪CCC‬‬
‫‪CSCC‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪ICT/ IT‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬ ‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪‬‬
‫‪:‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Committee Charter‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

Risk Register 
Risk Treatment Plan 

:
.

Technical Project Lifecycle

IT Change 
Management

‫ ﻋﺎم‬:‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‬ 20 ‫ أﺑﻴﺾ‬:‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‬

‫‪‬‬
‫‪‬‬
‫‪Production Environment‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪Third Party Management‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪Release Management‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Secure Configuration and Hardening‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Vulnerabilities Assessment‬‬ ‫‪‬‬

‫‪.‬‬

Vulnerabilities Assessment 
.
Secure Configuration and Hardening


Technical Security Standards 
Secure Configuration and Hardening 

Secure Coding Standards

Secure Coding Standards
Secure Coding Standards 


Libraries

Integration
SIT o
API o
Secure Configuration and Hardening

‫‪o‬‬
‫‪o‬‬
‫‪Image‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Cybersecurity Standards‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪Internal Audit‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Non-Disclosure‬‬ ‫‪o‬‬
‫‪Agreement‬‬
‫‪o‬‬
‫‪Lifecycle‬‬ ‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Non-Disclosure‬‬
‫‪Clauses‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Non-Disclosure Clauses‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪Screening or Vetting‬‬
‫‪‬‬
‫‪Screening or Vetting‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪Whale phishing‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫ﺗﻌﺰﻳﺰ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ )‪(Cybersecurity Defense‬‬
‫‪Asset Management‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪Excel‬‬ ‫‪‬‬
‫‪CMDB‬‬
‫‪‬‬

‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Labelling‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪Labelling‬‬ ‫‪‬‬
‫‪‬‬
‫‪CMDB‬‬ ‫‪Excel‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪Identity and Access Management‬‬
‫‪Logical Access‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬

User Authentication o
o
Authorization o
Authorization o
Segregation of Duties
o
o
:


User Authentication

Expiration Period o
complexity o
lockout o
activation o
history o
o



Multi-Factor Authentication


VPN

Something you know o
Something you have o
One time password
Something you are o

Authorization
Need-to-know and Need-to-use
Segregation of Duties Least Privilege

Active Directory

o
o
o
o
o
Authorization
Least Privilege Need-to-know and Need-to-use
Segregation of Duties
Privileged Access Management

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪default accounts‬‬ ‫‪/‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Information System and Processing Facilities Protection‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Clock Synchronization‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Clock Synchronization‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪Malware‬‬
‫‪‬‬
‫‪‬‬
‫‪Malware‬‬
‫‪o‬‬
‫‪APT‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪Patch Management‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬
‫‪-‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Clock Synchronization‬‬
‫‪‬‬
‫‪Clock Synchronization‬‬ ‫‪‬‬

‫‪NTP‬‬
‫‪‬‬

‫‪time.saso.gov.sa‬‬ ‫‪o‬‬
‫‪time.isu.net.sa‬‬ ‫‪o‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫(‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Email Protection‬‬

‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫)‪(Loadbalancer‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬

o
Phishing Spam Emails
Emails
o
o
Sender Policy Framework
Incoming message DMARC verification
Phishing Filtering
Spam Emails Emails






Spam Phishing Emails
Emails
Webmail

‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪EWS, outlook anywhere‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪APT Protection‬‬
‫‪Zero-Day Malware‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪(Sender Policy‬‬
‫‪Framework‬‬
‫‪‬‬
‫‪SPF Record‬‬ ‫‪‬‬

‫‪Spoofing‬‬

‫‪DKIM Record‬‬ ‫‪o‬‬
‫‪Integrity‬‬
‫‪DMARC‬‬ ‫‪‬‬
‫‪DKIM SPF‬‬
‫‪‬‬
‫‪‬‬
‫‪SPF Record‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪Networks Security Management‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪o‬‬
‫‪Firewall‬‬ ‫‪o‬‬
‫‪Defense-in-Depth‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫)‪(Firewall‬‬
‫‪Defense-in-Depth‬‬
‫‪:‬‬
‫‪‬‬

‫‪trust level‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪DMZ‬‬ ‫‪o‬‬
‫‪VLAN‬‬ ‫‪o‬‬
‫‪Defense-in-Depth‬‬ ‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫)‪(Network Diagram‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪VLANs‬‬

