Compliance NESA

We make NESA IAS compliance easier with expert cybersecurity services

Experience seamless compliance across all your IT infrastructure with NESA guidelines with our expert cybersecurity compliance services.

Home
Compliance
NESA

Understanding NESA
Compliance

The SIA (Signals Intelligence Agency) has developed some guidelines and regulations to establish a default level of cybersecurity in all the critical organizations in the UAE. These guidelines are Information Assurance Standards (IAS) to be also fulfilled by organizations not deemed critical.   

They comprise some of the industry’s best practices in cybersecurity that can safeguard them from the most sophisticated cyberattacks.  There are188 security controls categorized as per priority. The NESA evaluates the compliance status of organizations through the consolidation of reports to assess the sector-wise level of risks in the nation. 

It requests evidence at the time of audit and asks the organizational representative to validate their reported cybersecurity status. It may also involve testing some of the specific controls implemented for cybersecurity in an organization. Therefore, the organizations that have fulfilled NESA IAS compliance, enjoy a good level of cybersecurity.

The NESA IAS guidelines: What do they say? 

The Signals Intelligence Agency (previously the NESA) has defined specific guidelines for protecting the most valuable digital assets of the nation. Evolving threats, hacktivists, and state-sponsored attackers are continuously looking to steal these assets.:

And IA regulations seek to ensure a default level of cybersecurity posture for the most critical organizations of the nation. These IA regulations include:

Sector-wise detailed information on the status quo level of information security prevalent in organizations.
Risk assessment of organizations for effective implementation of IA regulations.
A detailed definition of the roles and responsibilities for all the key personnel who will plan and execute compliance activities.
A step-by-step guide on the development, implementation, monitoring, and the overall improvement of information security based on guidelines.
A list of security controls that can be used to defend against some of the common cyber attacks for reference.
A comprehensive updated list of all the common known threats and vulnerabilities.
Provision of a set of specific security measures and controls that address sector-specific information security bottlenecks.
Guidance on the implementation of security measures to remediate against the most common vulnerabilities and threats.
Definition of compliance from the point of view of Information Assurance and approach that is to be adopted.
Steps to create awareness and communicate information pertaining to combating threats and attending to vulnerabilities.

SharkStriker Approach

The Signals Intelligence Agency (previously the NESA) has defined specific guidelines for protecting the most valuable digital assets of the nation.Evolving threats, hacktivists, and state-sponsored attackers are continuously looking to steal these assets. 

And IA regulations seek to ensure a default level of cybersecurity posture for the most critical organizations of the nation. These IA regulations include:

  • Assessment
  • Rollout & Implementation
  • Security Services
  • Compliance Review

Assessment

Our approach starts with assessing your existing business infrastructure to determine how compliant it is with IAS regulations stated by SIA (Signals Intelligence Agency).
Identify Assets
Identify systems where critical information is stored
Understand compliance requirements
Identify critical service
Identification of controls
Determine controls that can help bridge identified gaps
Strategize and build a risk treatment plan
Gap & Risk Assessment
Conducting vulnerability and risk assessments
Identify compliance gaps in the current information systems
Generation of Compliance Reports
Audit the current posture and develop a compliance report
Assessment

Rollout & Implementation

After the assessment, we start implementing the right tools and solutions to roll out the risk treatment plan.
Security Measures
Implement security measures, policies, and procedures based on the risk treatment plan
Technology Controls
Implement the exemplary architecture that fosters alignment with the risk treatment plan
Technology and tools configuration
Awareness
Run training and awareness programs to educate your employees
Mitigate human errors and make your cybersecurity resilient
Management Controls
Procedural, managerial, and operational controls to mitigate risks
Enhance physical security
Use IAMs to assign roles to different users and prevent unauthorized access
Rollout & Implementation

Security Services

The security services phase focuses on supplementing your existing infrastructure to enhance security strength and resilience.
SharkStriker’s comprehensive range of services provides you with a complete security solution.
Periodic Security Testing
Vulnerability Assessments
Penetration Testing
Security configuration reviews
Managed Network Security
Firewall Installation & Management
Firewall Configuration Assessment
Network Security Monitoring
Threat Detection and Response
Managed SIEM Solution
24/7 Security Monitoring
Incident Response
Cloud & Endpoint Security
AI-based EDR Solution
Cloud Security Assessment
Cloud & Endpoint Security Monitoring
Security Services

Compliance Review

In the last phase, we review and audit the implementation of the IAS guidelines framework. We conduct periodic audits and reviews to strengthen your ISMS.
ISMS Review
Review the performance of your ISMS to find and mitigate any deviations
Continuous improvement of ISMS
Mock Audits
Conduct mock audits to identify weak and exploitable areas of the ISMS Internal Audits
Internal Audits
Periodic audits of ISMS and the risk treatment plan to ensure that the plan is still relevant
Assess if your business is following the defined metrics and procedures
External Audit Support
Assistance with external audits to ensure that your ISMS meets NESA IAS compliance standards and gets the certification
Security Services

UAE-NESA Standards

Here are some of the security controls established in UAE-NESA compliance standards

Management Control Family
Security Management
M1: Strategy and Planning
T1: Asset Management
M2: Information Security Risk Management
T2: Physical and Environmental Security
M3: Awareness and Training
T3: Operations Management
M4: Human Resource Security
T4: Communications
M5: Compliance
T5: Access Control
M6: Performance Evaluation and Improvement
T6: Third-Party Security
T7: Information Systems Acquisition, Development, and Maintenance
T8: Information Security Incident Management
T9: Information Security Continuity Management

UAE IA Standards lists a total of 188 security controls, which are further classified in a priority manner based on their impact. NESA suggests implementing the controls with priority 1 first and then priority 2 to 4.

Priority
Controls
P1
39
P2
69
P3
35
P4
45

How can we Help You with our
NESA Compliance Services?

We possess some of the best in cybersecurity in terms of tools, resources, and experts with extensive industry experience. We conduct a top to bottom assessment of the entire organization and look for gaps in NESA compliance and prepare a report along with the measures and policies that are to be implemented. 

The risks and vulnerabilities mentioned in the risk assessment are treated by devising a compliance plan that comprises all the policies, procedures, rules, and measures that are to be taken for complete compliance. Post implementation of the plan, we conduct an audit such that the remaining gaps and loopholes are taken care of and there is 360-degree compliance.   

Become NESA IAS-ready with SharkStriker