qatars nia policy program
TRANSCRIPT
The National Information
Assurance (NIA) Policy Program
Samir Pawaskar
Head- Cyber Security Policy and Standards
NIA Policy: Why do we need this?
• It is a connected world!
• More and More services are being provided
online
• Continuous evolving and powerful technology
available to everybody at a cheap price
• With every opportunity come Risk.
• Your business is at RISK!
Emerging Risks• Changing Political Scenario
– Volatile Political situation in Region
– Qatar’s prominent role in International Arena
• Changing Economic Scenario
– Country with highest per capita income
– International Sporting Events
• Hacktivism
• Sophisticated Attack Vectors
• Insider Threats
• Changing Legislative landscape
– Proposed Data Privacy Law* proposed information Privacy and
Protection Law.
– Critical Information Infrastructure Protection Law*
Real IncidentsYear Incident
2012 Main players in Oil & Gas industry in Qatar have been
impacted by major cyber attacks.
2013 Major attack targeting TLD “Top Level Domains” which
resulted in interrupting e-commerce websites in Qatar.
2014 Many DDOS attacks targeting Financial and Energy
sectors in state of Qatar.
Security Governance &
Processes
Governance Structure [IG]
Risk Management [RM]
Third Party Security Management
[TM]
Data Labeling [DL]
Change Management [CM]
Personnel Security [PS]
Security Awareness [SA]
Incident Management [IM]
Business Continuity Management
[BC]
Logging & Security Monitoring [SM]
Data Retention & Archival [DR]
Documentation [DC]
Audit & Certification[AC]
Technical Control Areas
Communications Security
[CS]
Network Security [NS]
Information Exchange [IE]
Gateway Security [GS]
Product Security [PR]
Software Security [SS]
System Usage Security [SU]
Media Security [MS]
Access Control Security [AM]
Cryptographic Security [CY]
Portable Devices & Working
Off-Site Security [OS]
Physical Security [PH]
Virtualization [VL]
National Information Assurance Manual
National Information Classification Policy
National Information Assurance PolicyApproved and vetted
by Council of Ministers, National Information Security Council.
Formulated from most
common International standards/best practices.
Adopted by leading
organizations in government, finance and energy sectors.
NIA Policy Program: Alignment to
National Strategies
The NIA Policy Program is very well aligned to establishing the objectives
set in:
ictQATAR 2015 Improving Connectivity
Boosting Human Capacity
National Cyber Security Strategy Establish a legal and regulatory framework to enable a safe and vibrant cyberspace;
Develop and cultivate national cyber security capabilities.
Qatar National Vision 2030 Economic Development
Human Development
4/14/2015 8
NIA Policy Program
4/14/2015 9
Training & Awareness
Providing Support
(Tools & Consulting)
Mapping to Internation
al Standards
Program with
Vendors / Business
Review Standards
Compliance Program
The Success StoryThrough the NIA Policy Program we have been able to:
Raise IS Governance Raised IS maturity / awareness in the critical sectors.
A number of organizations have adopted NIA Policy for implementing ISMS
Build Human Capacity Trained (more than 300) and Certified (nearly 200) information security professionals on NIA
Policy Implementation.
Enable the IS market New companies focused on information security are coming up to leverage the capacity gap
in the market
Existing companies are gearing up to offer services aligned to NIA Policy
Spur Innovation in Cyber Security Local IS companies are building products and aligning their services / offerings to NIA Policy
International products are vying to ensure that their offerings meet NIA Policy requirements
Create Job Opportunities Organizations are ramping up their organization structure to include IS positions
Consulting organizations are creating jobs for people experienced on NIA Policy.
4/14/2015 10
Thank You
• Any Questions?
• If you have any further queries, we would be
glad to help you clarify it.
• You could send your questions to us at
Mr. Samir Pawaskar, Head - CS Policy and
Standards