"The Dubai Quality Group (DQG) has re-launched its IT subgroup with a view to giving its members the opportunity to discuss issues and influence changes in the business community. In order to achieve overall quality excellence, organisations need to effectively manage their information systems.

With a resolve to create and support industry wide security awareness, the Dubai Quality Group along with Security Advisor Middle East is working towards creating a security conscious work force within the corporate community regionally by supporting a campaign in which the primary goal is to build awareness of IT security issues that affect everyone individually and as an organisation."

- Abdul Qader Ali, Chairman, Dubai Quality Group

Effective Information Security is not only a technical issue, but also a business and governance challenge that involves risk management, reporting, and accountability and enabling this requires the active engagement of executive management. Here is a quick guide to what CEOs need to do to enable a scalable governance framework in their organisations:

Conduct an annual information security evaluation conducted, review the evaluation results with staff, and report on performance to the board of directors Conduct periodic risk assessments of information assets as part of a risk management program Implement policies and procedures based on risk assessments to secure information assets Establish a security management structure to assign explicit individual roles, responsibilities, authority, and accountability Develop plans and initiate actions to provide adequate information security for networks, facilities, systems and information Treat information security as an integral part of the system life-cycle

Provide information security awareness, training, and education to personnel Conduct periodic testing and evaluation of the effectiveness of information security policies and procedures Create and execute a plan for remedial action to address any information security deficiencies Develop and implement incident response procedures Establish plans, procedures, and tests to provide continuity of operations Use security Best Practices guidance, such as ISO 17799, to measure information security performance

"Due-care and due-diligence" are the terms that bind organisations from around the world to take security as their corporate responsibility, whether they like it or not. Enterprises today need to be compliant to various regulations and standards for reputation, growth, information assets protection and defence against legal suits; each industry has its own regulations for compliance like HIPAA, GLBA and SOX. Organisations need to educate the employees as to their responsibilities as information users and procedures for information handling.

Businesses today depend on various kind of information and this information is collected from various sources; some of which demand privacy and confidentiality. Failing to do so can lead to loss of reputation and legal suits; which can lead to financial losses as well.

In today's high-tech and interconnected world businesses are more demanding and reliant on information systems; information systems play an important role in business decisions rather than just storage and processing. Today, every corporation needs a well thought-out and tested security program to handle the threats that exist from both within the walls of each enterprise as well as from external sources such as hackers, competitors and foreign governments. By enforcing corporate security, organisations can minimise risk and demonstrate due-care and due-diligence towards their customers and shareholders.

Awareness is the key to security; CPI's awareness campaign bolsters its "security as corporate responsibility" initiative. Awareness at both the corporate and personal level is the only way one can achieve security. Security can only be as strong as the weakest link. To make the weaker links stronger, awareness campaigns are important.

- Dr Saeed Al Barwani, CEO of eHostingDatafort

Good governance is not only about the effective management of country. Today, in the digital economy, it is also about how well as a government, you can protect your people's information. As the government departments in the Middle East move strongly towards offering increased e-services, UAE is second to none when it comes to its levels of awareness and commitment to IT security. Not only are these departments investing in the best technology, but also see awareness creation both within and in the general market as very important to their business. Besides investing in best fit technologies to ensure information security, setting internal policies and enabling data availability and protection has emerged as top priorities.

Head Of Security Section, General Department Of E-Services at the Dubai Police HQ, Major Saeed Al-Dashti