3.3.4 Cyber Security Architecture
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
The Member Organization should define, follow and review the cyber security architecture, which Outlines the cyber security requirements in the enterprise architecture and addresses the design principles for developing cyber security capabilities.
Objective
To support the Member Organization in achieving a strategic, consistent, cost effective and end-to-end cyber security architecture.
Control considerations
| 1. | The cyber security architecture should be defined, approved and implemented. | |
| 2. | The compliance with the cyber security architecture should be monitored. | |
| 3. | The cyber security architecture should include: | |
| a. | a strategic outline of cyber security capabilities and controls based on the business requirements; | |
| b. | approval of the defined cyber security architecture; | |
| c. | the requirement of having qualified cyber security architects; | |
| d. | design principles for developing cyber security controls and applying cyber security requirements (i.e., the security-by-design principle); | |
| e. | periodic review of the cyber security architecture. | |