NESA Compliance Service

11/07/2017 NESA Compliance Service - Paladion Networks | UAE
NESA COMPLIANCE SERVICE

Paladion Networks is renowned for helping clients meet regulations and compliance
laws,and bolstering their cyber risk management initiatives. One of these
regulatory compliance requirements is the NESA UAE
Information Assurance (IA) Standard.
Speak to a Compliance Expert
What is NESA compliance? What does it involve?
NESA stands for National Electronic Security Authority and is a The UAE IA Standards promote a life cycle approach for
government institution that aims to provide strict guidelines to establishing, implementing, maintaining, and continuously
organizations for keeping their information security capabilities in improving Information Assurance. This life cycle approach
line with the highest standards to avoid cyber security threats. ensures continual improvement of the UAEs Information
The compliance requirements are outlined under the UAE IA Assurance capabilities based on well-defined activities.
Standards which require organizations to implement them across
their information assets and supporting systems. UNDERSTANDING an entitys and/or sectors information security
requirements and the need to establish a policy and objectives for
Compliance with NESA UAE IA Standard is mandatory for all UAE information security
government entities and other entities identified as critical by
NESA as it is an essential facet of the National Cyber Security CONDUCTING risk assessments, identifying appropriate risk
Strategy and also form as the minimum requirements for treatment actions, and selecting controls to manage the risks
integrating the Sector and National platforms. For all other UAE
IMPLEMENTING and operating security controls to manage
entities, NESA highly recommends following the guidelines on a
information security risks in the context of the entitys or sectors
voluntary basis, in order to participate in raising the nations
overall business risks
minimum security levels.
MONITORING and reviewing the performance and e ectiveness

Organizations that follow these compliance requirements attain a
of the information security processes and controls
number of benefits including greater protection of their
information assets, and fostering of a security-conscious culture ENSURING continual improvement based on objective
that is useful for overcoming emerging security challenges. measurements
NESA Compliance Management Solution (NESA- CMS)

Partners
A fully managed solution for cyber security compliance requirements of NESA UAE IA Standard.
Paladions sophisticated expertise in cra ing information security solutions for enterprises gives it immense credibility to enable
organization meet NESA compliance standards. Our NESA compliance serviceincludes industrys first fully managed solution called NESA
Compliance Management Solution (NESA-CMS). This is a one-stop package for entities who are mandated by NESA to demonstrate their
compliance to the stringent cyber security requirements of UAE IA standard. It is extremely important for entities to understand that
demonstration of initial compliance will be start of journey and not the end. Entities will have to annually showcase their sustenance and
increasing maturity of cyber security controls to the sector regulators and in turn to the NESA authorities. To this end, managed model of
NESA-CMS will be an extended arm to the entities to e iciently and e ectively manage their compliance requirements on an ongoing basis.
NESA Compliance Management Solution (NESA-CMS)
https://paladion.net/nesa-compliance-service-uae/ 1/8
MANAGED NESA GRC MANAGED NETWORK MANAGED ENDPOINT MANAGED MOBILE MANAGED SECURITY TESTING &
SECURITY SECURITY DEVICE SECURITY MONITORING
NESA GRC Perimeter Security Endpoint protection Mobile Device Management Security Testing
Implementation
NESA Compliance Audit Web Proxy DLP Mobile Application Security Log collection & analysis
Support Management
Ongoing Sustenance of URL Filter Patch Management Mobile Email Management Log Retention
NESA GRC
Wifi Security Backup Management Mobile Browsing Security Incident Management

Management
Remote User Access Client VPN Mobile Endpoint protection Brand Monitoring
Security
NESA-CMS is composed of 5 main solution components
Solution Component 1- Managed NESA GRC

Solution Component 2- Managed Network Security
Solution Component 3- Managed Endpoint Security
Solution Component 4- Managed Mobile Device Security
Solution Component 5- Managed Security Testing & Monitoring
Paladions NESA compliance service includesimplementing entities with the flexibility to choose the desired solution component as per their
business & compliance requirement.
Partners
Solution Component 1- Managed NESA GRC

The implementation of Solution Component-1 is undertaken by Paladion in the following manner.
Phase 1 Phase 2 Phase 3 Phase 4
Project Planning Assess existing control Implement P1 controls Assess performance of

