National Cyber Security Framework ManualFull description
Descripción: National Cyber Security Framework Manual
Full description
NESA UAE Information Assurance Standards _ Dionach
Descripción: This Guiding Framework is designed to outline key elements and instruments of the policy process through all the five National Urban Policy (NUP) phases: feasibility, diagnosis, formulation, implem...
Add your Company to the Directory: http://directory.qatarguidebook.com Qatar Online Business Directory, qatar yellow pages directory, qatar business directory 2009, qatar yellow pages
Ce rapport présente un ensemble d'informations concernant l'assurance islamique TAKAFUL Axe 1: Assurance conventionnelle Axe 2 : business Model Axe 3 : Vision de la charia Axe 3 : Assura…Description complète
Flow Assurance
aaaaaaaaaaaaaaaaFull description
National Economic and Development Authority - Regional Development Staff NPFP 2016-2045 DRAFTFull description
The National Institute of Standards and Technology (NIST) has issued a framework to provide guidance for organizations within critical infrastructure sectors to reduce the risk associated with cy...Full description
National Information Assurance Framework
Qatar
Ministry Of Information and Communication Technology
2
What is Q-CERT? Qatar's National Center for Information Security
An ictQATAR initiative
Works with organizations who deliver critical services in Qatar
Q-CERT A leader in Qatar and the region in promoting IT security standards, practices, products and services to
improve the security critical
IT infrastructure
A trusted confidant partner in
responding to cyber security
vulnerabilities es reporting incidents and providing threat and vulnerabiliti
A leader in
building the cyber security awareness skills and
human capacities in the country
4
Our Approach We encourage all organizations to have an Information Security Risk Management program in place We work directly with organizations who provide critical services to the nation We help organizations to improve their cybersecurity capability and capacity Q-CERT never discusses discusses the confidential information it receives There is no charge for Q-CERT services - designed to complement private sector, not compete with it
The need of Information Government Information Security Management System Assurance Survey Increasing Reliance on ICT
Baseline Policy & Standards
New Emerging Risks Auditing Model No Security Baseline standards Insufficient trained resources
Certified Training
6
Emerging Risks
Changing Political Scenario
Arab Spring
Qatar’s prominent role in International Arena
Changing Economic Scenario
Country with highest per capita income
International Sporting Events
Hacktivism
Sophisticated Attack Vectors
Insider Threats
Changing Legislative landscape
Data Privacy Law*
Critical Information Infrastructure Protection Law*
Business Model of Information Security
Challenges
Cultural Issues
Pre-set Mindset: Peaceful and secure environment
Lack of Awareness
Lack of Support
Lack of Resources
8
National Information Assurance Framework
9
Qatar Information Assurance Framework Electronic Commerce & Electronic Signatures Law Cyber Crime Law (MOI) Data & Privacy Protection Law Critical Information Infrastructure Protection Law Anti-Spam Policy s e i c i l o P
Qatar National Information Assurance Policy Asset Classification Policy Banking Supervision rules (QCB) Cloud computing Security Small Data Center Security guideline
s d r a d n a t S
Blackberry Security Policy (Mobile Security)
Health Assurance Policy
SCADA Security Guidelines Information Security for Schools Policy Web Hosting Security Framework
s e n i l e d i u G
Technology Standards Best Practices GOVERNMENT
Technology Standards Best Practices
NON-GOVERNMENT CRITICAL INFRASTRUCTURE
Security Guidelines/ Tips General Public
10
Policies-Standards-Guidelines
National Cryptography policy
Accreditation Accreditat ion and Certification Certification Framework Framework
Public WiFi Security Policy
BYOD Security Policy
IOS Security Policy (Apple devices Security)
11
Cyber Crime Law
categories of criminal activity:
Crimes against the
Confidentiality, Integrity and Availability of Computer Data and Systems
Computer-related offences
Content-related offences
Offences related to infringements of Copyright and Related Rights
12
Data & Privacy Protection Law (1)
Promotes the protection of the personal privacy of individuals, including children, with regard to
the processing of personal information in the State of Qatar;
Promotes the economic interests of the State of Qatar, particularly in relation to entrepreneurship, innovation and economic development;
Adheres to the international obligations obligations accepted by the State of Qatar Qatar and promotes global privacy interoperability so as to enable the free flow of information;
Promotes trust in interaction with digital environments; and
Minimises and simplifies regulations for the benefit of both businesses and consumers, including encouraging self-regulation through voluntary codes of conduct.
Q-CERT
13
Data & Privacy Protection Law (2) •
Rights of Individuals The right to object to the processing of any personal information about that individual for a primary purpose
•
The right to withdraw consent to the processing of any personal information about that individual for a secondary purpose
•
•
The right to the removal or erasure of personal information about that individual The right to the correction, removal or erasure of inaccurate personal information
Q-CERT
14
CIIP Law (1)
Reinforce security and resilience of critical information and
communication technology infrastructure
Eliminate /reduce security breaches on critical sectors’ information
Ensure that critical infrastructures in the country are less vulnerable
to braches and disruptions
Ensure fast resumption of operation in event of breach or disruption
Ensure that businesses are well equipped to cope with incidents of
breaches Q-CERT
15
CIIP Law (2)
Should have CSOs
CSOs shall incorporate and insure Incident Management Controls Business Continuity Controls engage in sector wide co-operation co -operation and collaboration Information Security Program is independently i ndependently audited
CSO shall be subject to a financial penalty of the equivalent of (One hundred
thousand Qatari Riyals) per week until the CSO conformance is approved.
Q-CERT
16
Critical Sectors Sectors are deemed critical when their incapacitation or destruction would have a debilitating impact on the national security and social well-being of a nation
17
Cant call for help
18
Am I critical ?
What is NIA Policy
Approved by the Board of Government Information ictQATAR What is GIAand has been sent Assurance Survey to Council of Ministers. Formulated from most common
international standards/best practices Allows straight forward path for certification against other standards e.g. ISO27001 Maps well with established standards such as ITIL
Adopted
NIA Policy is…
Step 1: Identify key processes and their owners in the organization.
Step 2: Identify process dependencies: information, applications, systems, networks, etc.
Step 3: Determine the security classification for each information asset using table
Step 4: Record the full classification
Assets Classification
Q-CERT provides you Government Information Whatconsultation is GIA and subject matter advice on information security. Assurance Survey Courses are developed to assist stakeholders in implementing an ISMS using NIA Policy. Tools developed to assist you in implementation, audit and
compliance process All the material including NIA Policy documents and courses are available in Arabic
Q-CERT comprehensive
support towards adopting NIA
Government Information What is GIA Assurance Survey