Dubai: The Dubai Electronic Security Centre (DESC), part of Digital Dubai, is preparing to launch Information Security Regulation (ISR) Version 3.0 after the success of the previous edition (ISR Version 2.0).
The Regulation includes key practices in information security that must be adopted across all Dubai Government entities, along with the necessary requirements for information security controls to ensure appropriate confidentiality, integrity, and availability of information.
The Regulation further seeks to provide these entities with the standards to ensure the continuity of critical business processes, minimize information security-related risks, and prevent information security incidents.

As Dubai and the UAE continue to make strides in their comprehensive digital transformation plans, we remain committed to our mission to ensure and constantly enhance cybersecurity services in Dubai, bringing them in line with the highest international standards. The Information Security Regulation is a powerful tool for achieving our strategic objectives. Effective implementation of ISR controls can ensure resilience in dealing with risks to information security, which, in turn, can boost consumer confidence, business performance, productivity, and national security.
Mr. Yousuf Hamad Al Shaibani, CEO of the DESC, shared.
The Regulation is broken down into 13 domains, each considering one or more major classes of information security, including Governance, Operation, and Assurance. It applies to all Dubai government entities, including employees, consultants, contractors, and visitors who are not government employees but are engaged with the government through various means.

The new version of the ISR builds on the success of ISR Version 2.0, which recorded notable achievements.
Furthermore, the new version introduces a problem management process requirement, minimum security and compliance requirements for external parties and managed services, as well as data center security controls, in addition to incorporating cyber-resilience framework requirements.