Qatar Builds on Information AssuranceQCERT's Ismael on How IA Helps CISOs Manage Risks
Information security leaders across geographies are leveraging information assurance as a practice to secure their data and manage their risks effectively. The concept has evolved from the practice of information security and is an exercise of assuring information and managing risks of user data within an organization.
Experts say an information assurance framework helps in the restoration of information systems by incorporating protection, detection and reaction capabilities within the business processes.
To this effect, Qatar's Computer Emergency Response Team has embraced the concept of information assurance to enhance its risk management capabilities.
"Practicing the information assurance framework is important before preaching, and hence we have deployed the best practices of the same within QCERT," says Ashraf Ali Ismael, CS Information Assurance section head, ICT Qatar, ministry of Science, Technology & Innovation.
"We at QCERT leveraged the information assurance process to identify risks, establish effective risk management strategies, deploy risk monitoring tools and understand risk mitigation strategies," Ismael says.
"Information assurance has also been used to establish standards to allow users deploy different technological architectures and spot risks that are imposed by these platforms," he adds.
However, the challenge in its deployment is lack of maturity within organisations, and lack of local resources who understand the nuances of information assurance process and frameworks.
"Lack of academia to support such processes, lack of innovations and failure of policy makers to attract talent have come in the way of developing information assurance standards," says Ismael.
In this interview with Information Security Media Group at the GISEC event in Dubai, Ismael discusses how QCERT has been developing the framework suitable to the local regulatory processes and obtaining the necessary mandates from the authorities. He discusses:
- Use of compliance and information assurance tools to develop a risk-free environment;
- Building awareness in the region by forming risk committees on information assurance;
- Coherent training program for the 'C' level for understanding; information assurance concepts and the importance of balancing risks
Ismael manages the development and implementation of national information security policies, standards, guidelines and procedures to ensure the ongoing maintenance of information security. In this position, he has played a key role in drafting and reviewing Qatar's eCommerce law, eCrime law, personal data privacy, National Information Assurance Policy, and Internet Infrastructure Safety Policy. Ismael has been working in the IT field for 25 years, having started as a computer professional working with major hi-tech players and start-ups in Silicon Valley. Before moving back to the MENA region, he headed the technical training operations at high-performance computing producer SGI.