SlideShare a Scribd company logo

Qatar's NIA Policy Program

Samir Pawaskar
Samir Pawaskar

The National Information Assurance (NIA) Policy Program in Qatar aims to establish an information security policy framework to address growing cybersecurity risks. It identifies emerging risks like changing political situations, sophisticated attack vectors, and evolving legislation. Real cyber incidents from 2012-2014 targeting Qatar's oil/gas and financial sectors are described. The NIA Policy provides governance structures and technical controls across many areas. It has been adopted by leading organizations and aligns with national strategies. Through training and standards compliance, the program has raised security maturity, enabled the security market, and created jobs while spurring innovation.

1 of 9
Download to read offline
The National Information Assurance (NIA) Policy Program Samir Pawaskar Head- Cyber Security Policy and Standards
NIA Policy: Why do we need this? • It is a connected world! • More and More services are being provided online • Continuous evolving and powerful technology available to everybody at a cheap price • With every opportunity come Risk. • Your business is at RISK!
Emerging Risks • Changing Political Scenario – Volatile Political situation in Region – Qatar’s prominent role in International Arena • Changing Economic Scenario – Country with highest per capita income – International Sporting Events • Hacktivism • Sophisticated Attack Vectors • Insider Threats • Changing Legislative landscape – Proposed Data Privacy Law* proposed information Privacy and Protection Law. – Critical Information Infrastructure Protection Law*
Real Incidents Year Incident 2012 Main players in Oil & Gas industry in Qatar have been impacted by major cyber attacks. 2013 Major attack targeting TLD “Top Level Domains” which resulted in interrupting e-commerce websites in Qatar. 2014 Many DDOS attacks targeting Financial and Energy sectors in state of Qatar.
Security Governance & Processes Governance Structure [IG] Risk Management [RM] Third Party Security Management [TM] Data Labeling [DL] Change Management [CM] Personnel Security [PS] Security Awareness [SA] Incident Management [IM] Business Continuity Management [BC] Logging & Security Monitoring [SM] Data Retention & Archival [DR] Documentation [DC] Audit & Certification[AC] Technical Control Areas Communications Security [CS] Network Security [NS] Information Exchange [IE] Gateway Security [GS] Product Security [PR] Software Security [SS] System Usage Security [SU] Media Security [MS] Access Control Security [AM] Cryptographic Security [CY] Portable Devices & Working Off-Site Security [OS] Physical Security [PH] Virtualization [VL] National Information Assurance Manual National Information Classification Policy National Information Assurance Policy Approved and vetted by Council of Ministers, National Information Security Council. Formulated from most common International standards/best practices. Adopted by leading organizations in government, finance and energy sectors.
NIA Policy Program: Alignment to National Strategies The NIA Policy Program is very well aligned to establishing the objectives set in:  ictQATAR 2015  Improving Connectivity  Boosting Human Capacity  National Cyber Security Strategy  Establish a legal and regulatory framework to enable a safe and vibrant cyberspace;  Develop and cultivate national cyber security capabilities.  Qatar National Vision 2030  Economic Development  Human Development 4/14/2015 8
NIA Policy Program 4/14/2015 9 Training & Awareness Providing Support (Tools & Consulting) Mapping to Internation al Standards Program with Vendors / Business Review Standards Complianc e Program
The Success Story Through the NIA Policy Program we have been able to:  Raise IS Governance  Raised IS maturity / awareness in the critical sectors.  A number of organizations have adopted NIA Policy for implementing ISMS  Build Human Capacity  Trained (more than 300) and Certified (nearly 200) information security professionals on NIA Policy Implementation.  Enable the IS market  New companies focused on information security are coming up to leverage the capacity gap in the market  Existing companies are gearing up to offer services aligned to NIA Policy  Spur Innovation in Cyber Security  Local IS companies are building products and aligning their services / offerings to NIA Policy  International products are vying to ensure that their offerings meet NIA Policy requirements  Create Job Opportunities  Organizations are ramping up their organization structure to include IS positions  Consulting organizations are creating jobs for people experienced on NIA Policy. 4/14/2015 10
Thank You • Any Questions? • If you have any further queries, we would be glad to help you clarify it. • You could send your questions to us at Mr. Samir Pawaskar, Head - CS Policy and Standards spawaskar@ict.gov.qa

Recommended

Child Protection
Child ProtectionChild Protection
Child Protection
sangita_chosencaregroup
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Digging deep - the digital transformation of mining
Digging deep - the digital transformation of miningDigging deep - the digital transformation of mining
Digging deep - the digital transformation of mining
Orange Business Services
 
AI in Talent Acquisition - Talent Connect 2017
AI in Talent Acquisition - Talent Connect 2017AI in Talent Acquisition - Talent Connect 2017
AI in Talent Acquisition - Talent Connect 2017
Przemek Berendt
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Robin Rafique
 
