NIS2 Directive — Network and Information Security
What is NIS2? The NIS2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) is the European Union’s primary cybersecurity legislation, replacing the original NIS Directive from 2016. Adopted in December 2022 and required to be transposed into national law by EU member states by October 17, 2024, […]
DORA — Digital Operational Resilience Act
What is DORA? The Digital Operational Resilience Act (DORA) is an EU regulation that establishes a comprehensive framework for digital operational resilience in the financial sector. Formally known as Regulation (EU) 2022/2554, DORA entered into force in January 2023 and became fully applicable on January 17, 2025. It represents the most significant piece of EU […]
ITIL 4 — IT Service Management
What is ITIL? ITIL (Information Technology Infrastructure Library) is the world’s most widely adopted IT service management (ITSM) framework. Originally developed by the UK government in the 1980s, ITIL provides a practical, flexible framework for aligning IT services with the needs of the business. It has been adopted by organisations in over 180 countries and […]
UAE Information Assurance Regulation
What is UAE IA? The UAE Information Assurance (IA) Regulation is the national information security framework for the United Arab Emirates, issued by the Telecommunications and Digital Government Regulatory Authority (TDRA). It establishes mandatory information security requirements for all UAE federal government entities and provides a framework that private sector organisations and critical infrastructure operators […]
SAMA Cyber Security Framework
What is SAMA CSF? The Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework is a mandatory cybersecurity framework for all financial institutions regulated by SAMA — including banks, insurance companies, financing companies and payment service providers operating in Saudi Arabia. Published in May 2017, it was the first dedicated cybersecurity framework issued by a Gulf […]
Qatar National Information Assurance (NIA) Policy
What is Qatar NIA? The Qatar National Information Assurance (NIA) Policy is a comprehensive information security framework established by the Ministry of Transport and Communications (MOTC) in Qatar. It provides a structured approach to protecting information assets across government entities and critical national infrastructure in Qatar, and serves as the national standard for information security […]
NYDFS Cybersecurity Regulation (23 NYCRR 500)
What is NYDFS 23 NYCRR 500? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, formally known as 23 NYCRR Part 500, is a mandatory cybersecurity framework for financial services companies regulated by the NYDFS. Effective March 2017 and significantly amended in November 2023, it was the first state-level cybersecurity regulation in the US […]
ISO 42001
What is ISO 42001? ISO/IEC 42001:2023 is the world’s first international standard for Artificial Intelligence Management Systems (AIMS). Published in December 2023, it provides a framework for organisations to responsibly develop, deploy and use AI systems. Similar in structure to ISO 27001 (information security) and ISO 9001 (quality management), ISO 42001 enables organisations to demonstrate […]
ISO 27002:2022
What is ISO 27002? ISO/IEC 27002:2022 is the companion standard to ISO 27001 — while ISO 27001 defines the requirements for an Information Security Management System (ISMS), ISO 27002 provides detailed guidance on the implementation of the Annex A controls. Think of ISO 27001 as the what and ISO 27002 as the how. ISO 27002 […]
CIS Controls v8
What is the Center for Internet Security? The Center for Internet Security (CIS) is a non-profit organisation founded in 2000 that develops best practices for securing IT systems and data. CIS is best known for two products — the CIS Controls (a prioritised set of cybersecurity actions) and the CIS Benchmarks (detailed configuration guidelines for […]