NESA UAE Information Assurance Standards
We are often asked to implement NESA UAE IAS and we include ISO/IEC 27001:2013 compliancy as well, for we have seen the synergy of these two standards and the benefits for our clients. There is a complete mapping between clauses and control objectives of ISO/IEC27001:2013, ISO/IEC27002:2013 and controls in NESA UAE IAS, therefore a natural course at the end of this implementation would be to pursue the ISO/IEC 27001:2013 certification with a reputable Certification Body.
Why is this step needed?
- ISO/IEC27005, to ensure that we follow the standard best practices when implementing the risk management framework and performing the risk assessment.
- ISO/IEC27032, and we know that organizations implementing an ISMS in accordance with ISO/IEC27001 will be aligned to the Governance guidelines of ISO/IEC27032 once the scope of the ISMS is extended to include cyber security.
- NIST 800-53, to ensure industry best practices and technical controls for information/cyber security.
In the last phase of the project we provide security awareness for end users and training for IT and information security teams involved in software development, network security, security operations and incident response.
After having implemented NESA UAE IAS and ISO/IEC27001:2013 in five companies across different sectors, here is what I believe is needed for a smooth implementation:
From the Compliance Consulting
- Recommendations: client names, and testimonials of successful implementations across different critical sectors
- Experienced consultant: full implementations of NESA UAE IAS combined with security professional and risk management certifications, as well as certifications on ISO/IEC27001 and ISO/IEC27032
- Experienced Red & Blue Team
From the Client
- Resources: ISMS manager, information/cyber security officer, risk assessor, IT team, compliance officer, auditor, to provide input and review the documentation, as well as to implement mitigation controls, monitor and audit the ISMS
- Budget: only needed when critical security technologies are missing
NESA UAE Information Assurance Standards
Why is this step needed?
- ISO/IEC27005, to ensure that we follow the standard best practices when implementing the risk management framework and performing the risk assessment.
- ISO/IEC27032, and we know that organizations implementing an ISMS in accordance with ISO/IEC27001 will be aligned to the Governance guidelines of ISO/IEC27032 once the scope of the ISMS is extended to include cyber security.
- NIST 800-53, to ensure industry best practices and technical controls for information/cyber security.
After having implemented NESA UAE IAS and ISO/IEC27001:2013 in five companies across different sectors, here is what I believe is needed for a smooth implementation:
From the Compliance Consulting
- Recommendations: client names, and testimonials of successful implementations across different critical sectors
- Experienced consultant: full implementations of NESA UAE IAS combined with security professional and risk management certifications, as well as certifications on ISO/IEC27001 and ISO/IEC27032
- Experienced Red & Blue Team
From the Client
- Resources: ISMS manager, information/cyber security officer, risk assessor, IT team, compliance officer, auditor, to provide input and review the documentation, as well as to implement mitigation controls, monitor and audit the ISMS
- Budget: only needed when critical security technologies are missing
See also: