CyberStrat – Standards and Regulations

“Cybercrime is the greatest threat to every company in the world”

We have created a security framework that is capable to answer the question of how secure an organisation is now by measuring and developing its capability to DISRUPT, SLOW DOWN AND FRUSTRATE the external and internal adversaries. This is a proven, practical, proactive, comprehensive and cost effective security methodology that help organisations avoid devastating breaches while delivering high-quality, innovative cyber security services and solutions that reduce risk across UAE.

This framework is 100% security focused and acts as a proven overlay for any other frameworks based on laws, regulations or standards that we use:

The UAE Information Assurance Standards (IAS) provides requirements for raising the minimum level of information assurance across all relevant entities in the UAE. The UAE IAS controls are mapped with controls of the following standards:

ISO/IEC 27005, to ensure that standard best practices are followed when implementing a risk management framework and performing risk assessment
ISO/IEC 27032, to ensure that organizations implementing an ISMS in accordance with ISO/IEC27001 will be aligned to the Governance guidelines of ISO/IEC 27032 once the scope of the ISMS is extended to include cyber security
NIST 800-53, to ensure alignment with industry best practices and technical controls for information and cyber security

ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). An ISMS includes people, processes and IT systems by applying a risk management process, and is a systematic approach to managing sensitive company information so that it remains secure.

ISO 22301 provides requirements for a best-practice business continuity management system (BCMS). A BCMS is a framework for organizations to update, control and deploy an effective BCM programme that helps them prepare for, respond to and recover from disruptive incidents. Implementing a BCMS includes the development of business continuity plans, taking into account organizational contingencies and capabilities, as well as the organisation’s individual business needs.

ISO/IEC 27032:2012 sets out the baseline security practices for stakeholders in the Cyberspace, and provides guidance for improving the state of Cybersecurity drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical information infrastructure protection (CIIP).

A secure SDLC process ensures that security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort.

Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data protection is the process of safeguarding important information from corruption, compromise or loss. Data privacy is the process concerned with the proper handling of data – consent, notice, and regulatory obligations.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

ISO 9001 sets out the criteria for a quality management system that can be used by any organisation, large or small, regardless of its field of activity.