Building UAE s cyber security resilience through effective use of technology, processes and the local people.

Similar documents
INTELLIGENCE DRIVEN GRC FOR SECURITY

Vulnerability Assessments and Penetration Testing

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Implementing Executive Order and Presidential Policy Directive 21

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

ISAO SO Product Outline

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Data Governance Quick Start

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Business Analysis in Practice

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Why you should adopt the NIST Cybersecurity Framework

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Cybersecurity. Securely enabling transformation and change

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Department of Management Services REQUEST FOR INFORMATION

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

align security instill confidence

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Certified Business Analysis Professional (CBAP )

Securing Your Digital Transformation

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Space Cyber: An Aerospace Perspective

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

NEXT GENERATION SECURITY OPERATIONS CENTER

Symantec Security Monitoring Services

Information Technology Branch Organization of Cyber Security Technical Standard

Threat and Vulnerability Assessment Tool

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

CYBER RESILIENCE & INCIDENT RESPONSE

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

TEL2813/IS2621 Security Management

Professional (CBAP) version 3

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

EU General Data Protection Regulation (GDPR) Achieving compliance

to Enhance Your Cyber Security Needs

Security Awareness Training Courses

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

POSITION DESCRIPTION

Manchester Metropolitan University Information Security Strategy

Cyber Resilience - Protecting your Business 1

IoT & SCADA Cyber Security Services

Business Analysis for Practitioners - Requirements Elicitation and Analysis (Domain 3)

The new cybersecurity operating model

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

RSA INCIDENT RESPONSE SERVICES

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Business Continuity Management

NCSF Foundation Certification

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Balancing energy and environmental demands

SDDC CAMPAIGN PLAN OVERVIEW MILITARY SURFACE DEPLOYMENT AND DISTRIBUTION COMMAND

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Progress Report National Information Assurance Partnership

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

To Audit Your IAM Program

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Cybersecurity for Health Care Providers

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

SOLUTION BRIEF Virtual CISO

THE AUTOMATED TEST FRAMEWORK

ISO/IEC Information technology Security techniques Code of practice for information security controls

Automating the Top 20 CIS Critical Security Controls

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

The Center for Internet Security

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Product Security Program

TSC Business Continuity & Disaster Recovery Session

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Canada Life Cyber Security Statement 2018

Cybersecurity Auditing in an Unsecure World

deep (i) the most advanced solution for managed security services

Practical IT Research that Drives Measurable Results OptimizeIT Strategic Planning Bundle

Your single source for a safe, secure, and sustainable airport

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Designing and Building a Cybersecurity Program

RSA INCIDENT RESPONSE SERVICES

Balancing energy and environmental demands

OG0-091 Q&As TOGAF 9 Part 1

Modelling Cyber Security Risk Across the Organization Hierarchy

Continuous protection to reduce risk and maintain production availability

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

CCISO Blueprint v1. EC-Council

Transcription:

WHITEPAPER Security Requirement WE HAVE THE IN-HOUSE DEPTH AND BREATH OF INFORMATION AND CYBER SECURIT About Us CyberGate Defense (CGD) is a solution provider for the full spectrum of Cyber Security Defenses including Identify, Protect, Detect, Respond and Recover. Our objective is to provide cyber security services that would improve the overarching cyber security posture of the nation especially how Government departments offer its IT services and improving the cyber maturity of the critical infrastructure industries. We also provide an outline approach for developing a Cyber Security Strategy in collaboration with the Government by clearly presenting goals and vision and detailing how that vision can be achieved. Our Vision Building UAE s cyber security resilience through effective use of technology, processes and the local people. Our commitment We believe that a cyber security provider can be about more than just the profits it makes, that by doing things the right way we can be a powerful force for good and safe environment where people and business communicate in cyber space with harmony. By developing your strengths and enabling you to participate securely online, we'll help you to fulfil your security posture and getting the most from your IT investment.

What is Cyber Security? According to the ITU, the United Nations specialized agency for information and communication technologies; Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, trainings, best practices, assurance and technologies that can be used to protect the cyber environment, organization and user s assets. Cyber Security Challenges There is a growing concern of cyber-attacks on individuals, businesses, governments and the heavy industry which our modern lives depend on. There is a tangible risk of these systems being vulnerable and targeted. Governments are targeted by Advanced Persistent Threats (APT), by groups or nation state that are willing to employ time and resources to attack a specific system. For these kinds of attacks, there is a strong likelihood that a compromise will have national security implications. Why we are different Beyond our significant local presence, we have the in-house depth and breadth of information and cyber security expertise required to respond to the most technical information security challenges related to both Information and Operational Technology. The principal reasons why Cyber Gate Defense is the right partner to assist you with any cyber security undertaking are: Geographical: Emirati Owned Company, headquartered in the UAE since 1987. Over the years Cyber Gate provided the UAE Government with high intelligent services and solutions. Today the scope of our services has been extended to include cyber security solutions aimed to strengthen the nation from cyber-attacks.

Sector Experience: We currently operate in the Government sector providing value-added services and built solutions across the entire spectrum of cyber defense. Security Expertise: Our multidisciplinary team of information and cyber security professionals includes internationally renowned experts in the fields of protecting the critical infrastructure, industrial control systems, information systems and networks.