High Level Organization gaps Develop P2 Controls the implemented
Understanding vis-a-vis NESA UAE IA Implement P2 Controls controls
Identify Critical Standard Develop P3 Controls Conduct pre-
Business Services Assess threats and Implement P3 Controls compliance audit
Identify information vulnerabilities that can Develop P4 Controls Assist organization in
infrastructures exploit the gaps Implement P4 Controls meeting compliance to
Supporting critical Identify Cybersecurity Conduct comprehensive NESA requirements

national service controls that will reduce security awareness during the compliance
the identified risks program audit
Define a detailed NESA
Implementation Control Development and Control E ectiveness
Critical Services Gap & Risk Assessment
Roadmap Implementation Check and Audit
Identification
As part of Paladions NESA compliance service, wewill develop and implement all P1, P2, P3 and P4 controls prescribed by NESA UAE IA Standard
Priority Level P1 P2 P3 P4
Number of Control 39 69 35 45
The above set of 188 controls includes 35 mandatory controls referred as Always Applicable, as these represents requirements for instituting
foundational IA capabilities within an entity. Given their foundational role, the Always Applicable security controls needs to be implemented by
each relevant entity regardless of its risk assessment outcomes. Applicability of the rest of the 153 security controls are decided as an output of the
risk assessment results by taking into consideration specific business and operational context of the entity.
Solution Component 2- Managed Network Security
The implementation of Solution Component-2 will include deployment & ongoing administration of perimeter security devices e.g. firewall & IPS, web
proxies, URL filter, Wi-Fi security, remote user access security etc. Implementing entities will have the choice to select the desired technologies as per
the technology requirements of UAE IA Standard.
Network Security Service Capabilities

Fully Managed Service
We provide complete network security package in a service

Firewall/IPS
model network security technologies bundled with
comprehensive services for deployment, management,
operations, monitoring and support delivered remotely from
SOC. Gateway Anti-virus
You do not need to procure any technology, hardware or
so ware and build security skills to deploy, manage and
operate the network security set-up. URL/Web Content Filtering
Simplified and fast deployment and operations in an opex
model with zero upfront capex.
VPN & Roaming User Management
Continuous 24x7 Protection

Web 2.0 Controls
Partners
We provide all the services that you need for robust protection
of your network security on 247 basis network security
management, operations, monitoring & support from our ISO Botnet Filtering
27001 certified SOC managed by security experts to give you
peace of mind that your network is protected against threat at
all times.
Geo-IP Filtering
Pre-configured policies & rules based on industry best practices
that can be modified to suit your requirements.
Easy policy & configuration management, monitoring,
enforcement and prompt response in case of any events. Proxy Caching
Always-On Unified Visibility and

Control Bandwidth Control
You get access to our Customer Portal which provides real-time Reports & Dashboards
security and service delivery visibility into the status of your
network security and other security services delivered by
Paladion OnDemand. This helps you achieve a better & unified Policy and Configuration Management
control on your security outcomes.
The portal can be accessed from anywhere at anytime, thus
providing an Always-on 24x7x365 Visibility of your security
Customer Portal
posture with respect to network security. Customers can use
the portal to view security and compliance reports &
dashboards, and also interact with our SOC through ticketing
workflow management. Wi Fi
Comprehensive Reports & Dashboards Compliance & Monitoring
Customer Portal provides you with a complete, 247 visibility

into the outcomes of network security services, with on-
demand reporting.
You get intuitive and easy-to-read reports and dashboards to
meet the requirements of management as well as technical
personnel and several regulatory requirements.
You can get to see several pre-built reports and dashboards, as
well as define your own custom reports and dashboards.
Easily meet & demonstrate regulatory

compliance
Our NESA compliance service enables you to demonstrate

regulatory compliance to auditors quickly and e ectively.
We have pre-built and customizable report templates that helps
generate consolidated reports to meet compliance
requirements.
You do not need to invest time and e orts to get data from
several sources to be able to show compliance to auditors.
Solution Component 3- Managed Endpoint Security
The implementation of Solution Component-3 will include deployment & ongoing administration of endpoint protection solution, DLP agent, patch
management solution, backup & restoration solution, client VPN etc. Implementing entities will have the choice to select the desired technologies as
per the technology requirements of UAE IA Standard.
Partners
End Point Security Service Capabilities


Anti-Virus/Anti-Malware
SOC. Firewall
operate the network security set-up. Device Control
Application Control
We provide all the services that you need for robust protection Patch Management
management, operations, monitoring & support from our ISO
27001 certified SOC managed by security experts to give you Desktop Compliance
all times.
IT Usage/Productivity
enforcement and prompt response in case of any events.
Back-up (local)

Control
Client VPN
You get access to our Customer Portal which provides real-time
network security and other security services delivered by Inventory
Paladion OnDemand. This helps you achieve a better & unified
Policy and Configuration Management
dashboards, and also interact with our SOC through ticketing Reports & Dashboards
workflow management.
Compliance & Monitoring

Comprehensive Reports & Dashboards
Customer Portal provides you with a complete, 247 visibility Customer Portal
demand reporting.

compliance
Partners

requirements.
Solution Component 4- Managed Mobile Device Security
The implementation of Solution Component-4 will include deployment & ongoing administration of mobile device management solution, mobile
application management module, mobile email management module, mobile browsing management module, mobile endpoint protection module
etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.


