![Page 1: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/1.jpg)
A Government-‐wide Informa2on
Security Programme
A Case of the Western Region Municipality, Abu Dhabi, UAE
(Presented @ 3rd Annual CISO Asia, Singapore – Nov. 2014) Presented by:
Irene Corpuz, MSc, ITIL, PMP
![Page 2: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/2.jpg)
The United Arab Emirates
Agenda: 1. Overview of theUnited Arab Emirates 2. Abu Dhabi and its Vision 2030 3. A Unified approach to InformaMon
Security through the ADSIC InforaMon Security Program
![Page 3: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/3.jpg)
The United Arab Emirates
42 Years In just 42 years, they have converted the dessert into gold...
Oil & Gas It is one of the leading producers of oil in the middle east and in the world
Popula2on 9.2Million as of 2013
Very ambi2ous Targets... And they don’t remain as targets
EXPO 2020 UAE won the bid to host the Expo 2020
![Page 4: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/4.jpg)
The 7 Emirates
ABU DHA
BI
![Page 5: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/5.jpg)
UAE is the home of some of the unique building infrastructures
![Page 6: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/6.jpg)
Abu Dhabi – UAE‘s Capital
![Page 7: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/7.jpg)
Abu Dhabi Vision 2030
7. Enable Financial Markets to Become the Key Financiers of Economic Sectors and Projects
Abu Dhabi’s Seven Areas of Ongoing Economic Policy Focus 1. Build an Open, Efficient, Effective and Globally Integrated Business
Environment
2. Adopting Disciplined Fiscal Policies that are Responsive to Economic Cycles
3. Establish a Resilient Monetary and Financial Market Environment with Manageable Levels of Inflation
4. Drive Significant Improvement in the Efficiency of the Labour Market
5. Develop a Sufficient and Resilient Infrastructure Capable of Supporting Anticipated Economic Growth
6. Developing a Highly Skilled, Highly Productive Workforce
![Page 8: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/8.jpg)
Unifying the approach to a secured infrastructure across ALL Abu Dhabi Government En22es
![Page 9: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/9.jpg)
Abu Dhabi Systems & Informa2on Center (ADSIC) -‐ 2008 The Centre is considered as the governmental party that owns the IT agenda of the Emirate, and has the authority to pracMce the following competences: 1. Supervise the implementaMon of the e-‐
Government program in Abu Dhabi Government enMMes (ADGEs).
2. Develop the ADSIC InformaMon Security Programme.
![Page 10: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/10.jpg)
Implemented effecMvely, it can be instrumental in government delivering beYer quality, more robust and higher value services that ciMzens
and residents can place their trust in.
Abu Dhabi Systems & Informa2on Center (ADSIC)
![Page 11: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/11.jpg)
And the following standards: 1. ISO 27001 2. ISO 22301 3. NIST special publicaMon 800-‐53 Rev 30
ADSIC Informa2on Security Programme
The ADSIC InformaMon Security Programme is developed according to, and guided by, the exisMng laws and policy in the UAE:
1. ArMcle 24 of Federal Law No. 1 of 2006 2. Federal Law No. 5 of 2012 3. Abu Dhabi Government Policy Agenda 2030
![Page 12: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/12.jpg)
ADSIC Informa2on Security Programme
![Page 13: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/13.jpg)
13
![Page 14: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/14.jpg)
Abu Dhabi Municipality (1962)
Al Ain Municipality (1967)
Western Region Mun. (2006)
Department of Municipal Affairs (DMA)
![Page 15: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/15.jpg)
By 2016, ALL Abu Dhabi Government EnMMes (ADGE’s) should comply and
pass the requirements according to the ADSIC Standards.
ImplemenMng ADSIC InformaMon
Security Standards is MANDATORY
For WRM, where does the challenge come from?
![Page 16: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/16.jpg)
Both MunicipaliMes have: 1. applied the ADSIC InformaMon
Security Programme V1 since 2009 2. been cerMfied by ADSIC based on
ADSIC Standards V1 3. passed the ISO 27001 CerMficaMon
For WRM, where does the challenge come from?
![Page 17: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/17.jpg)
Where is the Western Region?
Silaa Mirfa
Gyathi
Liwa
Madinat Zayed
Delma
![Page 18: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/18.jpg)
18
The road to the Western Region
![Page 19: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/19.jpg)
19
Will these people care about informa2on security?
![Page 20: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/20.jpg)
20
What is important to the ci2zens at the western region?
![Page 21: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/21.jpg)
21
What are the ini2al but significant steps? Services Inventory • IdenMfy all the services provided to the ciMzens and residents in the region
• IdenMfy all internal services where informaMon security is criMcal
InformaMon Asset Inventory
• Out of the services provided, what kind of informaMon are generated
InformaMon Assets are classified • Secret • ConfidenMal • Restricted • Public
![Page 22: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/22.jpg)
22
What kind of services does WRM provide?
There is a government ini2a2ve to put the services in the Municipality website and offer as: 1. eService 2. mService
Land & Property
management
Community Services
Building Permits
SpaMal Data (GIS)
Parks & FaciliMes
Roads & Infrastructure
![Page 23: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/23.jpg)
23
Providing services electronically (e-‐service in different levels:
Listed
StaMc
InteracMve
TransacMonal
![Page 24: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/24.jpg)
24
Which services are cri2cal and of high importance?
