For years, the United Arab Emirates (UAE) has committed itself to adopting information technology (IT) and electronic communication. The UAE’s Telecommunications Regulatory Authority (TRA) noted that this policy has made the state’s government agencies and organizations more efficient as well as has improved the ability for individuals to collaborate around the world. As such, the TRA recognizes the importance of further developing these technologies and their supporting infrastructure going into the future.But the TRA is well aware of how these technologies increase the UAE’s digital risk. Indeed, the country has suffered its fair share of digital attacks in recent years. In a survey of 150 CSOs/CISOs from different industries in the UAE, Proofpoint found that 82 percent of organizations had experienced at least one digital attack in 2019. Just over half (51%) suffered multiple incidents such as account compromise, credential phishing and insider threats, reported
Gulf Business. These incidents produced financial loss (29%), data breaches (28%) and a decreased customer base (23%) at surveyed organizations.Acknowledging these threats, the TRA concluded that it needed to help government agencies and other entities within the UAE support their systems and protect their information assets. The regulatory authority responded by devising an
Information Assurance (IA) Regulation to provide in-scope entities with minimum baseline requirements for safeguarding the UAE’s critical information infrastructure. Implementing entities must therefore achieve and continue to demonstrate compliance with the IA Regulation.How can they best go about to do this?To answer that question, this blog post will provide some basic information about what’s covered in the UAE IA Regulation. It will then explain how
information
assurance
regulation
achieve
compliance
