​What is Cybersecurity?

Protection of networks, information technology systems, operational technology systems, and their hardware and software components, services provide thereby, and data contained therein, from any illegal penetration, disruption, modification, entry, use, or exploitation. Cybersecurity concept includes information security, electronic security, digital security, and so on.​

Why is Cybersecurity important?

iconAs the Kingdom is moving towards digital transformation in many sectors, seeking to be among digital economy global leaders by investing in technical sectors, CST, therefore, takes it upon itself to protect interests of ICT sector users as sustainability is everyone’s responsibility and part of CST culture. Further, CST continuously pursues to make a positive impact on society, preserve environment sustainability, and ensure safety of users by launching initiatives in line with cybersecurity international best practices.

Related Terms​​   

Information Asset(s):​
 Anything tangible or intangible that has value to the organization. There are many types of assets, and some of which include obvious things, such as: persons, machineries, utilities, patents, software and services. The term could also include less obvious things, such as: information and characteristics (e.g., organization’s reputation and public image, as well as skill and knowledge).
Any kind of malicious activity that attempts to achieve unauthorized access, collection, disabling, prevention, destroy or sabotage of the information system resources or the information itself
It is the function of defining and verifying access rights/privileges to resources related to organization’s information and technical assets security in general and to access control in particular. Maintaining authorized restrictions on access to and disclosure of information, including means of protecting privacy/personal information.
Critical System: 
Any system or network whose failure, unauthorized change to operation thereof, unauthorized access thereto, or to data stored or processed thereby may result in a negative impact on the organization’s businesses and services’ availability, or cause negative economic, financial, security, or social impacts on the national level.
Cyber Attack:
Intentional exploitation of computer systems, networks, and organizations whose work depends on digital ICT, in order to cause damage.
The interconnected network of IT infrastructure, including Internet, communications networks, computer systems and Internet-connected devices, as well as associated hardware and control devices. The term can also refer to a virtual world or domain such as a simple concept.
Cyber Risks:
Risks to organizational operations (Including vision, mission, functions, image or reputation), organizational assets, individuals, other organizations, or the nation due to the potential of unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. 

​​​​What is CST’s cybersecurity role?

In accordance with the Telecommunications and information technology Act, CST’s Bylaw and CST powers granted thereby, including those related to protecting public and users interests, maintaining ICT confidentiality, CST's role is to raise cybersecurity maturity in ICT sector in the Kingdom and boost service providers confidence in taking all necessary measures. Strengthening and regulating cybersecurity has become greatly important in order to increase confidence in safety of ICT services resilience, protect public and users interest, and to maintain ICT confidentiality in accordance with highest quality and security standards, as well as to raise overall sectoral cybersecurity maturity. CST has issued the Cybersecurity Regulatory Framework (CRF) for service providers in the ICT sector, which contains a comprehensive set of cybersecurity requirements and controls. CRF provides requirements for improving the management of cybersecurity risks through an approach consistent with best global practices and local cybersecurity frameworks, to promote cybersecurity best practices for ICT service providers. This will reflect on raising confidence in integrity of service providers’ infrastructure, in addition to supporting regulatory framework to adopt a risk management methodology to meet cybersecurity requirements, encourage service providers to adopt best practices to develop appropriate cybersecurity measures, raise service providers’ readiness against cyber-attacks, and to ensure confidentiality, safety and availability of services provided to their clients. ​


The ​ICT sector is a key pillar of economic growth, providing basic competitiveness of national economy through high-speed broadband, electronic ​services, and information assets. Given the increasing expectations for continued availability of services and transparency of user experience, as well as effectiveness of protecting critical systems and data, strengthening cybersecurity in the Kingdom has become extremely important to increase confidence of digital nation in safety and resilience of the ICT sector infrastructure and services.