July 03, 2023. | Compliance, Cybersecurity, Data security

DFSA IT compliance: where to begin?

If your company falls under Dubai Financial Services Authority (DFSA) jurisdiction and you are unsure where to start in achieving IT compliance, Mohammed Hammoudeh, Information Security Specialist at Penta IT Services, may offer a way forward.

The DFSA states that having an effective cyber risk management framework in place is one of the key areas that Dubai International Financial Centre (DIFC) businesses need to protect themselves from cyber risks and achieve DFSA compliance. 

In Penta’s recently published guide on DFSA compliance, some of the main priorities to focus on this year were highlighted. 

When it comes to embarking on this process, Mohammed Hammoudeh offers this advice: “Choosing the cyber risk management framework for your business is the best place to start. That choice will provide the foundation for all your subsequent decisions around DSFA compliance.”

But what are cyber risk management frameworks and which one should you adopt for your organization?

What is a cyber risk management framework?

A cyber risk framework is a comprehensive approach to managing cyber risk across an organization. But, as Hammoudeh points out:

“The DFSA does not require regulated firms to follow any particular cyber framework or standard because there is no one-size-fits-all approach. Every DIFC company will have its own characteristics and will need to weigh up the different frameworks with the help of an expert to find the best fit.”

Below Mohammed lists the frameworks suggested by the DSFA and breaks down the advantages and disadvantages of each option:

How do these frameworks compare?

Issued byUK government — His Majesty’s (HM) Treasury, G7 Cyber Expert GroupInternational Organization for Standardization (ISO)International Organization of Securities Commissions (IOSCO), Committee on Payments and Market Infrastructures (CPMI)Center for Internet Security (CIS)National Institute of Standards and Technology (NIST)
Designed forFinancial sectorAll industriesFinancial market institutionsAll industriesAll industries
Focuses onEffective assessment of cyber security riskBuilding security management programsGovernance and transparency, cyber resilience, payment safety, limiting systemic riskProtecting high risk areas using automated controlsAligning cyber security defenses to organizational goals
AdvantagesAdopted by the DFSA, good all-rounderGlobal acceptance, additional credibilityUsed by most banksEasy to use, constantly updatedMeets multiple compliance requirements
DisadvantagesLess clarity on action itemsProcess takes a lot of time and resourcesLimited in scopeLimited in scopeLess clarity on action items

What framework to choose?

The answer to this question will always depend on the requirements and characteristics of the individual company. 

Mohammed Hammoudeh offers the following advice: “it is important to work closely with an expert who fully understands your business, and has in-depth knowledge and experience with the DSFA requirements, and the intricacies of each framework to find the most appropriate path to follow.”

“Whatever framework you choose to adopt, the process of implementation involves the same steps,” adds Hammoudeh.

The steps to implement any cyber risk management framework are:

  • Defining the scope and objectives of your cyber risk management framework.
  • Identifying and assessing the potential risks to your organization’s critical assets, systems and data.
  • Developing policies and procedures for managing and mitigating cyber risks.
  • Defining roles and responsibilities for cyber risk management across the organization.
  • Establishing a risk management process that includes ongoing risk assessment, risk treatment, and risk communication.
  • Developing incident response plans to address potential cyber attacks and data breaches.

Share this
This post has 0 comment(s)

Leave a Reply

Your email address will not be published.

chat-icon Chat with us reactangle-up