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute AffectionMonitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Nandlal Mishra
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
NISHTHA_NCERT123
 

Recommended

Child Protection
Child ProtectionChild Protection
Child Protection
sangita_chosencaregroup
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
Directorate of Information Security | Ditjen Aptika
 
Digging deep - the digital transformation of mining
Digging deep - the digital transformation of miningDigging deep - the digital transformation of mining
Digging deep - the digital transformation of mining
Orange Business Services
 
AI in Talent Acquisition - Talent Connect 2017
AI in Talent Acquisition - Talent Connect 2017AI in Talent Acquisition - Talent Connect 2017
AI in Talent Acquisition - Talent Connect 2017
Przemek Berendt
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Robin Rafique
 
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute AffectionMonitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Monitoring and Evaluation Framework for MAA: Mothers’ Absolute Affection
Nandlal Mishra
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
Protection Of Children from Sexual Offences (POCSO) Act 2012 and Child Sexua...
NISHTHA_NCERT123
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory Landscape
Samir Pawaskar
 
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun GuptaOwasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
OWASP-Qatar Chapter
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
Kacc case study
Kacc case studyKacc case study
Kacc case study
Khalid Al-Ghamdi
 
Getting involved in network security
Getting involved in network securityGetting involved in network security
Getting involved in network security
jeffmcjunkin
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Juan Carlos Carrillo
 
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMENegative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
jeffmcjunkin
 
Federal ministry of water resources
Federal ministry of water resourcesFederal ministry of water resources
Federal ministry of water resources
Otoide Ayemere
 
Federal Ministry of Water Resources
Federal Ministry of Water ResourcesFederal Ministry of Water Resources
Federal Ministry of Water Resources
TransformNG
 
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
SRI-Rice, Dept. of Global Development, CALS, Cornell University
 
Ppt on irrigation
Ppt on irrigationPpt on irrigation
Ppt on irrigation
Divyam1027
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
PECB
 
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
Commonwealth Telecommunications Organisation
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
sri_ias
 
Navigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services IndustryNavigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services Industry
Citrin Cooperman
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15
DSCI_Connect
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
David Crozier
 

More Related Content

Viewers also liked

Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory Landscape
Samir Pawaskar
 
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun GuptaOwasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
OWASP-Qatar Chapter
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
Kacc case study
Kacc case studyKacc case study
Kacc case study
Khalid Al-Ghamdi
 
Getting involved in network security
Getting involved in network securityGetting involved in network security
Getting involved in network security
jeffmcjunkin
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Juan Carlos Carrillo
 
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMENegative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
jeffmcjunkin
 
Federal ministry of water resources
Federal ministry of water resourcesFederal ministry of water resources
Federal ministry of water resources
Otoide Ayemere
 
Federal Ministry of Water Resources
Federal Ministry of Water ResourcesFederal Ministry of Water Resources
Federal Ministry of Water Resources
TransformNG
 
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
SRI-Rice, Dept. of Global Development, CALS, Cornell University
 
Ppt on irrigation
Ppt on irrigationPpt on irrigation
Ppt on irrigation
Divyam1027
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
Leslie Samuel
 

Viewers also liked (12)

Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory Landscape
 
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun GuptaOwasp qatar presentation top 10 changes 2013 - Tarun Gupta
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 
Kacc case study
Kacc case studyKacc case study
Kacc case study
 
Getting involved in network security
Getting involved in network securityGetting involved in network security
Getting involved in network security
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
 
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMENegative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
 
Federal ministry of water resources
Federal ministry of water resourcesFederal ministry of water resources
Federal ministry of water resources
 
Federal Ministry of Water Resources
Federal Ministry of Water ResourcesFederal Ministry of Water Resources
Federal Ministry of Water Resources
 
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
0422 SRI Trial in the Caraga Region XIII National Irrigation Administration
 
Ppt on irrigation
Ppt on irrigationPpt on irrigation
Ppt on irrigation
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Similar to Qatar's NIA Policy Program

How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
PECB
 
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
Commonwealth Telecommunications Organisation
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
sri_ias
 
Navigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services IndustryNavigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services Industry
Citrin Cooperman
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
accenture
 
Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15
DSCI_Connect
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
David Crozier
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
General manager | NMO 2019
General manager | NMO 2019General manager | NMO 2019
General manager | NMO 2019
National Management Olympiad
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
Update from the Province of Prince Edward Island - Laura Stanford
Update from the Province of Prince Edward Island - Laura StanfordUpdate from the Province of Prince Edward Island - Laura Stanford
Update from the Province of Prince Edward Island - Laura Stanford
IdentityNorthEvents
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Presentation, Khater, Jordan, ENP South webinar 12 April 2022
Presentation, Khater, Jordan, ENP South webinar 12 April 2022Presentation, Khater, Jordan, ENP South webinar 12 April 2022
Presentation, Khater, Jordan, ENP South webinar 12 April 2022
Support for Improvement in Governance and Management SIGMA
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
Nicolas Beyer
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
Bright Boateng
 

