By Diana Milne
15 October 2006
While Middle East organisations have been widely criticised for not
doing enough to protect their IT systems, a number of companies here are
now waking up to the looming IT security crisis by adopting
According to managed hosting and security consulting firm eHosting
Datafort, three companies in the region have become certified under the
ISO 27001 standard Dubai Aluminium Company (Dubal), Saudi Binladin Group
in Saudi Arabia and Mobile Telecommunications Company (MTC) Vodafone in
Bahrain with the Dubai Rulers Court due to follow.
The security firm said it is working with another eight companies
towards achieving certification, and is in discussion with a dozen other
The certification is given to companies that meet the standards
requirements in terms of securing data held on their systems such as
employee or customer information.
ISO 27001 requires companies to meet standards in a number of
categories, which fall into three broad areas confidentiality, integrity
It replaced the BS7799 this year as the only certifiable security
governance standard and allows companies to comply with regulations such
as the USs Sarbanes Oxley laws and the UKs Data Protection Act.
Ahmed Baig, manager of security consulting for eHosting Datafort, said
the fact that so many organisations are looking at or have already
acquired the ISO 27001 certification is a very positive sign.
Its quite encouraging because in this small market these numbers are
quite big, he claimed.
Businesses are realising more and more that there are a lot of incidents
being reported within the GCC and people are taking this quite
seriously, he added.
They are becoming aware and they are trying to figure out if they are
not aware, what are the best ways to protect themselves.
Ibrahim Awad, information security officer at the Dubai Rulers Court,
which is in the process of being certified, explained that security of
information is particularly important for his organisation, which
provides shared IT services for all government departments in Dubai.
We have a government information resource department, which holds the
other departments data on the ERP system and we provide this system to
the government departments like the police department and Municipality,
We also have their finance information, HR records and logistics data.
So we needed proven and used technology to secure this data and secure
the IT infrastructure as well.
He went on to say that the government is in talks over whether to
implement the ISO 27001 standard across all its different departments.
The process of certifying the Dubai Rulers Court is expected to be
completed by the end of this year and has been going on for around six
Dubal completed the process in August and is now fully ISO 27001
The firms IT architecture manager, Jagan Rao, said the company is now
better able to protect the valuable company data held on its IT systems
such as project proposals, customer orders, sales contract information
and budget or financial planning information.
Information is one of our main assets; we have to protect it and we have
a very strong infrastructure and methods in place to protect against
hacking or a denial of service attacks and information leakage or
espionage, said Rao.
This helps us to align with the international best standards and
practices. And it gives us and the management the assurance that things
are done in the right way, he added.
Baig said it is particuarly important for companies to become certified
in the UAE where the government has recently enacted a new cyber law.
This law will require companies to monitor the information they hold and
the content being emailed from the company by employees.
2006 The Information & Technology Publishing Co. Ltd.
Visit the InfoSec News store!