Critical Information Infrastructure Security is one of the biggest economic and national challenges faced by every country. NESA (National Electronic Security Authority), also known as SIA (Signals Intelligence Agency) is a Government unit that provides guidelines to organizations on keeping their Information Infrastructure secure. UAE IAS is a security standard put forth by NESA for Security Compliance, which is compulsory to all government/private entities in UAE that deal with the nation’s critical Information Infrastructure.

The Client

The client is a leading Insurance Company with more than 10 branches spread across the UAE. Being a well-recognized brand in UAE, the client helps you combat losses associated with unexpected exigencies in life with their broad range of insurance schemes like

• Life insurance
• Health Insurance
• Vehicle Insurance
• Home Insurance
• Travel Insurance and many more

Requirements

The requirement from the client was to build a strong Information Security Management System (ISMS) Framework that meets UAE’s IAS framework compliance requirements, as laid out by NESA. The client operates a lean IT team, with a relentless focus on delivering high customer value with fewer resources. The client wanted a trusted Cyber Security Partner to guide them throughout the NESA compliance program.

Challenges

The key challenges faced by our team during the project was:

1. Evaluating the breadth and depth of each department and its functions.
2. Designing an ISMS Framework that would meet all the regional regulatory compliance, under the geographical location of the client asset/property.
3. Educating the leadership board of the Client on how to help prevent cyber security threats and secure the information.

Strategy

With our dedicated and experienced team, ValueMentor was able to address every challenge.

1. We established a dedicated team from ValueMentor as well as from the Client side. The ValueMentor team consisted of Consultants who were well experienced in the NESA UAE IAS framework and the Client team consisted of employees who had in-depth knowledge in their respective departmental functions, who was able to help our team during assessments.
2. Our experienced team was proficient in research and recognized all the said requirements and worked with the Client Legal Team to design the required framework.
3. With our training and awareness sessions, ValueMentor was able to educate the client on the best Cyber Security practices to follow and how to implement it across the organization.

Final Results

ValueMentor is proud to know that the project had met client’s expectations and requirements as explained below:

• Building a strong ISMS framework that is scalable.
• Designing effective policies and processes, that are easy to follow.
• Handling security risks associated with each department functions, that was previously unnoticed.
• Establishing a centralized committee, which can manage the governance of security standards.

Conclusion

With prominent cybercrimes becoming a regular occurrence, it has become imperative for every organization to adopt a trusted security partner and assess their security posture regularly. As a full-service Cyber Security Service Provider, ValueMentor helps you manage cyber risks, meet compliance requirements and detect & respond to incidents while protecting the business.

About ValueMentor

ValueMentor is a pure play information security services and consulting company. We are specialists in delivering Security Consulting Services to organizations across the globe and pioneers in Information Security Audit Services, Information Security Consulting Services and Managed services.