Table of Contents Our Vision... 1 Our commitment... 1 What is Cyber Security?... 2 Cyber Security Challenges... 3 Why we are different... 3 What is Security Requirement?... 5 Why Security Requirement?... 5 Security Requirement challenges?... 5 Some of the other challenges:... 6 Our Approach... 6 Deliverable... 7

What is Security Requirement? Security requirement offers a method to capture and align security needs with business objectives. The process is intended to prioritize important requirements and avoid unnecessary cost associated with the Could Have requirements. It s a formal method for inspecting a security design and confirms it meets the requirement, measuring progress and realization of its benefits. It may be a condition or a statement of desires for a security capability required by stakeholders or to achieve an objective. Stakeholders will be able to know what security solution will be offered; clearly unambiguously and the scope of work can be defined. Why Security Requirement? Stakeholders will be given the opportunity to voice their needs and have it formally documented. A clear recorded security requirement is more effective because: Unambiguous. Eliminating false interpretation of requirement. Priority level is practically set. Favoring urgent requirements. Linked to a business objective. Validating value to the organization. Assigned Owner. Associate requirements with sponsors. Linked to other requirements. Eliminate duplication. Formal acceptance based on some predefined acceptance criteria. Avoid unexpected surprises. Functional category is clearly defined. Developing fit to purpose solution. When utilizing the above features, an informative decision can be reached on whether a security requirement is necessary to implement. Selected security requirement can be formally accepted based on a predefined acceptance criteria and can be traced to a business objective. Without a formal process governing requirements, organization risk is unlikely to be mitigated. Security Requirement challenges? Stakeholders who have a direct association with requirements such as users, developers, project sponsors, customers, security professionals, project managers and testers collaborate through a predefined security requirement process. However, as a consequence of considering a range of different perspectives there will inevitably be conflicts between different stakeholder views, and hence, a key part of security requirements is the resolution of such conflicts. The well planned security requirement should ultimately streamline the acceptance process.

Some of the other challenges: Ambiguous requirement is commonly seen when formal security requirement is absence leading to an ineffective control in managing interpretation of security requirements. Defining a good security requirement does not only mean an understanding of assets and their values, it is equally important to evaluate assets at different stages of their lifecycle; creation, processing, storing, archiving and deletion. Choosing the right security requirement, develop it on time within budget using available resources requires a specialized skills. It s cost effective to acquire professional services and have it correctly developed. Our Approach Our endeavor is to gain a good understanding of the organization context and business objectives. We then align security requirement to business objectives. Understanding the needs and expectations of interested parties leads to a solution that is fit to purpose. Establishing a clear plan for requirements management and communication at the enterprise level is essential to support solution acceptance, assessment and validation. Since security requirements can be captured in different ways, we therefore offer a set of various elicitation methods including: interviewing, workshop, questionnaire, brainstorming, observational, requirement reuse, documentation studies, laddering, repertory grid, scenarios, prototyping, and contextual inquiry. Each of these methods has its own engagement procedure and process. We associate each individual requirement with an acceptance criteria insuring that security solutions logically map to requirements. The increasing amount of security requirements can be overwhelming; we assign a priority level to each requirement based on the MoSCoW model. MoSCoW has four different rating; Most have, Should have, Could have, and Won t have. Each level has a different priority level ranging from highest to lowest respectively and the method is used to prioritize security requirement. Security requirements undergo a classification process to determine whether it is functional or nonfunctional. Most security requirement fall in the non-functional category but in some cases; security feature needs to be developed and hence will be classified as functional.

Deliverable Security requirements are captured and linked to business objective and assigned an owner. A complete set of a comprehensive and unambiguous security requirements documented in a catalogue specifically tailored to your organization will be provided upon completion of the project. Each security requirement will be given a priority level, classified whether it is a functional or non-functional any linked to other associated requirement in the catalogue. OUR SECURITY INTELLIGENCE SERVICES INCLUDES 24 x 7 x 365 security monitoring and analysis. Detect & mitigate against any reconnaissance process, credential theft, and lateral movement. User Behavior Analytica Incident management. Platform management. Custom data source integration and custom parser development. Vulnerability Management. Profiling of security controls. ADSIC or FEDNet Reporting. DISCLAIMER THIS DOCUMENT CONTAINS INFORMATION THAT IS PROPRIETARY TO CYBER GATE TELEPHONE & FAX ADDRESS DEFENSE LLC. NO PART OF THIS PREREQUISITE MAY BE DUPLICATED OR USED FOR TECHNICAL OR COMMERCIAL PURPOSES WITHOUT THE PRIOR CONSENT OF CYBER GATE +971 (0) 2 6655 855 Al Bostan Tower (Office 103), Abu Dhabi, DEFENSE THIS LLC. DOCUMENT CONTAINS INFORMATION THAT IS PROPRIETARY TO CYBER GATE DEFENSE LLC. NO PART OF THIS PROPOSAL MAY BE DUPLICATED OR USED FOR TECHNICAL OR +971 (0) 2 6712 211 UAE. PO BOX 43123 copyright 2018 Cyber Gate Defense LLC. All rights reserved. WEB soc@cybergate.tech www.cybergate.tech

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback