Overview
The project focused on assessing the organization’s Information/Cybersecurity Management function, including its structure, policies, procedures, practices, and standards. The assessment also included a cybersecurity maturity profile and benchmarking against local and regional regulatory frameworks and standards.
Scope
The assessment covered Information/Cybersecurity governance, organizational structure, roles and responsibilities, policies, processes, practices, and standards. It also included evaluation of cybersecurity readiness, resilience, vulnerabilities, incident response capabilities, and alignment with regulatory requirements.
Key Activities
- Assessed the current Information/Cybersecurity Management function
- Evaluated organizational structure, roles, responsibilities, policies, processes, practices, and standards
- Conducted a cybersecurity maturity profile assessment
- Benchmarked against NCSA CSF, NIMF, NIA, QCB circulars, RBI CSF, UAE NESA, and CBK CSF
- Evaluated preparedness and resilience against current and evolving cyber threats
- Analyzed existing security measures and identified vulnerabilities
- Assessed incident response capabilities
- Conducted domain-specific cybersecurity evaluations
- Developed a forward-looking cybersecurity roadmap aligned with business goals and regulatory requirements
- Prioritized roadmap initiatives based on risk, impact, and feasibility
- Prepared management-level and technical-level reports
- Conducted workshops and walkthroughs to explain findings and recommendations
- Developed final reports after stakeholder agreement
Areas Covered
- Applications
- Databases
- Networks
- Servers
- Security devices
- OT technologies
- Information Security Policy
- Information Security Procedures
- Cybersecurity Policy Framework
- Security Operations Center Manual
- Identity and Access Management Policy and Procedures
- Security Operations Center processes
- Identity and Access Management processes
- Vulnerability Management and Penetration Testing processes
- Threat Intelligence processes
- Governance, Risk, and Compliance processes
Outcome
The assessment provided a structured view of the organization’s cybersecurity posture, maturity, regulatory alignment, readiness, resilience, and areas for improvement. It also produced management and technical reports, actionable recommendations, and a remediation roadmap with short-, medium-, and long-term initiatives.
