Contents
Foreword 4
Chapter 1: Introduction 5
1.1 Background 6
1.2 Purpose of the UAE IA Regulation
8
1.3 Layout of the UAE IA Regulation
9
Chapter 2: UAE IA Regulation Overview
11
2.1 Scope 12
2.2 Related TRA Documents 12
2.3 Entity, Sector, and National Contexts
13
2.4 Information Assurance Lifecycle 14
Chapter 3: UAE IA Regulation Implementation
15
3.1 Overview 16
3.2 Risk-Based Approach 17
3.3 Applicability of Controls 20
3.4 Prioritization of Controls 21
3.5 Key Stakeholders Roles and Responsibilities
22
3.6 Key Success Factors 24
Chapter 4: Compliance with the UAE IA Regulation
25
Chapter 5: Security Controls 28
5.1 Control Structure 29
5.2 Description of families of controls
31
5.3 Management Controls 33
M1 Strategy and Planning 33
M2 Information Security Risk Management
49
M3 Awareness and Training 63
M4 Human Resources Security 69
M5 Compliance 77
M6 Performance Evaluation and Improvement
89
5.4 Technical Controls 94
2