• ERP • Food DistribuMon System
• Land & Property management • GIS
Maps, satellite pictures, planning maps
Buildings, rent & sales, distribuMon
Employees confidenMal informaMon
Rice, juices, sugar, coffee,
water & various stuff
![Page 25: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/25.jpg)
25
Monitoring the Infrastructure
• UTM • SIEM
• DLP (Data Loss ProtecMon)
• WAF • IDPS DetecMng
and Responding to AYacks
Addressing web-‐based threat
Bringing it all together
ProtecMng Data
Resources
![Page 26: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/26.jpg)
26
Other ac2vi2es performed by WRM
Unified IT IS Policy & IT
Policy Manual Gap Analysis
VAPT (public IP’s &
ApplicaMon)
DMA IniMaMve to unify all IT
InformaMon Security Policy and the IT
Policy Manual across all municipaliMes
Self-‐assessment according to the ADSIC InformaMon security Control
SpecificaMons allowed us to determine the gap from current to 2016 objecMve
ü 1. Vulnerability Assessment was conducted by aeCERT on all PUBLIC IP’s of WRM
ü 2.VAPT was conducted by a 3rd party consultant on 5 criMcal applicaMons of WRM
![Page 27: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/27.jpg)
27
The Self-‐Assessment conducted by WRM according to the ADSIC Programme?
SecMon I: Summary of Work to date
SecMon 2: Control Standards & SpecificaMons
SecMon 3: Control
Ownership
SecMon 4: ImplementaMon
Status
SecMon 5: Control
EffecMveness
![Page 28: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/28.jpg)
28
Once completed, the outcome of the Self-‐assessment is a sort of a gap analysis which will indicate the weak control specificaMons that need to be prioriMzed.
What will be the outcome of self-‐assessment?
![Page 29: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/29.jpg)
29
![Page 30: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/30.jpg)
30
Accomplishments & future plans
2014 2015
2016
Training & Awareness sessions escalated the maturity level of WRM in terms of Informa2on Security 1. Informa2on Security Cer2fied Training (HCT CERT) 2. Vulnerability Assessment conducted by aeCERT 3. Gap Analysis 4. Risk Assessment
1. Informa2on Security Cer2fied Training (HCT CERT) 2. Alignment with the unified approach under DMA 3. Achieve compliance with the ADSIC Standards for Highest
Categoriza2on Services
Achieve full compliance with AD Informa2on Security Standards
![Page 31: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/31.jpg)
31
The Direc2on of the UAE
![Page 32: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/32.jpg)
32
The DUBAI Smart CITY
On 5 March 2014, H. H. Sheikh Mohammed bin Rashid Al Maktoum launched a strategy to transform Dubai into a 'Smart City'.
Dubai will have a 5-‐D control room, the world's largest room which will be used to follow-‐up the process of transforming Dubai into a Smart City and to oversee the government projects and service indicators; such as, roads, weather condiMons and emergency situaMons.
The strategic plan to transform Dubai into a Smart city is based on three basic ideas: communicaMon, integraMon and cooperaMon.
(Image is for illustration purposes only)
![Page 33: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/33.jpg)
VISION 2030
Conclusion Challenges include preparing the federal enMMes with the necessary technological infrastructure, reducing the digital divide by driving people to use government services through mobile phones and portable devices, assuring them of privacy and security of their data.
ABU DHA
BI
![Page 34: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/34.jpg)
34
Thank you!
Speaker’s Profile: Irene Corpuz is the Head of Planning & IT Security at the Western Region Municipality. She acquired her Masters of Science in IT at the University of Wales, UK. She has 25 years of diversified experience in IT including IT Security, Strategy & Service Management. Amongst her other certifications and expertise are in the field of Quality & Excellence (ISO & EFQM), Project Management & Knowledge Management and has gained the essential certifications on each specialization. Her certifications include: ITIL Service manager, ITIL V3 Foundation, CKM, EFQM Certified Assessor, ISO Lead Auditor (QMS & ISMS) and PMP. Irene has led strategic projects in all her fields of expertise in various projects in Asia, the UAE, UK and the USA, and has received prestigious awards including Gold Stevie Awards for Women in Business – Employee of the Year (New York, 2013); Bronze Stevie Awards for Women in Business – Executive of the Year (New York, 2013); Filipino Achiever in the UAE Award (UAE, 2014); and appreciations for her successful ISO & EFQM projects in the UK and Washington DC.
![Page 35: Western Region Municipality Presentation at CISO Asia Summit 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042716/55cd102fbb61eb3f288b47fe/html5/thumbnails/35.jpg)
References
http://www.thenational.ae/uae/government/spending-to-exceed-100bn-as-abu-dhabi-strives-towards-vision-2030 http://www.thenational.ae/business/abu-dhabi-2030-economic-vision http://www.thenational.ae/uae/technology/uae-in-cyber-security-talks-to-combat-latest-threats Abu Dhabi Economic Vision 2030 5th Abu Dhabi eGovt Forum – ADSIC http://gulfnews.com/in-focus/uae-national-day Master Plan for Dubai Expo 2020 on Track UAE Population Dubai Smart City Launched ADSIC Information Security Standards ADSIC Information Security Programme