Information Security Programme

The goal of the Abu Dhabi Information Security Programme - an integral part of the overarching Mission Assurance Framework - is to ensure the appropriate confidentiality of services, integrity of data, and desired service availability for both the Abu Dhabi Government and its users. To accomplish this, ADSIC seeks to establish a system of target mechanisms across the entire Government to assure that all ADGEs and their services are adequately secured.

Following the development of a strategic foundation in 2007 that included an information security strategy and operating model, ADSIC worked in 2008 to develop the Abu Dhabi Information Security Policy and Standards. This was supplemented by a set of risk management process guides (Risk Management Overview, Risk Assessment, Information Security Planning, Security Testing & Evaluation, and Certification & Accreditation) and functional guides (Information Security Policy & Procedures Handbook, and Technical Testing Guide). Of particular significance was the publication of the Emirate’s first Information Security Policy, which established uniform information security requirements, roles, and responsibilities across the Abu Dhabi Government.

In 2009 the Information Security Programme was formally launched through an Information Security Launch Workshop attended by relevant stakeholders at the local and federal levels. This workshop initialized the rollout of the programme to 35 ADGEs. This rollout is being conducted in conjunction with the Abu Dhabi Executive Council’s Performance Management System. The rollout programme will run for two years in which each of these 35 ADGEs will be guided by ADSIC through the five steps of an Information Security implementation. Also in 2009, ADSIC launched an awareness campaign for the programme that has addressed over 70 entities not only within Abu Dhabi but also from across the UAE.