National Information Assurance Framework

Qatar

Ministry Of Information and Communication Technology

What is Q-CERT?
Qatar's National Center for Information

Security
An ictQATAR initiative
Works with organizations who deliver critical
services in Qatar

Q-CERT
A leader in Qatar and the region in promoting IT security standards,
practices, products and services to

improve the security critical

IT infrastructure

A trusted confidant partner in

responding to cyber security

incidents and providing threat and vulnerabilities reporting

A leader in

building the cyber security awareness skills and

human capacities in the country

Our Approach
We encourage all organizations to have an Information

Security Risk Management program in place

We work directly with organizations who provide critical
services to the nation
We help organizations to improve their cybersecurity capability
and capacity
Q-CERT never discusses the confidential information it
receives
There is no charge for Q-CERT services - designed to
complement private sector, not compete with it

The need of Information

Government
Information
Security Management System
Assurance Survey
Increasing
Reliance on ICT

Baseline Policy &

Standards

New Emerging Risks

No Security Baseline
standards
Insufficient trained
resources

Auditing Model

Certified Training

Emerging Risks
Changing Political Scenario

Arab Spring
Qatars prominent role in International Arena
Changing Economic Scenario
Country with highest per capita income
International Sporting Events
Hacktivism
Sophisticated Attack Vectors
Insider Threats
Changing Legislative landscape
Data Privacy Law*
Critical Information Infrastructure Protection Law*

Business Model of
Information
Security

Challenges

Cultural Issues
Pre-set Mindset: Peaceful
and secure environment
Lack of Awareness
Lack of Support

Lack of Resources

National Information Assurance Framework

Qatar Information Assurance Framework

Electronic Commerce & Electronic Signatures Law

Cyber Crime Law (MOI)

Data & Privacy Protection Law
Critical Information Infrastructure Protection Law
Anti-Spam Policy
Policies

Qatar National Information Assurance Policy

Asset Classification Policy
Banking Supervision rules (QCB)
Cloud computing Security

Standards

Small Data Center Security guideline

Blackberry Security Policy (Mobile Security)

Health Assurance Policy

SCADA Security Guidelines

Information Security for Schools Policy

Guidelines

Web Hosting Security Framework

Technology Standards
Best Practices
GOVERNMENT

Technology Standards
Best Practices

NON-GOVERNMENT
CRITICAL INFRASTRUCTURE

Security
Guidelines/ Tips
General Public

10

Policies-Standards-Guidelines
National Cryptography policy

Accreditation and Certification Framework

Public WiFi Security Policy
BYOD Security Policy
IOS Security Policy (Apple devices Security)

11

Cyber Crime Law

categories of criminal activity:

Crimes against the

Confidentiality, Integrity and Availability of Computer Data and Systems

Computer-related offences

Content-related offences

Offences related to infringements of Copyright and Related Rights

12

Data & Privacy Protection Law (1)

Promotes the protection of the personal privacy of individuals, including children, with regard to

the processing of personal information in the State of Qatar;

Promotes the economic interests of the State of Qatar, particularly in relation to

entrepreneurship, innovation and economic development;

Adheres to the international obligations accepted by the State of Qatar and promotes global
privacy interoperability so as to enable the free flow of information;

Promotes trust in interaction with digital environments; and

Minimises and simplifies regulations for the benefit of both businesses and consumers,
including encouraging self-regulation through voluntary codes of conduct.

Q-CERT

13

Data & Privacy Protection Law (2)

Rights of Individuals

The right to object to the processing of any personal information about that
individual for a primary purpose

The right to withdraw consent to the processing of any personal information about
that individual for a secondary purpose

The right to the removal or erasure of personal information about that individual

The right to the correction, removal or erasure of inaccurate personal information

Q-CERT

14

CIIP Law (1)

Reinforce security and resilience of critical information and

communication technology infrastructure

Eliminate /reduce security breaches on critical sectors information
Ensure that critical infrastructures in the country are less vulnerable

to braches and disruptions

Ensure fast resumption of operation in event of breach or disruption

Ensure that businesses are well equipped to cope with incidents of

breaches
Q-CERT

15

CIIP Law (2)

Should have CSOs

CSOs shall incorporate and insure

Incident Management Controls
Business Continuity Controls
engage in sector wide co-operation and collaboration
Information Security Program is independently audited

CSO shall be subject to a financial penalty of the equivalent of (One hundred

thousand Qatari Riyals) per week until the CSO conformance is approved.

Q-CERT

16

Critical Sectors
Sectors are deemed critical when their incapacitation or destruction would have a
debilitating impact on the national security and social well-being of a nation

17

Cant call for help

18

Am I critical ?

What is NIA Policy

Approved by the Board of

Government
Information
ictQATAR
What
is GIAand has been sent

Assurance
Survey
to Council of Ministers.

Formulated from most common

international standards/best
practices
Allows straight forward path for
certification against other
standards e.g. ISO27001
Maps well with established
standards such as ITIL

Adopted

NIA Policy is

Step 1: Identify key processes and

their owners in the organization.

Step 2: Identify process

dependencies: information, applications,
systems, networks, etc.

Step 3: Determine the security

classification for each information asset
using table

Step 4: Record the full classification

Assets
Classification

Q-CERT provides you

Government
Information
and subject matter
Whatconsultation
is
GIA
advice on information
security.
Assurance
Survey
Courses are developed to assist
stakeholders in implementing
an ISMS using NIA Policy.
Tools developed to assist you in
implementation, audit and
compliance process
All the material including NIA
Policy documents and courses
are available in Arabic

Q-CERT
comprehensive

support
towards adopting
NIA

Government Information
What is GIA
Assurance Survey

National
goals and
Achievements

Thank You
www.qcert.org