The Dubai Information Security Regulation (ISR) is a comprehensive and mandatory regulation that provides a framework for information security management within Dubai.

 

Developed and enforced by the Dubai Electronic Security Center (DESC), the ISR aims to ensure a high level of confidentiality, integrity, and availability for information handled by government entities and critical service providers.

 

ISR outlines a set of essential security controls and requirements designed to minimize information security risks, prevent incidents, and ensure the continuity of critical business processes in Dubai's digital environment.

 

The latest version of the regulation is ISR V3.0, building upon previous versions to address the evolving threat landscape.

Key Domains of ISR

 

The Dubai Information Security Regulation (ISR) is structured into thirteen domains, categorized under three main classes: Governance, Operation, and Assurance. This provides a comprehensive framework covering various aspects of information security:

 

• Governance Domains: Set high-level requirements for structuring and managing information security, including aspects like Information Security Strategy, Policy, Organization, and Risk Management.
• Operation Domains: Detail technical and non-technical controls for implementing security measures in day-to-day operations, covering areas like Asset Management, Access Control, Cryptography, Physical Security, and Operations Security.
• Assurance Domains: Focus on activities that provide confidence in the effectiveness of implemented controls, including Compliance, Audit, Incident Management, and Business Continuity Management.

 

Each domain contains specific objectives and detailed controls that organizations must implement based on their applicability and risk assessment.