Similar to Qatar's NIA Policy Program (20)

How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana BelingueCTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
CTO Cybersecurity Forum 2013 Marcel Ambiana Belingue
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
 
Navigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services IndustryNavigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services Industry
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15Dsci data protection outlook annual report 2014-15
Dsci data protection outlook annual report 2014-15
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
General manager | NMO 2019
General manager | NMO 2019General manager | NMO 2019
General manager | NMO 2019
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
Update from the Province of Prince Edward Island - Laura Stanford
Update from the Province of Prince Edward Island - Laura StanfordUpdate from the Province of Prince Edward Island - Laura Stanford
Update from the Province of Prince Edward Island - Laura Stanford
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Presentation, Khater, Jordan, ENP South webinar 12 April 2022
Presentation, Khater, Jordan, ENP South webinar 12 April 2022Presentation, Khater, Jordan, ENP South webinar 12 April 2022
Presentation, Khater, Jordan, ENP South webinar 12 April 2022
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
 

Qatar's NIA Policy Program

  • 1. The National Information Assurance (NIA) Policy Program Samir Pawaskar Head- Cyber Security Policy and Standards
  • 2. NIA Policy: Why do we need this? • It is a connected world! • More and More services are being provided online • Continuous evolving and powerful technology available to everybody at a cheap price • With every opportunity come Risk. • Your business is at RISK!
  • 3. Emerging Risks • Changing Political Scenario – Volatile Political situation in Region – Qatar’s prominent role in International Arena • Changing Economic Scenario – Country with highest per capita income – International Sporting Events • Hacktivism • Sophisticated Attack Vectors • Insider Threats • Changing Legislative landscape – Proposed Data Privacy Law* proposed information Privacy and Protection Law. – Critical Information Infrastructure Protection Law*
  • 4. Real Incidents Year Incident 2012 Main players in Oil & Gas industry in Qatar have been impacted by major cyber attacks. 2013 Major attack targeting TLD “Top Level Domains” which resulted in interrupting e-commerce websites in Qatar. 2014 Many DDOS attacks targeting Financial and Energy sectors in state of Qatar.
  • 5. Security Governance & Processes Governance Structure [IG] Risk Management [RM] Third Party Security Management [TM] Data Labeling [DL] Change Management [CM] Personnel Security [PS] Security Awareness [SA] Incident Management [IM] Business Continuity Management [BC] Logging & Security Monitoring [SM] Data Retention & Archival [DR] Documentation [DC] Audit & Certification[AC] Technical Control Areas Communications Security [CS] Network Security [NS] Information Exchange [IE] Gateway Security [GS] Product Security [PR] Software Security [SS] System Usage Security [SU] Media Security [MS] Access Control Security [AM] Cryptographic Security [CY] Portable Devices & Working Off-Site Security [OS] Physical Security [PH] Virtualization [VL] National Information Assurance Manual National Information Classification Policy National Information Assurance Policy Approved and vetted by Council of Ministers, National Information Security Council. Formulated from most common International standards/best practices. Adopted by leading organizations in government, finance and energy sectors.
  • 6. NIA Policy Program: Alignment to National Strategies The NIA Policy Program is very well aligned to establishing the objectives set in:  ictQATAR 2015  Improving Connectivity  Boosting Human Capacity  National Cyber Security Strategy  Establish a legal and regulatory framework to enable a safe and vibrant cyberspace;  Develop and cultivate national cyber security capabilities.  Qatar National Vision 2030  Economic Development  Human Development 4/14/2015 8
  • 7. NIA Policy Program 4/14/2015 9 Training & Awareness Providing Support (Tools & Consulting) Mapping to Internation al Standards Program with Vendors / Business Review Standards Complianc e Program
  • 8. The Success Story Through the NIA Policy Program we have been able to:  Raise IS Governance  Raised IS maturity / awareness in the critical sectors.  A number of organizations have adopted NIA Policy for implementing ISMS  Build Human Capacity  Trained (more than 300) and Certified (nearly 200) information security professionals on NIA Policy Implementation.  Enable the IS market  New companies focused on information security are coming up to leverage the capacity gap in the market  Existing companies are gearing up to offer services aligned to NIA Policy  Spur Innovation in Cyber Security  Local IS companies are building products and aligning their services / offerings to NIA Policy  International products are vying to ensure that their offerings meet NIA Policy requirements  Create Job Opportunities  Organizations are ramping up their organization structure to include IS positions  Consulting organizations are creating jobs for people experienced on NIA Policy. 4/14/2015 10
  • 9. Thank You • Any Questions? • If you have any further queries, we would be glad to help you clarify it. • You could send your questions to us at Mr. Samir Pawaskar, Head - CS Policy and Standards spawaskar@ict.gov.qa