Cyber Trust Program
The Kingdom of Bahrain has witnessed substantial progress in the information technology sector. Providing services and exchanging, storing, and using information electronically has become fundamental means of work at all entities. It is, therefore, imperative to uphold the confidentiality, integrity, and availability of information to gain the confidence of its constituents.
This necessitated developing a framework aimed at assuring information security in all entities at a national level in a uniform manner yet appreciating the differences in environments. As such, the NCSC has designed a new framework titled ‘Cyber Trust Program,’ which defines a framework to enable all entities, especially CNI entities within the kingdom, to improve information security assurance, to have a unified, methodical, approach to information security, and to be able to determine cyber security maturity within the respective entities.
The program’s main objectives are to enhance risk protection, support the continuous development of national capabilities in information security, raise awareness of cyber security among employees, enhance the management of cyber security knowledge, improve Bahrain's regional and global positions in cyber security and evaluate cyber security levels at entities.
The CTP consists of four levels of maturity, and they consist of:
Practitioner Level
This level provides essential security protection against cyber-attacks and enhances cybersecurity in SMEs considering their limited resources. This level targets Small-Medium Enterprises (SMEs).
Progressive Level
This entity has achieved initial maturity concerning process, technology, and people requirements associated with information security. Most importantly, this level reflects active efforts by the entity to prevent the overall security situation from deteriorating and is well on its way to building an information security culture on an organizational level.
Professional Level
Entities at the "Professional" level have implemented an extended set of cybersecurity practices leading to increased confidence. The entity has reached a high level of maturity of experience, practices, and awareness of information security, and its ability to respond to information security threats and incidents is greatly improved.
Expert Level
Entities at the "Expert" level have the highest cybersecurity maturity level adhering to a broader range of cybersecurity requirements. They are well-positioned to lead in cybersecurity best practices. The entity takes a leading role in promoting and sharing good cybersecurity practices with other entities.