logo

Baseline Cyber Security Controls

Home Policies & Controls Baseline Cyber Security Controls

Baseline Cyber Security Controls

The Baseline Cyber security Controls document has been developed by the National Cyber Security Center (NCSC) to provide entities in the Kingdom of Bahrain with essential set of controls. The controls cover a broad range of Cyber security topics and areas aimed to protect entity's networks, systems, and applications against cyber threats and attacks by building the foundation layer of security. The Baseline document contains seven domains as shown below:

cyberwiser
Domain 1: Cyber security Governance

Define the Cyber security goals and objectives, roles and responsibilities within the entity in respect to Cyber security. In addition to, ensuring the development of Cyber security policies and procedures, and implementing risk management process to ensure the business continuity within the entity.

Domain 2: Cyber security Training and Awareness

Develop Cyber security training and awareness programs for all employees including entity’s top management. The training programs provide the training paths for employees based on the nature of employees' jobs and tasks. The Cyber security awareness program includes campaigns, workshops and other related Cyber security activities.

Domain 3: Cyber security Defense

Provide various requirements to build multiple layers of defense against cyber threats to protect entity’s networks, systems and applications. The domain includes asset management, access control, vulnerability management and penetration testing, encryption, physical security and social media Cyber security.

Domain 4: Cyber security Incident & Log Management

Describe the requirements of managing Cyber security logs to help the entity detect Cyber security incidents. Furthermore, developing a Cyber security incident response plan to actively handling and managing Cyber security incidents.

Domain 5: Third-Party and Cloud Cyber security

Define the Cyber security controls to protect digital information when third parties granted access to the entity’s networks, systems and applications. The domain provides the Cyber security controls related to the usage of cloud services.

Domain 6: Cyber security for Operational Technology (OT) and Internet of Things (IoT)

Emphasizes the minimum Cyber security requirements to protect OT and IoT from cyber threats and attacks.

Domain 7: Audit

Outline the internal and external audit requirements to ensure the entity’s compliance with Cyber security controls, policies, and procedures.

Download