Professional Documents
Culture Documents
What is Q-CERT?
Our Approach
We encourage all organizations to have an Information
Security Risk Management program in place
We work directly with organizations who provide critical
services to the nation
We help organizations to improve their cybersecurity capability
and capacity
Q-CERT never discusses the confidential information it
receives
There is no charge for Q-CERT services - designed to
complement private sector, not compete with it
Government Information
The need of Information
Security Management System
Assurance Survey
Increasing
Reliance on ICT
Baseline Policy &
Standards
New Emerging Risks
Auditing Model
No Security Baseline
standards
Certified Training
Insufficient trained
resources
6
Emerging Risks
Changing Political Scenario
Arab Spring
Qatar’s prominent role in International Arena
Changing Economic Scenario
Country with highest per capita income
International Sporting Events
Hacktivism
Sophisticated Attack Vectors
Insider Threats
Changing Legislative landscape
Data Privacy Law*
Critical Information Infrastructure Protection Law*
Business Model of Challenges
Information
Security
Cultural Issues
Pre-set Mindset: Peaceful
and secure environment
Lack of Awareness
Lack of Support
Lack of Resources
8
Policies-Standards-Guidelines
National Cryptography policy
Accreditation and Certification Framework
Public WiFi Security Policy
BYOD Security Policy
IOS Security Policy (Apple devices Security)
11
Computer-related offences
Content-related offences
Promotes the protection of the personal privacy of individuals, including children, with regard to
the processing of personal information in the State of Qatar;
Adheres to the international obligations accepted by the State of Qatar and promotes global
privacy interoperability so as to enable the free flow of information;
Minimises and simplifies regulations for the benefit of both businesses and consumers,
including encouraging self-regulation through voluntary codes of conduct.
Q-CERT
13
Rights of Individuals
• The right to object to the processing of any personal information about that
individual for a primary purpose
• The right to withdraw consent to the processing of any personal information about
that individual for a secondary purpose
• The right to the removal or erasure of personal information about that individual
Q-CERT
14
thousand Qatari Riyals) per week until the CSO conformance is approved.
Q-CERT
16
Critical Sectors
Sectors are deemed critical when their incapacitation or destruction would have a
debilitating impact on the national security and social well-being of a nation
17
Am I critical ?
What is NIA Policy
Government Information
Approved by the Board of
NIA Policy is…
What is GIAand has been sent
ictQATAR
Assurance Survey
to Council of Ministers.
Adopted
Step 1: Identify key processes and Assets
their owners in the organization.
Classification
Step 2: Identify process
dependencies: information, applications,
systems, networks, etc.