Cybersecurity Policy
Review the Cybersecurity Policy
Cybersecurity Policy
|
1 |
General statements |
|
|
|
Cybersecurity Department must define and develop cybersecurity policies, technical standards, regulatory frameworks, and procedures and methodologies, based on the results of risk assessments, and in a manner that ensures circulating cybersecurity requirements and the compliance of SERA with them as per its business regulatory requirements in SERA and other relevant legal and regulatory requirements. These policies must be approved by Author and circulated to SERA's concerned personnel and relevant parties. The above includes: |
|
|
1.1 |
Cybersecurity Strategy to create cybersecurity action plans, objectives, initiatives, programs, and projects and ensure their effectiveness within SERA to achieve strategic objectives and meet the relevant legal and regulatory requirements. |
|
|
1.2 |
Cybersecurity Policies and Procedures to ensure the documentation and circulation of cybersecurity requirements and the SERA’s compliance with them as per its business regulatory requirements and other relevant legal and regulatory requirements. |
|
|
1.3 |
Cybersecurity Roles and Responsibilities to ensure that roles and responsibilities are clearly defined for all the parties involved in implementing cybersecurity controls in SERA |
|
|
1.4 |
Cybersecurity Risk Management Methodology to ensure that cybersecurity risks are methodically managed to protect SERA’s information and technology assets as per SERA’s regulatory procedures and policies and other relevant legal and regulatory requirements. |
|
|
1.5 |
Cybersecurity Awareness and Training Program to ensure that SERA 's personnel have the necessary cybersecurity awareness and understand their cybersecurity responsibilities while ensuring that they are provided with the skills, qualifications, and specialized training that fit their field of work in SERA and that are required in the field of cybersecurity, to protect SERA’s information and technology assets and carry out their cybersecurity responsibilities. |
|
|
|
1.6 |
It is essential to separate any conflicts between tasks and responsibilities to minimize the chances of unauthorized or unintentional modifications or misuse of the SERA's assets. |
|
1.7 |
There must be a clear separation between the entity that requests initiatives and the entity that is delegated to implement them. |
|
|
1.8 |
If segregation of duties is difficult, consider using other controls such as monitoring activities, audit paths, and administrative supervision. |
|
|
2 |
Other requirements |
|
|
|
2.1 |
Cybersecurity Department has the right to access the needed information and collect the necessary evidence to ensure compliance with the relevant legal and regulatory requirements. |
|
2.2 |
The general cybersecurity policy should be reviewed annually, and changes documented and approved or in case any changes happen in legislative or regulatory requirements or related standards. |
|