By Peter Alagos/Business Reporter
An information security expert has stressed the need for tighter safety measures against internal and external cyber threats and attacks.
“Information security is an ongoing process,” and companies should always be monitoring for “vulnerabilities” and attempts to infiltrate information systems containing confidential or sensitive data,” Nashiat Aloudeh, general manager of Aman Information Security, told Gulf Times.
Qatar “is very visible in international arena nowadays” due to preparations related to the FIFA World Cup in 2022 and the massive infrastructure development in response to thrusts of the Qatar National Vision 2030, he pointed out.
“There is a lot happening here. Qatar is becoming a regional centre – from hosting sporting events to welcoming various regional political factions. Hence, like it or not, Qatari organisations are subject to cyber attacks on a continuous basis,” Aloudeh explained.
“Aside from external factors such as hacking and similar forms of cyber attacks, companies should also be wary of internal factors or attacks from within,” he cautioned.
When asked about the maturity level of information security personnel, Aloudeh said: “It is noticed that information security managers are becoming more structured and more process-oriented (rather than technology-oriented) in addressing the three main pillars of information security: confidentiality, integrity, and availability (CIA) of information.”
In response to the country’s thrust for a comprehensive programme in the field Information and Communications Technology (ICT), Aloudeh said Aman Information Security has partnered with the Qatar Science & Technology Park (QSTP) and the Ministry of ICT (ictQATAR) in developing the Qatar Compliance & Audit Security Toolkit (QCAST) – the country’s first Qatari-based information security application.
QCAST adopts the National Information Assurance Policy (NIAP) of the Qatar Computer Emergency Response Team (Q-CERT).
The toolkit, according to Aloudeh, is also the company’s response to the Qatar National Research Strategy (QNRS) 2012, which calls for the development of information security and applications to support Qatar’s information security needs.
QCAST also helps Qatari organisations comply with the NIAP and other internationally-recognised information security management systems such as ISO 27001, he added.
“This toolkit is unique to us because it was built with the NIAP in mind,” Aloudeh stressed while claiming that the toolkit’s key features help companies in the fields of business processes identification, business impact analysis, assets classification, automatic identification of controls, assign responsibilities, track control implementation progress, and live and historical reports.
“QCAST’s Gap Analysis feature helps Information Security managers, along with their management, decide which controls to implement based on cost and control effectiveness,” he said.
“In the journey toward compliance, QCAST will help organisations, reduce paperwork, continuously monitor NIAP compliance level, and simplify internal and external auditing work, which speeds up the NIAP compliance and certification process.”
