Dubai Cyber Security Center Set to Launch Enhanced Information Security Regulation (ISR) 3.0
Dubai Cyber Security Center, under the Digital Dubai Authority, is gearing up to launch the third version of its Information Security Regulation (ISR) following the success of the previous version, providing additional improvements.
The ISR system defines fundamental practices to be followed in the field of information security, mandated for all government entities in Dubai, it includes information security controls to ensure the confidentiality, integrity, and availability of information handled by government entities in Dubai, these controls and standards aim to maintain core operations, mitigate information security risks, and prevent related incidents.
Yousef Hamad Al Shaibani, CEO of Dubai Cyber Security Center, stated, “As Dubai and the UAE continue their steady digital transformation, we, at Dubai Cyber Security Center, remain committed to providing cybersecurity services and sustaining their development, in line with the highest international standards in this field.”
He added, “The ISR system allows us to achieve our strategic goals, and effective implementation of the ISR controls will enhance our flexibility in handling information security risks, thereby building confidence among stakeholders and ensuring operational strength, productivity, and cybersecurity.”
The Information Security Regulation (ISR) is comprised of 13 domains, each addressing one or more categories of information security, these domains include governance, operations, and assurance, applicable to all government entities in Dubai, covering employees, consultants, contractors, and non-governmental visitors who are associated with government entities through various channels.
The new version, ISR 3.0, continues the success of its predecessor, which achieved significant milestones, encouraging government entities to use cloud services hosted within the UAE and allowing international cloud service providers to offer their services within the country.
Additionally, the number of licensed Cloud Service Providers (CSP) from Dubai Cyber Security Center has increased, entities have begun strategically restructuring their organizations to enhance security governance by establishing an independent and directly accountable information security function to top management, allowing better control and compliance.
The improvements in the third version include additional controls such as requiring citizens of the UAE to hold the position of information security, ensuring direct communication with top management, it also defines roles and responsibilities for information security coordinators, internal auditors, and incident response teams, furthermore, it prohibits storing critical information outside the country, including cloud services.
The new version introduces requirements for the problem management process as part of the incident management process, minimum security and compliance requirements for third parties and managed services, data center security controls, and integration of Electronic Resilience Framework requirements as part of business continuity operations, aligning with ISO frameworks and other relevant standards.