[ISN] Region wakes up on security

From: InfoSec News (alerts@private)
Date: Sun Oct 15 2006 - 22:37:13 PDT


By Diana Milne
15 October 2006

While Middle East organisations have been widely criticised for not 
doing enough to protect their IT systems, a number of companies here are 
now waking up to the looming IT security crisis by adopting 
international standards.

According to managed hosting and security consulting firm eHosting 
Datafort, three companies in the region have become certified under the 
ISO 27001 standard Dubai Aluminium Company (Dubal), Saudi Binladin Group 
in Saudi Arabia and Mobile Telecommunications Company (MTC) Vodafone in 
Bahrain with the Dubai Rulers Court due to follow.

The security firm said it is working with another eight companies 
towards achieving certification, and is in discussion with a dozen other 

The certification is given to companies that meet the standards 
requirements in terms of securing data held on their systems such as 
employee or customer information.

ISO 27001 requires companies to meet standards in a number of 
categories, which fall into three broad areas confidentiality, integrity 
and availability.

It replaced the BS7799 this year as the only certifiable security 
governance standard and allows companies to comply with regulations such 
as the USs Sarbanes Oxley laws and the UKs Data Protection Act.

Ahmed Baig, manager of security consulting for eHosting Datafort, said 
the fact that so many organisations are looking at or have already 
acquired the ISO 27001 certification is a very positive sign.

Its quite encouraging because in this small market these numbers are 
quite big, he claimed.

Businesses are realising more and more that there are a lot of incidents 
being reported within the GCC and people are taking this quite 
seriously, he added.

They are becoming aware and they are trying to figure out if they are 
not aware, what are the best ways to protect themselves.

Ibrahim Awad, information security officer at the Dubai Rulers Court, 
which is in the process of being certified, explained that security of 
information is particularly important for his organisation, which 
provides shared IT services for all government departments in Dubai.

We have a government information resource department, which holds the 
other departments data on the ERP system and we provide this system to 
the government departments like the police department and Municipality, 
said Awad.

We also have their finance information, HR records and logistics data. 
So we needed proven and used technology to secure this data and secure 
the IT infrastructure as well.

He went on to say that the government is in talks over whether to 
implement the ISO 27001 standard across all its different departments.

The process of certifying the Dubai Rulers Court is expected to be 
completed by the end of this year and has been going on for around six 

Dubal completed the process in August and is now fully ISO 27001 

The firms IT architecture manager, Jagan Rao, said the company is now 
better able to protect the valuable company data held on its IT systems 
such as project proposals, customer orders, sales contract information 
and budget or financial planning information.

Information is one of our main assets; we have to protect it and we have 
a very strong infrastructure and methods in place to protect against 
hacking or a denial of service attacks and information leakage or 
espionage, said Rao.

This helps us to align with the international best standards and 
practices. And it gives us and the management the assurance that things 
are done in the right way, he added.

Baig said it is particuarly important for companies to become certified 
in the UAE where the government has recently enacted a new cyber law.

This law will require companies to monitor the information they hold and 
the content being emailed from the company by employees.

2006 The Information & Technology Publishing Co. Ltd.

Visit the InfoSec News store!

This archive was generated by hypermail 2.1.3 : Sun Oct 15 2006 - 22:47:23 PDT