‫‪‬‬
‫‪Network Diagram‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Network Diagram‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪Proxy‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪LAN‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪Excel sheet‬‬
‫‪:‬‬
‫‪Wireless Security‬‬ ‫‪‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪Excel Sheet‬‬
‫‪LAN‬‬ ‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Excel Sheet‬‬
‫‪Firewall Rules‬‬ ‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

Excel
Sheet
Firewall Rules o
Firewall Rules
Intrusion Prevention Systems
:


o
o
IPS/IDS 
o
DMZ o
o
IPS/IDS 
IPS/IDS
Excel Sheet
:


IPS/IDS
IPS/IDS o
IPS/IDS
Excel Sheet
DNS
:

DNS Firewall DNS Security 

DNS Poisoning
Google DNS 
:

DNS 
DNS Security 
IP range
APT Protection
Zero-Day Malware

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪APT‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Mobile Devices Security‬‬
‫‪BYOD‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪o‬‬

BYOD o

:
BYOD 
BYOD
:
BYOD 
o
BYOD
o
Privileged Access o
BYOD o
Remote Wipe o
.
Group Policy o
o
o
Active Directory
Configuration and Hardening o
o
BYOD

:

BYOD
BYOD 
BYOD o
BYOD
o
Active Directory
BYOD o
BYOD
BYOD ( )
:

BYOD

BYOD
o
o
Mobile Device Management 
BYOD
:

BYOD

BYOD 

‫‪o‬‬
‫‪BYOD‬‬
‫‪BYOD‬‬
‫‪o‬‬
‫‪BYOD‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪Patches, AV‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬

‫‪BYOD‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪.‬‬ ‫‪BYOD‬‬
‫‪Mobile Device Management‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪o‬‬
‫‪BYOD‬‬
‫‪BYOD‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪:‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪BYOD‬‬
‫‪BYOD‬‬
‫‪:‬‬
‫‪BYOD‬‬ ‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪BYOD‬‬ ‫‪‬‬
‫‪‬‬
‫‪BYOD‬‬
‫‪:‬‬
‫‪BYOD‬‬ ‫‪‬‬
‫‪BYOD‬‬ ‫‪‬‬

‫‪‬‬
‫‪BYOD‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Data and Information Protection‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Classification and Labeling Mechanisms‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Cryptography‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪TLS‬‬ ‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪TLS (Transport Layer Security‬‬ ‫‪o‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫)‪TDE (Transparent Data Encryption‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫)‪(Backup and Recovery Management‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪Vulnerabilities Management‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪CVSS‬‬ ‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫(‬ ‫‪o‬‬
‫‪OEMs‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Penetration Testing‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫(‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪o‬‬
‫‪o‬‬
‫‪Google‬‬ ‫‪Apple Store‬‬ ‫‪‬‬
‫‪Play Store‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫)‪(Cybersecurity Event Logs and Monitoring Management‬‬

‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬

‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫)‪(Event logs‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫)‪(Event logs‬‬ ‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪Rules‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪SIEM‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Rules‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪SIEM‬‬
‫‪‬‬
‫‪‬‬
‫‪SIEM‬‬
‫‪.‬‬ ‫)‪(SIEM‬‬
‫‪:‬‬
‫‪‬‬
‫)‪(SIEM‬‬ ‫‪‬‬

‫‪‬‬
‫‪SIEM‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪SIEM‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Excel‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪SIEM‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Cybersecurity Incident and Threat Management‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪.‬‬

‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Playbook‬‬ ‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪is@nca.gov.sa‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪is@nca.gov.sa‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Threat Intelligence‬‬
‫‪:‬‬
‫‪‬‬
‫‪Threat Intelligence‬‬ ‫‪‬‬
‫‪Saudi CERT‬‬ ‫‪o‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪Physical Security‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫)‪.(CCTV‬‬ ‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪o‬‬
‫)‪.(CCTV‬‬ ‫‪o‬‬
‫‪.‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪CCTV‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪:‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬

‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫)‪.(CCTV‬‬
‫‪:‬‬

‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪CCTV‬‬ ‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪DVR‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪CCTV‬‬
‫‪‬‬

‫‪CCTV‬‬ ‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪zero filling‬‬ ‫‪degaussing‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪Web Application Security‬‬
‫‪‬‬

:

