Security
4 min read
Last updated:
Organizations in the UAE have been able to deliver innovative services and stimulate economic development through the increasing adoption of Information Technology (IT), electronic communications, and cyberspace, which is a global network of interconnected telecommunications networks, information technology infrastructure, and computer processing systems. As these technologies develop, the UAE's dependence on them will increase. Due to this, the UAE Government is committed to ensuring that organizations and individuals within the UAE have access to a secure information and communication infrastructure. As a result, it will be possible to realize its full potential, in spite of evolving cyber threats.
Keeping up with cyber threats such as cybercrime requires systematic and coordinated efforts. As part of its efforts to boost national cyber security and protect national infrastructure, the UAE Government has launched a number of initiatives to align and direct national cybersecurity efforts. All relevant UAE entities are required to meet minimum levels of information assurance under the Information Assurance (IA) Regulation. Businesses and individuals across the UAE will benefit from a trusted digital environment if these are adopted by UAE entities. Collaboration and partnerships between private sector organizations and the government are key to success when it comes to securing cyberspace.
The purpose of this guide is to provide some tips for using SIEMs and log management services to ensure your business operates in compliance with UAE Information Assurance (IA) Regulations.
Contents
Who should comply with NESA and why?
UAE government and private entities dealing with personal or private information must comply with NESA regulatory compliance (also called Information Assurance (IA) Regulation). This is a mandatory requirement for all stakeholders who have direct or indirect contact with national information. According to NESA, following the guidelines will also allow them to actively participate in strengthening the UAE's digital security. Enterprises in the UAE are adapting to using information security tools in the face of the increasing number of cyber threats and data breaches. Every industry, regardless of size, should place a high priority on securing its IT infrastructure and search for solutions that protect its data assets from malicious insiders or tainted third parties. Modern security threats are not only on the rise but are also getting more sophisticated every day, and companies are constantly worried about compromising data, including personal customer information, enterprise data, statutory records, financial information, operational information, etc.
Monitoring & Logging
In accordance with UAE IA Regulation T3.6, logging should be enabled on all systems whenever possible. There is logging functionality built into most operating systems, network services, and firewalls, whether they are free or commercial. It is recommended that such logging be activated so that logs can be sent to a centralized logging server. To preserve all available information in case a follow-up investigation is required, all firewalls, VPNs and any additional systems must be configured for verbose logging. When a user attempts to access resources with improper permissions, operating systems, especially those of servers, should record access control logs. An entity should examine its logs periodically and compare them with its asset inventory. This will enable cybersecurity specialists to ensure that every asset attached to the network is periodically generating logs in order to know if such logging has been implemented.
SIEM solutions are useful tools for analyzing logs. Although audit logs can be analyzed in a number of ways, an individual can even conduct a cursory examination. By using correlation tools, audit logs can be made far more useful for manual inspection in the future. It can be quite helpful to use such tools to detect subtle attacks. Nevertheless, information security personnel and system administrators need to be skilled to utilize these tools. Identification and understanding of attacks often require human intuition and expertise, even with automated log analysis tools.
Fault & Error Detection
Logs should be kept for recording faults in accordance with T3.6.6. Data processing or information communication faults can be logged and tracked by fault logging. Logging should be done for any faults reported by users or by programs. The handling of reported faults should follow clear rules, including checking the fault logs to ensure that issues have been satisfactorily resolved and ensuring that controls have not been compromised. Wherever error logging is possible, it should be enabled.
Network Security Management
It is essential to manage network security, in accordance with UAE IA Regulation T4.5, to ensure the protection of information in networks as well as the support infrastructure, particularly from threats such as abuse of system access and privileges as well as Denial of Service (DOS) attacks.
In order to determine which services are listening, port scanners can be configured to not only identify open ports but also to show the protocol version and service listening on each discovered open port. A management system compares this list of services and their versions to a list of services required by the entity for every server and workstation. A newly added feature in these port scanners can help security personnel identify differences in services provided by scanned machines over time. This will help them determine how these services may have changed.
Application Performance Monitoring
Business-critical applications need to be reviewed and tested after operating system changes. This is specified in regulation T7.6.2. As part of this process, applications must be tested in a testing environment whenever operating systems are changed. Application logs should also be monitored for anomalies, and a rollback procedure must always be defined. To ensure that operating system changes have not compromised application control and integrity procedures, they should be reviewed.
Retaining Audit Logs
A strict change management process that actively records audit logs should be in place for operational systems and application software. It is imperative to ensure that audit logs are retained in a way that permits access to the data (both in a format that can be read and on a file system) throughout the retention period. This is to avoid the possibility of data loss due to technological change in the future. Depending on the requirements, data storage systems should be chosen in a way that also allows retrieval in an acceptable timeframe and format.
Automate the Digital Audit Trail Whenever You Can
Keeping manual records is an inefficient method of document processing that makes auditing in the UAE stressful and risky. If you work manually, you are likely to make mistakes, miss important information, and waste valuable time. For this reason, audit firms in the UAE recommend automating document management to make it more efficient and hassle-free. Using an automated SIEM solution, audit logs can be centralized and stored as well as real-time notifications can be configured with ease. Via using the same tool intuitive dashboards and reports can be generated also.
If your UAE-based company wants to automate and centralize their logs then why not use Logit.io’s UAE NESA solution?
If you found this compliance article informative, why not check out our guide to compliance in business or NERC CIP cybersecurity standards next?