sales@valuementor.com
VM-logo-uk
NESA Compliance UAE2022-09-20T08:59:49+00:00

NESA Compliance UAE

Home » Home-UAE » NESA Compliance UAE
sevice-nesa-compliance

What is NESA in UAE

NESA is the abbreviation for National Electronic Security Authority. NESA, now known as Signals Intelligence Agency or SIA UAE, is authorised by the United Arab Emirates (UAE) government and is responsible for improving national cyber security by protecting its information and communications infrastructure.

ValueMentor is a leading Risk & Compliance service provider in UAE, helping companies achieve NESA / SIA Compliance using UAE Information Assurance Standards.

As part of this mandate, NESA has developed Information Assurance (IA) standards to provide security compliance requirements for entities that support critical national services across all sectors to have a minimum level of security.  ValueMentor’s team of  NESA UAE compliance experts helps organizations comply with the regulatory requirements of NESA with ease.

Our NESA UAE Consultancy Services

ISO 27001 GAP Assessment

Let you know the current state of your ISO 27001 Compliance by assessing it against the standard requirements.

ISO 27001 Risk Assessment

Our ISO 27001 Consultants identify a suitable framework for your organization and perform ISMS risk assessments.

ISMS Risk Treatment Plan

We design Risk Treatment Plans capable of remediating the identified gaps and risks to adequate levels.

ISO 27001 Policies & Procedures

Our ISO 27001 Consultants help develop information security policies and procedures aligning with organizational goals.

Penetration Testing for ISO 27001

We conduct periodic Vulnerability Checks and Penetration Testing to identify the stability of your existing ISO 27001 controls.

ISMS Security Awareness

Our Security Team provides Awareness Training for employees so that an organization’s weakest link is aware and protected.

Technology Implementations

Our expert team provide advisory and support on remediation of technology gaps and execution of technical controls.

ISMS Internal Audits

We conduct Internal Audits to check and resolve deviations from the specified ISMS policies and procedures.

ISO 27001 Certification Audit

We provide hand-holding assistance during the ISO 27001 Certification Audit, helping you reach ISO 27001 Certification successfully.

Would you like to speak to a NESA Consultant?

CONTACT US

Phase 1 – Assessment

The first phase of a NESA Compliance project is to estimate the current state of compliance.

Identify Critical Assets

  • Project Initiation
  • Understand the organization
  • Identify critical business services
  • Identify information infrastructure

Gap & Risk Assessment

  • Assessment of current state and mapping it to NESA Standards
  • Identification of threats and vulnerabilities exploiting the gaps resulting in risk.

NESA Controls Identification

  • Identify cyber security controls that can mitigate the risks and thereby result in NESA Compliance.
  • Define NESA Risk treatment plan

NESA Compliance Reports

  • Develop the NESA mandated reports such as CII Operator reports, NESA Progress report and NESA Risk Assessment & Management document

Phase 2 – Control Development

This second phase of the project is to develop the controls to treat the risks identified. NESA Risk Treatment Plan provides the directions for this phase of the implementation.

NESA Policies & Procedures

  • NESA UAE policies and procedures establish the basis for implementing cyber security best practices.

Security Awareness

  • Humans are considered the most vulnerable link in cyber security. Security awareness improves human understanding in developing an organization’s cyber security posture.

Technology Controls

  • Security Architecture
  • Technology gaps
  • Configuration advisory

Management Controls

  • Operational controls
  • Physical Security
  • Managerial Controls

Phase 3 – Security Services

This phase of the engagement delivers existing security practices for the organization. Different services performed by the ValueMentor team are: –

Periodic Security Testing

  • Vulnerability Assessments
  • Penetration Testing
  • Security configuration reviews

SIEM & Incident Response

  • SIEM Solution deployment
  • 24×7 Security Monitoring
  • Security Device Management

Managed Network Security

  • Next Gen Firewalls, UTMs
  • URL Filter, Web Security
  • Wi-Fi Security
  • VPN and remote access security

Data & Endpoint Security

  • DLP Solutions
  • Patch Management
  • Endpoint security
  • Mobile Device Management

Phase 4 – Compliance Review

This phase of the engagement delivers existing security practices for the organization. Different services performed by the ValueMentor team are: –

ISMS Performance Review

Evaluate the performance of the ISMS against the defined metrics. It helps in the continual improvement of the ISMS.

NESA Internal Audits

Perform periodic ISMS audits to assess compliance with defined policies and procedures of NESA standards.

Mock Compliance Audit

Perform mock compliance audits help you identify the weak areas of ISMS implementation.

External Audit Support

Assist the customer during the compliance audit to meet the required NESA requirements.

Would you like to speak to a NESA Consultant?

CONTACT US
NEWS & EVENTS

Related Insights

  • Penetration Testing

    Red Teaming: Things you should know!

    September 29, 2022
  • Application Security Testing

    A Quick Guide to Threat Modelling for Web-Apps

    September 28, 2022
  • Case Studies

    PCI DSS Level 1 Compliance Project for a Payment Services Company

    September 26, 2022
Read all articles

Frequently Asked Questions (FAQ)

1. Who should comply with UAE NESA Standard?2022-09-20T08:23:33+00:00

NESA compliance goes mandatory for: –

  • All government organizations
  • Semi government organizations
  • BSFI, fintech organizations
  • Any business organization identified as UAE critical infrastructure

 

2. What are the goals of NESA’s IAS Standard?2022-09-20T08:35:31+00:00

The National Electronic Security Authority (NESA) Information Assurance Standards (IAS) UAE intends to enhance the overall cybersecurity in the nation. The major reasons behind the introduction of the NESA IAS standard is to: –

  • Improve the security of critical cyber assets in the UAE.
  • Lessen infrastructure security risk levels against any threats.
  • Promote cybersecurity threat awareness across the nation.
  • Improve infrastructure, resources, and technical capabilities.
3. How many security controls and standards fall under NESA’s IAS Standard?2022-09-20T08:37:17+00:00

UAE IAS includes 188 security controls and standards grouped into 4-tiers based on priority (from PI to P4). NESA designed these controls based on 24 threats collected from various industry reports and prioritized them based on the recorded breach ratio. P1 marks the tier with the highest priority and P4 with the lowest. Of the 188 security controls, 39 belong to tier P1, helping address 80 % of the breaches identified by NESA. Hence, implementing PI controls illustrates an organization’s foremost step towards achieving compliance with NESA requirements.

Company

Services

Global Services

Stay Connected

A208, Al Shoala Building, Port Saeed, Dubai, United Arab Emirates

Email : sales@valuementor.com

Phone: +971 – 050 738 7600

VM-logo-grey-002-1

Copyright © 2022 ValueMentor. All Rights Reserved.

Go to Top