Mobile Device Management (MDM)
SOC. Mobile Application Management (MAM)
operate the network security set-up. Mobile Email Management (MEM)
Mobile Browsing Management (MBM)

Mobile Kiosk Management (MKM)
management, operations, monitoring & support from our ISO Containerization and App Wrapping
all times.
Geo-Fencing
enforcement and prompt response in case of any events. Location Tracking

Control BYOD Management

security and service delivery visibility into the status of your Anti-Virus
Paladion OnDemand. This helps you achieve a better & unified
Policy and Configuration Management
Partners

the portal to view security and compliance reports & Reports & Dashboards


Customer Portal
demand reporting.


compliance

requirements.
Solution Component 5- Managed Security Testing & Monitoring
The implementation of Solution Component-5 will include deployment & ongoing administration of security testing e.g. penetration testing,
application security testing, configuration review etc., security log collection & analysis on a 24/7 basis, log retention, security incident management
support, brand monitoring service e.g. phishing monitoring, website malware monitoring etc. Implementing entities will have the choice to select the
desired technologies as per the technology requirements of UAE IA Standard.


Security Logs Collection/Aggregation
SOC. Security Logs Analysis
operate the network security set-up. Configurable Log Retention
Multiple Devices/Platform Support

247 Monitoring from SOC
Partners

management, operations, monitoring & support from our ISO Incident Management Support
all times.
Risk-based Alert Prioritization
enforcement and prompt response in case of any events. Alerts through Email/SMS/Portal

Control Detect both internal & external attacks


Paladion OnDemand. This helps you achieve a better & unified Daily Malware Monitoring for Websites
providing an Always-on 24x7x365 Visibility of your security Rules & Alerts Management
Reports & Dashboards


into the outcomes of network security services, with on- Customer Portal
demand reporting.

compliance
Our service enables you to demonstrate regulatory compliance

to auditors quickly and e ectively.
requirements.
In summary, NESA-CMS included in our NESA compliance service can provide implementing entities with a fully managed solution for cyber security
compliance requirements of NESA UAE IA Standard. Paladion is privileged to o er consulting services to help organizations meet regional &
international compliance regulations and laws. With over 15 years of experience in the information security industry, we know first-hand the
challenges and errors in protecting your information assets.
Build an Active Cyber Defense Framework

Schedule Meeting
Partners

NESA Compliance Service - Paladion Networks - UAE

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

NESA Compliance Service - Paladion Networks - UAE

Enviado por

Direitos autorais:

Formatos disponíveis

11/07/2017 NESA Compliance Service - Paladion Networks | UAE

Speak to a Compliance Expert

What is NESA compliance? What does it involve?

MONITORING and reviewing the performance and e ectiveness

NESA Compliance Management Solution (NESA- CMS)

NESA Compliance Management Solution (NESA-CMS)

Wifi Security Backup Management Mobile Browsing Security Incident Management

NESA-CMS is composed of 5 main solution components

Solution Component 1- Managed NESA GRC

Solution Component 1- Managed NESA GRC

Phase 1 Phase 2 Phase 3 Phase 4

Project Planning Assess existing control Implement P1 controls Assess performance of

Supporting critical Identify Cybersecurity Conduct comprehensive NESA requirements

Solution Component 2- Managed Network Security

Network Security Service Capabilities

We provide complete network security package in a service

VPN & Roaming User Management

Continuous 24x7 Protection

Always-On Unified Visibility and

Comprehensive Reports & Dashboards Compliance & Monitoring

Customer Portal provides you with a complete, 247 visibility

Easily meet & demonstrate regulatory

Our NESA compliance service enables you to demonstrate

Solution Component 3- Managed Endpoint Security

End Point Security Service Capabilities

We provide complete network security package in a service

Always-On Unified Visibility and

Compliance & Monitoring

Easily meet & demonstrate regulatory

Our NESA compliance service enables you to demonstrate

Solution Component 4- Managed Mobile Device Security

Network Security Service Capabilities

We provide complete network security package in a service

Mobile Browsing Management (MBM)

Continuous 24x7 Protection

Always-On Unified Visibility and

You get access to our Customer Portal which provides real-time

providing an Always-on 24x7x365 Visibility of your security

dashboards, and also interact with our SOC through ticketing

Comprehensive Reports & Dashboards

You can get to see several pre-built reports and dashboards, as

Easily meet & demonstrate regulatory

Our NESA compliance service enables you to demonstrate

Solution Component 5- Managed Security Testing & Monitoring

Network Security Service Capabilities

We provide complete network security package in a service

Multiple Devices/Platform Support

Continuous 24x7 Protection

of your network security on 247 basis network security

Always-On Unified Visibility and

You get access to our Customer Portal which provides real-time

network security and other security services delivered by

Compliance & Monitoring

Customer Portal provides you with a complete, 247 visibility

Easily meet & demonstrate regulatory

Our service enables you to demonstrate regulatory compliance

Build an Active Cyber Defense Framework

Você também pode gostar