In 2014, the National Electronic Security Authority (NESA) in the United Arab Emirates (UAE) announced strategies, policies, and standards to direct and align national cyber-security efforts. NESA is a UAE federal authority that operates under the Supreme Council for National Security and is responsible for setting guidelines and mandatory compliance expectations for government and critical national service entities.
NESA Compliance Requirements
The consequences of cybercrime can be significant. Breaches can cause serious reputation damage, employees can lose jobs, and financial losses can occur. Nearly 80% of the UAE companies expect cybersecurity to increase over the next two years[1].
This threat of critical data loss is one of the main reasons why NESA compliance requirements were introduced. NESA recommends all organizations begin compliance with thorough risk assessments and business impact analyses. This will help an organization identify its critical assets and enables management to address security control-related issues. It is important to note that the level of information infrastructure risk an organization is facing will determine how closely NESA regulators will search for assurance that risks are adequately and appropriately addressed.
A software solution to support the management of cyber security processes
Nasdaq BWise recognizes the significance of managing cyber risk, protecting an organization’s assets, and reporting on it. As a result, the Governance, Risk, and Compliance software solution is able to incorporate the NESA framework into its solution to develop the means to sustain its risk management practices. For example, the BWise information security solution offers the framework to support the management of cyber security processes (e.g., business impact analysis, identification, assessment, treatment, management, monitoring, reporting), but can streamline specific activities such as the seamless integration of threat and vulnerabilities data from customer systems into BWise for assessment and analysis. Other BWise solutions, like business continuity, offer integrating ways to view complementary cyber risk management activities in a holistic manner.
NESA Framework
The NESA framework provides a set of recommendations recognizing that organizations have varying needs and risk management practices. Nasdaq BWise offers a scalable approach to the facets of its solutions. This enables UAE organizations to manage their cyber exposures based on the maturation of their risk management activities as well as their unique risks, threats, vulnerabilities, governance model, and tolerances.
Moreover, NESA’s validation for organizational and business compliance lends itself well to the GRC software solutions. This includes:
- Reporting, to substantiate the risk and control environment (including self-assessments)
- Auditing, to affirm the accuracy of details supporting any reporting conclusions
- Testing, to demonstrate the efficacy of the management and control environment
We have a “win-win” situation with GRC technology in place to protect, comply, and simplify a company’s security framework while meeting the compelling compliance standards and validation process initiated by UAE authorities.
For more information visit our website or experience our virtual reality on how to protect your company against cyber threats.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
