In September 2017, the vice president and prime minister of the UAE, Sheikh Mohammed bin Rashid Al Maktoum, launched the Dubai Cyber Security Strategy, a five-step guide to improving data breach prevention and response.
The strategy aims to help organisations understand the immediate steps they can take to protect their information as well as the ways they can contribute to nationwide initiatives.
The five steps are:
1. Cyber smart society
Raising awareness of cyber security means more people will become interested in the industry and develop the necessary skills and capabilities to prevent information security incidents.
With the rapidly changing threat landscape, it’s essential that organisations continually develop new defence strategies.
3. Cyber security
Controls must be implemented to protect the confidentiality, integrity and availability of information.
4. Cyber resilience
Traditional cyber security is proving increasingly inadequate. It’s no longer sufficient to assume that you can defend against any potential attack; you must accept that attacks will inevitably succeed. An organisation’s ability to respond to these incidents quickly and with minimum disruption is becoming a critical survival trait.
5. National and international collaboration
Organisations should make use of and contribute to threat-sharing intelligence where possible. By pooling resources, organisations and the government will have a greater understanding of threats and how to prepare for them.
Do your part
The Dubai Cyber Security Strategy has enjoyed a lot of success since it launched. Speaking at the Hack In The Box Security Conference in December 2018, Director General Yousuf Hamad Al Shaibani said that the strategy aims to strengthen Dubai’s position as a world leader in innovation, safety and security.
“Promoting cyber security research and innovation is a pillar of the Dubai Cyber Security Strategy which will create new jobs and investment opportunities. Rather than viewing it as a challenge, we see it as an opportunity to call for greater collaboration with the private sector to ensure that Dubai remains a global centre of excellence – a cyber smart society with a free, fair and secure cyber space that is able to manage the risks it faces while maintaining flexibility and growth,” he added.
However, holding the strategy back is its lack of detailed advice on how to meet its aims. For that advice, organisations should turn to ISO 27001, the international standard for information security.
ISO 27001 provides comprehensive guidance on how to create an ISMS (information security management system) in line with best practices. By following its advice, you’ll be able to create a system of information security policies, processes and technologies that can be managed from one place.
The Standard is fast becoming one of the most widely used cyber security solutions in the Gulf, with huge increases in the number of organisations adopting it between 2012 and 2017:
- Qatar: 457%
- UAE: 259%
- Bahrain: 60%
- Saudi Arabia: 50%
- Kuwait: 24%
- Oman: 20%
Getting started with ISO 27001
We recommend you begin by downloading Information Security & ISO 27001: An introduction. This free green paper explains the Standard in more detail, and makes the case for why you need to follow its requirements.
Whatever the nature or size of your problem, we are here to help.
For more advice or guidance on implementing ISO 27001, please contact our team.