.(Web Application Firewall) o

Multi-tier Architecture o
.(HTTPS) o
o
. o
Multi-Factor Authentication o
Vulnerability Assessment o
Backup Log Files o
Regular o
screening of open ports, services, processes, and unused protocols

:

.(Web Application Firewall) o

Multi-tier Architecture o
.(HTTPS) o
. o
Multi-Factor Authentication o

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪WAF‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪HTTPS‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪MFA‬‬ ‫‪o‬‬
‫‪:‬‬
‫)‪.(Web Application Firewall‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪‬‬


o
o
o

WAF 
Multi-tier Architecture
:


o
o


o
Database Tier 
Business Tier 
Presentation/Client Tier 
o

‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫)‪.(HTTPS‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪‬‬
‫‪:‬‬
‫‪o‬‬
‫‪HTTPS‬‬ ‫‪‬‬
‫‪SFTP‬‬ ‫‪‬‬
‫‪(TLS‬‬ ‫‪‬‬

HTTPS 
:



(intranet) extranet


:

Multi-Factor Authentication 

‫‪‬‬
‫‪MFA‬‬ ‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫ﺻﻤﻮد اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ )‪(Cybersecurity Resilience‬‬
‫‪(Cybersecurity Resilience Aspects of Business‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Disaster Recovery Plan‬‬ ‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬

. 

. o
o
o
:



Business Continuity Management 

Program
(Business Continuity Plans 
o
(Business Impact Analysis) o
o

o
high availability





:

o
o
o
Planning and Preparation 
Detection and Analysis 
Containment, Eradication and 
Recovery
Review and Learn 

o
(Utilizing NCA published incident response playbooks

o
o



o
o
o



(
Disaster Recovery Plan

o
o

‫)‪(Business Impact Analysis‬‬ ‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ ﺑﺎﻷﻃﺮاف اﻟﺨﺎرﺟﻴﺔ واﻟﺤﻮﺳﺒﺔ اﻟﺴﺤﺎﺑﻴﺔ‬

‫)‪(Third-Party and Cloud Computing Cybersecurity‬‬
‫‪Managed Services‬‬ ‫‪Outsourcing‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪SLA‬‬

‫‪Non-Disclosure Clauses‬‬
‫‪‬‬
‫‪Non-‬‬
‫‪Disclosure Clauses‬‬
‫‪‬‬
‫‪‬‬
‫‪/‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪SLA‬‬
‫‪‬‬
‫‪‬‬
‫‪SLA‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪Service Level Agreement‬‬ ‫‪o‬‬
‫‪Non-disclosure Clauses‬‬ ‫‪o‬‬

‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪CCC‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪:‬‬

‫‪‬‬
‫‪/‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪/‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪.‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪SLA‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪SLA‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ ﻷﻧﻈﻤﺔ اﻟﺘﺤﻜﻢ اﻟﺼﻨﺎﻋﻲ‬

‫)‪(Industrial Control Systems Cybersecurity‬‬
‫‪ICS/OT‬‬
‫‪ICS/OT‬‬
‫‪‬‬
‫)‪(ICS/OT‬‬ ‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪ICS/OT‬‬

ICS/OT 

ICS/OT
ICS/OT 
ICS/OT 


(ICS/OT)
:
(ICS/OT)
"Corporate Network"

(ICS/OT)
(ICS/OT) 

(ICS/OT) 
corporate network o
industrial demilitarized zone o


‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫)‪(ICS/OT‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪DMZ‬‬ ‫‪proxy‬‬ ‫‪‬‬
‫‪o‬‬
‫‪jump server‬‬ ‫‪VPN‬‬ ‫‪‬‬
‫‪MFA‬‬
‫‪o‬‬
‫‪NCS-‬‬ ‫‪‬‬
‫‪1:2020‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫)‪(Event logs‬‬
‫‪.‬‬

‫)‪(Event logs‬‬ ‫‪‬‬

‫‪.‬‬
‫)‪(ICS/OT‬‬ ‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪SIEM‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪use cases‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪engineering‬‬ ‫‪SIS‬‬ ‫‪‬‬
‫‪workstations‬‬
‫‪‬‬

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬
‫‪‬‬
‫‪‬‬
‫‪o‬‬
‫‪Active Directory‬‬ ‫‪o‬‬
‫‪registry‬‬ ‫‪o‬‬
‫‪‬‬
‫‪o‬‬
‫‪o‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪.‬‬


