cyber attacks
"Cybercrime is the greatest threat to every company in the world"

We prevent cyber attacks by reinforcing foolproof cybersecurity practices into system’s software architecture

“When things don't work as they should, it often means that standards are absent.”

We use multiple security standards and regulations to assess the cybersecurity posture of an organization and answer the question of how secure it is right now. The assessment is based on CMM and RA which are proven, practical, proactive, comprehensive and cost effective methodologies.

The regulations and standards that we use are the foundation of our very own tailor-made services offering CARAT℠, and some are mandatory for CII entities:

UAE Security Standards and Regulations

UAE Information Assurance Regulation​

The UAE Information Assurance Regulation v1.1 (March 2020, replacing the UAE Information Assurance Standards v1.0) provides requirements for raising the minimum level of information security across all relevant entities in the UAE. The UAE IAR controls are mapped with controls of the following standards:

  • ISO/IEC 27001 (see below), ISO/IEC 27002, ISO/IEC 27010, to ensure that standard best practices are followed when implementing an ISMS across multiple sectors and all types of organizations (public, private, semi-private, enterprises, and SMEs)
  • ISO/IEC 27005 (see below), to ensure that standard best practices are followed when implementing a risk management framework and performing risk assessment
  • ISO/IEC 27032 (see below), to ensure that organizations implementing an ISMS in accordance with ISO/IEC 27001 will be aligned to the Governance guidelines of ISO/IEC 27032 once the scope of the ISMS is extended to include cyber security
  • NIST 800-53, to ensure alignment with industry best practices and technical controls for information and cyber security
  • ADISS v2 (see below)
  • SANS 20 Critical Security Controls for Effective Cyber Defense
National Cyber Risk Management Framework

NCRMF is a framework for identifying, assessing, treatment planning, monitoring and communicating critical National- and Sector-level cyber security risks. CII Sectors and their entities utilize the framework to provide Sector specific risk management plans.

Dubai Information Security Regulation

Dubai ISR encompasses 13 information security domains composed of specific controls and sub-controls, and is closely aligned with other International Information Security related Standards reflecting Dubai Government’s acknowledgement and recognition of the information security best practices stated therein. The Dubai ISR v2 has also includes distinctive items reflecting specific requirements within the context of The Dubai Government.

Abu Dhabi Information Security Standards

ADISS are issued in suport of the Abu Dhabi Information Security Policy, and aims at providing protection to the information assets owned and managed by the government of Abu Dhabi. ADISS v2 seeks to support the government’s vision of delivering services that are effective, efficient and which add tangible value.

Security Standards in Software Development

Secure Software Development

A secure software development process covering the entire life cycle (S-SDLC) ensures that security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort, and are performed regularly in production, and after major changes.

Some of the most important security standards for software development, beginning with the most critical:

KSA Security Standards and Regulations

SAMA Cybersecurity Framework

SAMA Cybersecurity Framework

The Cybersecurity Framework enables Financial Institutions regulated by SAMA to effectively identify and address risks related to cyber security, if used periodically to assess the maturity level and evaluate the effectiveness of the cyber security controls at organizations.

Obtain mandatory certifications and skills.

NCA Essential Cybersecurity Controls

NCA Essential Cybersecurity Controls

NCA developed the Essential Cybersecurity Controls to set the minimum cybersecurity requirements for national organizations included in its scope. 

Obtain mandatory certifications and skills.

International Security Standards and Regulations


ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). An ISMS includes people, processes and IT systems by applying a risk management process, and is a systematic approach to managing sensitive company information so that it remains secure. ISO/IEC 27002 gives guidelines for the best Information Security management practices that help an organization to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions.


ISO/IEC 27005 is a guide for information security risk management which complies with the concepts, models, and general processes specified in ISO/IEC 27001.

ISO/IEC 27032 CS

ISO/IEC 27032 sets out the baseline security practices for stakeholders in the Cyberspace, and provides guidance for improving the state of Cybersecurity drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical information infrastructure protection.


ISO/IEC 27035 provides guidance on aspects of information security incident management, specifically on the investigation of, and preparation to investigate, information security incidents.

Other International Standards and Regulations

ISO 22301 BCMS

ISO 22301 provides requirements for a best-practice business continuity management system (BCMS). A BCMS is a framework for organizations to update, control and deploy an effective BCM programme that helps them prepare for, respond to and recover from disruptive incidents. Implementing a BCMS includes the development of business continuity plans, taking into account organizational contingencies and capabilities, as well as the organisation’s individual business needs.

Data Protection, GDPR

Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data protection is the process of safeguarding important information from corruption, compromise or loss. Data privacy is the process concerned with the proper handling of data – consent, notice, and regulatory obligations.

Share on facebook
Share on linkedin
Share on whatsapp
Share on twitter
Share on telegram
error: Content is protected !!