In light of its role in enabling digital transformation, the Ministry of Finance has developed its cybersecurity strategy, that directly contributes to raising its cybersecurity maturity level. This has been implemented through adhering to relevant national standards such as controls and legislation issued by the National Cybersecurity Authority, and in line with international standards such as ISO27001 Information Security Management System to protect the national financial system, improve incident response readiness, provide safe and reliable national financial services to beneficiaries, and strengthen the Kingdom's position regionally and internationally as per the following:
- Controls and Guidelines issued by the National Cybersecurity Authority (Click here)
- International Standards for Information Security ISO27001 (Click here)
- Supporting the national cybersecurity strategy that seeks a safe and reliable Saudi cyberspace that enables growth and prosperity (Click here).
Cybersecurity pillars at the Ministry:
1. Enabling the principle of proactive governance
2. Simplifying cybersecurity
3. Spreading cybersecurity culture
4. Strengthening Cyber Risk Management
5. Ensuring the protection of information assets
The Ministry of Finance's portal relies on a set of security standards that ensure the confidentiality of all information displayed, stored or exchanged with other parties. The security mechanisms applied in the portal include:
1. Accredited digital certificates. Adopting such digital certificates by high credibility bodies offers a secure and confidential exchange of information between the Ministry of Finance e-portal systems. All sent and received data between the portal systems are encrypted, which prevents any access to the data to guarantee their confidentiality. The Ministry of Finance e-portal is using one of the best international companies in the field, the Entrust Company. These certificates encrypt information by using complex encryption algorithms to fully encrypt this type of information. In addition, Entrust has worked to provide the portal with a certificate to be posted on the e-portal to indicate the high degree of security enjoyed by the portal.
2. Encrypting stored information. In addition to encrypting information during sending and receiving information from and to the portal, the information stored in the databases will also be encrypted such as passwords and highly confidential information. This would prevent even those who have access to the portal databases from reading or changing this information.
3. Imposing high restrictions on passwords. The Ministry of Finance e-portal uses techniques that include passwords with appropriate complexity that ensures that weak passwords are not used in registration information. This ensures that passwords are not used by unauthorized persons and thus prevents access to information of others without proper permission or authority.
4. The e-portal imposes a high degree of security on all the portal's systems and servers in the information center of the Ministry of Finance. The center is equipped with the latest protection devices, and the best anti-virus software on all the portal's servers.