Enabling GRC Technology to Thwart Cyber Security in the UAE
In 2014, the National Electronic Security Authority (NESA) in the United Arab Emirates (UAE) announced strategies, policies, and standards to direct and align national cyber-security efforts. NESA is a UAE federal authority that operates under the Supreme Council for National Security and is responsible for setting guidelines and mandatory compliance expectations for government and critical national service entities.
NESA Compliance Requirements
The consequences of cybercrime can be significant. Breaches can cause serious reputation damage, employees can lose jobs, and financial losses can occur. Nearly 80% of the UAE companies expect cybersecurity to increase over the next two years(1).
This threat of critical data loss is one of the main reasons why NESA compliance requirements were introduced. NESA recommends all organizations begin compliance with thorough risk assessments and business impact analyses. This will help an organization identify its critical assets and enables management to address security control-related issues. It is important to note that the level of information infrastructure risk an organization is facing will determine how closely NESA regulators will search for assurance that risks are adequately and appropriately addressed.
A software solution to support the management of cyber security processes
Nasdaq BWise recognizes the significance of managing cyber risk, protecting an organizations assets, and reporting on it. As a result, the Governance, Risk, and Compliance software solution is able to incorporate the NESA framework into its solution to develop the means to sustain its risk management practices. For example, the BWise information security solution offers the framework to support the management of cyber security processes (e.g., business impact analysis, identification, assessment, treatment, management, monitoring, reporting), but can streamline specific activities such as the seamless integration of threat and vulnerabilities data from customer systems into BWise for assessment and analysis. Other BWise solutions, like business continuity, offer integrating ways to view complementary cyber risk management activities in a holistic manner.
The NESA framework provides a set of recommendations recognizing that organizations have varying needs and risk management practices. Nasdaq BWise offers a scalable approach to the facets of its solutions. This enables UAE organizations to manage their cyber exposures based on the maturation of their risk management activities as well as their unique risks, threats, vulnerabilities, governance model, and tolerances.
Moreover, NESAs validation for organizational and business compliance lends itself well to the GRC software solutions. This includes:
- Reporting, to substantiate the risk and control environment (including self-assessments)
- Auditing, to affirm the accuracy of details supporting any reporting conclusions
- Testing, to demonstrate the efficacy of the management and control environment
(1) Arabianbusiness.com - UAE ranks low in global cyber security breaches report (2016)