.
network access control 
RADIUS 
MAC Authentication

o
o


Secure
Configuration and Hardening

hardening standards 

(ICS/OT Vulnerability Management)




non-invasive invasive
contingency plan


(ICS/OT Patch Management)

‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪contingency plan‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬
‫‪‬‬

‫‪‬‬
‫‪ICS/OT‬‬
‫‪ICS/OT‬‬ ‫‪‬‬
‫‪ICS/OT‬‬
‫‪‬‬
‫‪‬‬
‫‪ICS/OT‬‬
‫‪‬‬



3846d1c4 Da85 40e3 804f A6735bd8dac8 GECC Implementation Guidelines Ar

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3846d1c4 Da85 40e3 804f A6735bd8dac8 GECC Implementation Guidelines Ar

Uploaded by

Copyright:

Available Formats

‫اﻟﺪﻟﻴﻞ اﻹرﺷﺎدي ﻟﺘﻄﺒﻴﻖ اﻟﻀﻮاﺑﻂ‬

‫اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪2‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪3‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺑﺴﻢ اﻟﻠﻪ اﻟﺮﺣﻤﻦ اﻟﺮﺣﻴﻢ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪4‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺑﺮوﺗﻮﻛﻮل اﻹﺷﺎرة اﻟﻀﻮﺋﻴﺔ )‪:(TLP‬‬

‫أﺣﻤﺮ – ﺷﺨﺼﻲ وﺳﺮي ﻟﻠﻤﺴﺘﻠﻢ ﻓﻘﻂ‬

‫ﺑﺮﺗﻘﺎﻟﻲ – ﻣﺸﺎرﻛﺔ ﻣﺤﺪودة‬

‫أﺧﻀﺮ – ﻣﺸﺎرﻛﺔ ﻓﻲ ﻧﻔﺲ اﻟﻤﺠﺘﻤﻊ‬

‫أﺑﻴﺾ – ﻏﻴﺮ ﻣﺤﺪود‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪5‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪6‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫‪Critical National Infrastructure‬‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪7‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﻣﻜﻮﻧﺎت وﻫﻴﻜﻠﻴﺔ اﻟﻀﻮاﺑﻂ اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫إدارة اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬ ‫اﺳﺘﺮاﺗﻴﺠﻴﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫اﻟﺘﺸﻔﻴﺮ‬ ‫ﺣﻤﺎﻳﺔ اﻟﺒﻴﺎﻧﺎت واﻟﻤﻌﻠﻮﻣﺎت‬

‫اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ اﻟﻤﺘﻌﻠﻖ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪8‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﻫﻴﻜﻠﻴﺔ اﻟﺪﻟﻴﻞ اﻹرﺷﺎدي‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪9‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫إرﺷﺎدات ﺗﻄﺒﻴﻖ اﻟﻀﻮاﺑﻂ اﻷﺳﺎﺳﻴﺔ ﻟﻸﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ‬

‫ﺣﻮﻛﻤﺔ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ )‪(Cybersecurity Governance‬‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪10‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪11‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪12‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪13‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪14‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪15‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪16‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪17‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪18‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪19‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ ﻋﺎم‬:‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‬ 20 ‫ أﺑﻴﺾ‬:‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪21‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪22‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫‪Vulnerabilities Assessment‬‬ ‫‪‬‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪23‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

Secure Configuration and Hardening

Technical Security Standards 

Secure Configuration and Hardening 

Secure Configuration and Hardening 

‫ ﻋﺎم‬:‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‬ 24 ‫ أﺑﻴﺾ‬:‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‬

Secure Coding Standards

Secure Coding Standards 

‫ ﻋﺎم‬:‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‬ 25 ‫ أﺑﻴﺾ‬:‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‬

Secure Configuration and Hardening

Secure Configuration and Hardening 

‫ ﻋﺎم‬:‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‬ 26 ‫ أﺑﻴﺾ‬:‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪27‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪28‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪29‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪30‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪31‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪32‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫‪Screening or Vetting‬‬ ‫‪‬‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪33‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪34‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪36‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬

‫ﺗﺼﻨﻴﻒ اﻟﻮﺛﻴﻘﺔ‪ :‬ﻋﺎم‬ ‫‪37‬‬ ‫إﺷﺎرة اﻟﻤﺸﺎرﻛﺔ‪ :‬أﺑﻴﺾ‬