The Dubai Electronic Security Center (DESC) announced today the launch of a package of innovative projects and policies aimed at enhancing digital security standards in Dubai. These initiatives align with the Dubai Electronic Security Index aiming at promoting a competitive cybersecurity environment amongst government entities and advancing progress in the field of cybersecurity.

The announcements were made during the 13th edition of the Gulf Information Security Exhibition and Conference (GISEC Global) 2024, which commenced today at the Dubai World Trade Center and runs until April 25^th.

Commenting on This, H.E. Amer Sharaf, CEO of the Cyber Security Systems & Services Sector, Dubai Electronic Security Center, said: “The Dubai Electronic Security Center plays a central role in securing the digital ecosystem in Dubai, and provides the necessary tools and enablers that cements Dubai position as a destination of choice for attracting FDIs in line with Dubai Economic Agenda, D33, and Digital Dubai Strategy. Through our participation in the 13^th edition of GISEC Global 2024, we aim to enhance interaction with regional and global partners. This involves exchanging experiences, and showcasing Dubai’s achievements in this field. As part of these efforts, we have launched several important initiatives, including “ASAAS”, a pioneering project that provides comprehensive and reliable information crucial for understanding and effectively auditing, and monitoring cyber threats.”

On her part, Dr. Bushra Al Blooshi, Director of Cybersecurity Governance Risk Management Department said: “The Center’s projects and initiatives revolve around enabling the safe use of emerging technologies and ensuring a secure digital environment in Dubai. This is achieved by empowering stakeholders in areas of risk prevention and cyber challenges, while also enabling entities and individuals to take the right proactive measures. We are pleased to participate in this important annual event, as we launched a package of projects and policies that were developed by Emirati minds to consolidate Dubai’s global position and enhance its digital economy”.

Innovative Projects launched by DESC includes:

Advanced Security Audit & Assurance (ASAAS) Provides information on compliance and maturity of applied regulations. It also accelerates the audit process and increases coverage to include more methodologies, procedures, and common practices. In addition, any future adjustments in the regulations and the methodologies used by auditors can be achieved.

Telecommunication Security Standard - The Telecommunication Security Standard provides key practices in information security to be adopted by telecommunication service providers, and presents the minimum requirements for information security controls in the telecom sector. It intends to ensure appropriate level of Confidentiality, Integrity and Availability for critical information handled within telecommunication service providers and establishes a security baseline that is applicable to a common level of information security. The key aspects of the Telecommunication Security Standard includes Dubai’s first telecommunication security standard that covers the sector from a holistic view, alignment to ISR and relevant ISO, ITU and other industry standards etc. Addresses controls regarding IoT, cloud computing and other telecom specified aspects, prevents storing / processing of entity critical information outside the boundaries of the UAE, including cloud services, introduction of minimum security and compliance requirements for externally managed services, Introduction of data center security controls, and Incorporated cyber resilience framework requirements as part of the business continuity process”.

Cloud Security Policy (including consumer guidelines for government: The Dubai Electronic Security Center (DESC) has developed the Cloud Service Provider (CSP) Security Policy to define requirements for cloud service providers, certification bodies, and cloud consumers. This initiative, encompassing a certification program for CSPs of Dubai's government, semi-government, and CII entities, adheres to global standards.

The updated CSP document, aims to make CSP certification more straightforward for all stakeholders engaged in the certification program, ensuring data protection and offering comprehensive implementation guidelines. This initiative enhances security in the cloud and optimizes the compliance process, contributing to a more secure and resilient cloud environment in Dubai.

SOC Security Policy:  DESC's Security Operations Center (SOC) Security Policy outlines requirements and guidance for SOC providers offering their services to government, semi-government, and critical information infrastructure sectors, simplifying the certification with its internationally recognized framework. This ensures a streamlined process for SOC service providers to utilize their existing certifications, optimizing compliance in security operations while supporting a thriving cybersecurity industry.

This SOC Security Policy is designed for SOC service providers, certification bodies, and SOC consumers. It provides supportive guidelines for implementing the SOC Security Standard, outlines the certification process, and includes minimum requirements for SOC consumers.

ISR Ver 3.0 Highlights

The Dubai Government Information Security Regulation provides key practices in information security to be adopted by all Dubai Government Entities and the technology neutral framework presents the minimum requirements for information security controls. It intends to ensure appropriate level of Confidentiality, Integrity and Availability for critical information handled within Dubai Government Entities.

IoT Security Standard Ver 2.0

IoT comprises a large ecosystem of interconnected services and devices, such as sensors, actuators, gateways, smart home objects, car components, and industrial and health components. These technologies collect, exchange and process information, which needs protection. The protection of IoT deployments depends on the protection of all layers involved (organization, application, platform, and device layer). Addressing these challenges and ensuring security in IoT products and services is a fundamental priority for the maintenance of cyber security in Dubai. The first version of the IoT security standard was published in 2018. This updated version adopts the same structure but with the addition/extension/ modification of a number of controls as is needed by the ever-changing security landscape of IoT.

It is worth noting that the Dubai Electronic Security Center, the official government entity responsible for the city’s cybersecurity, is participating for the 7^th consecutive time at GISEC Global a leading global platform in the field of information security. This year's edition of the event will feature the participation of over 750 entities, showcasing their innovations to more than 20,000 expected visitors from 130 countries.