Menu
We prevent cyber attacks by reinforcing foolproof cybersecurity practices into system’s software architecture
“When things don't work as they should, it often means that standards are absent.”
We use multiple security standards and regulations to assess the cybersecurity posture of an organization and answer the question of how secure it is right now. The assessment is based on CMM and RA which are proven, practical, proactive, comprehensive and cost effective methodologies.
The regulations and standards that we use are the foundation of our very own tailor-made services offering CARAT℠, and some are mandatory for CII entities:
The UAE Information Assurance Regulation v1.1 (March 2020, replacing the UAE Information Assurance Standards v1.0) provides requirements for raising the minimum level of information security across all relevant entities in the UAE. The UAE IAR controls are mapped with controls of the following standards:
NCRMF is a framework for identifying, assessing, treatment planning, monitoring and communicating critical National- and Sector-level cyber security risks. CII Sectors and their entities utilize the framework to provide Sector specific risk management plans.
Dubai ISR encompasses 13 information security domains composed of specific controls and sub-controls, and is closely aligned with other International Information Security related Standards reflecting Dubai Government’s acknowledgement and recognition of the information security best practices stated therein. The Dubai ISR v2 has also includes distinctive items reflecting specific requirements within the context of The Dubai Government.
ADISS are issued in suport of the Abu Dhabi Information Security Policy, and aims at providing protection to the information assets owned and managed by the government of Abu Dhabi. ADISS v2 seeks to support the government’s vision of delivering services that are effective, efficient and which add tangible value.
A secure software development process covering the entire life cycle (S-SDLC) ensures that security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort, and are performed regularly in production, and after major changes.
Some of the most important security standards for software development, beginning with the most critical:
ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). An ISMS includes people, processes and IT systems by applying a risk management process, and is a systematic approach to managing sensitive company information so that it remains secure. ISO/IEC 27002 gives guidelines for the best Information Security management practices that help an organization to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions.
ISO/IEC 27005 is a guide for information security risk management which complies with the concepts, models, and general processes specified in ISO/IEC 27001.
ISO/IEC 27032 sets out the baseline security practices for stakeholders in the Cyberspace, and provides guidance for improving the state of Cybersecurity drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical information infrastructure protection.
ISO/IEC 27035 provides guidance on aspects of information security incident management, specifically on the investigation of, and preparation to investigate, information security incidents.
ISO 22301 provides requirements for a best-practice business continuity management system (BCMS). A BCMS is a framework for organizations to update, control and deploy an effective BCM programme that helps them prepare for, respond to and recover from disruptive incidents. Implementing a BCMS includes the development of business continuity plans, taking into account organizational contingencies and capabilities, as well as the organisation’s individual business needs.
Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data protection is the process of safeguarding important information from corruption, compromise or loss. Data privacy is the process concerned with the proper handling of data – consent, notice, and regulatory obligations.