Forming part of the opening announcements for GISEC GLOBAL 2024 in Dubai this week, the Dubai Electronic Security Center (DESC) launched a number cybersecurity projects and policies aimed at bolstering digital security standards in Dubai. These initiatives, aligned with the Dubai Electronic Security Index, signified DESC’s commitment to promoting a competitive cybersecurity environment among government entities and advancing progress in the field.
H.E. Amer Sharaf, CEO of Dubai Electronic Security Center, highlighted the significance of these initiatives in cementing Dubai’s position as a digital leader and emphasised the importance of showcasing Dubai’s achievements and exchanging experiences with global partners.
DESC’s projects include “ASAAS,” providing cyber threat information, and policies like the Telecommunication Security Standard and Cloud Security Policy, aimed at bolstering security in critical sectors. With DESC’s participation for the 7th consecutive year at GISEC GLOBAL, the event served as a unique platform for showcasing innovations to a global audience.
H.E. Amer Sharaf, said: “The Dubai Electronic Security Center plays a central role in securing the digital ecosystem in Dubai, and provides the necessary tools and enablers that cements Dubai position as a destination of choice for attracting FDIs in line with Dubai Economic Agenda, D33, and Digital Dubai Strategy. Through our participation in the 13th edition of GISEC Global 2024, we aim to enhance interaction with regional and global partners. This involves exchanging experiences, and showcasing Dubai’s achievements in this field. As part of these efforts, we have launched several important initiatives, including “ASAAS”, a pioneering project that provides comprehensive and reliable information crucial for understanding and effectively auditing, and monitoring cyber threats.”
Dr. Bushra Al Blooshi, Director of Cybersecurity Governance Risk Management Department said: “The Center’s projects and initiatives revolve around enabling the safe use of emerging technologies and ensuring a secure digital environment in Dubai. This is achieved by empowering stakeholders in areas of risk prevention and cyber challenges, while also enabling entities and individuals to take the right proactive measures. We are pleased to participate in this important annual event, as we launched a package of projects and policies that were developed by Emirati minds to consolidate Dubai’s global position and enhance its digital economy”.
Innovative Projects launched by DESC includes:
Advanced Security Audit & Assurance (ASAAS) Provides information on compliance and maturity of applied regulations. It also accelerates the audit process and increases coverage to include more methodologies, procedures, and common practices. In addition, any future adjustments in the regulations and the methodologies used by auditors can be achieved.
Telecommunication Security Standard – The Telecommunication Security Standard provides key practices in information security to be adopted by telecommunication service providers, and presents the minimum requirements for information security controls in the telecom sector. It intends to ensure an appropriate level of Confidentiality, Integrity and Availability for critical information handled within telecommunication service providers and establishes a security baseline that is applicable to a common level of information security. The key aspects of the Telecommunication Security Standard includes Dubai’s first telecommunication security standard that covers the sector from a holistic view, alignment to ISR and relevant ISO, ITU and other industry standards etc. Addresses controls regarding IoT, cloud computing and other telecom specific aspects, prevents storing / processing of entity critical information outside the boundaries of the UAE, including cloud services, introduction of minimum security and compliance requirements for externally managed services, Introduction of data center security controls, and Incorporated cyber resilience framework requirements as part of the business continuity process”.
Cloud Security Policy (including consumer guidelines for government: The Dubai Electronic Security Center (DESC) has developed the Cloud Service Provider (CSP) Security Policy to define requirements for cloud service providers, certification bodies, and cloud consumers. This initiative, encompassing a certification program for CSPs of Dubai’s government, semi-government, and CII entities, adheres to global standards.
The updated CSP document aims to make CSP certification more straightforward for all stakeholders engaged in the certification program, ensuring data protection and offering comprehensive implementation guidelines. This initiative enhances security in the cloud and optimises the compliance process, contributing to a more secure and resilient cloud environment in Dubai.
SOC Security Policy: DESC’s Security Operations Center (SOC) Security Policy outlines requirements and guidance for SOC providers offering their services to government, semi-government, and critical information infrastructure sectors, simplifying the certification with its internationally recognised framework. This ensures a streamlined process for SOC service providers to utilise their existing certifications, optimising compliance in security operations while supporting a thriving cybersecurity industry.
This SOC Security Policy is designed for SOC service providers, certification bodies, and SOC consumers. It provides supportive guidelines for implementing the SOC Security Standard, outlines the certification process, and includes minimum requirements for SOC consumers.
ISR Ver 3.0 Highlights
The Dubai Government Information Security Regulation provides key practices in information security to be adopted by all Dubai Government Entities and the technology neutral framework presents the minimum requirements for information security controls. It intends to ensure an appropriate level of Confidentiality, Integrity and Availability for critical information handled within Dubai Government Entities.
IoT Security Standard Ver 2.0
IoT comprises a large ecosystem of interconnected services and devices, such as sensors, actuators, gateways, smart home objects, car components, and industrial and health components. These technologies collect, exchange and process information, which needs protection. The protection of IoT deployments depends on the protection of all layers involved (organisation, application, platform, and device layer). Addressing these challenges and ensuring security in IoT products and services is a fundamental priority for the maintenance of cyber security in Dubai. The first version of the IoT security standard was published in 2018. This updated version adopts the same structure but with the addition/extension/ modification of a number of controls as is needed by the ever-changing security landscape of IoT.
The 13th edition of GISEC Global featured the participation of over 750 entities, showcasing their innovations to more than 20,000 expected visitors from 130 countries.
MySecurity Media were pleased to be media partners. Image: H.E. Dr. Mohamed Al-Kuwaiti, Head of Cyber Security, UAE Government presenting at the opening session of GISEC Global 2024.