Dubai Cyber Force standard

The Dubai Cyber Force standard will be used to signpost skilled and competent individuals and companies that are able to deliver Penetration Testing and Incident Response services to the government in Dubai. The standard is part of the delivery of the Dubai Cyber Security Strategy (DCSS) with the vision of placing Dubai among the most secure cities electronically in the world.

There are huge amounts of variability in the services being delivered by Penetration Testing and Incident Response service providers globally.  Methodologies vary, breadth, depth and quality of assessment varies and the underlying skills and competencies of the individuals delivering services can vary significantly.  Penetration Testing and Incident Response services are highly technical, and both the language, findings and recommendations can be confusing to buyers of services.

This standard sets a high, internationally recognised standard for delivery of cyber services to Dubai government. It uses a standards-based approach, to deliver increased quality, improved technical skills, and greater consistency across the cyber security sector. This is essential to have confidence that Dubai’s critical information infrastructure (CII) is well protected. By defining a series of requirements for service providers and the professionals that deliver these services, the Cyber Force standard will deliver more consistent outcomes for the delivery of cyber services in Dubai.

Individuals must be either CREST qualified or work for a CREST member company that is accredited to the Penetration Testing or Incident Response disciplines. For information please email [email protected]

Buyers of penetration testing and incident response services in Dubai will be able to identify CREST member organisations with Dubai Cyber Force registered individuals via the CREST website once the standard has opened for registrations.

No, individuals (and the employers) may be located remotely or in Dubai. However, building a domestic eco-system of skilled cyber service professionals and companies is strategically important so local presence will be well regarded.

Please visit the Certifications section of the CREST website for more information about booking a CREST exam (please note that where an exam needs to be taken at a ‘CREST Exam Centre’, further information will be shared in due course regarding when this will be available in Dubai).

CREST is offering a limited amount of free exams to a randomly selected set of individuals who express interest in taking a practitioner level Penetration Testing or Incident Response exam. The exam will be available at a Pearson Vue test centre in Dubai only. Email [email protected] the chance to win.

Please contact [email protected] for more information.

Please contact [email protected] to enquire.

Please contact DESC at [email protected] for more information.

The Dubai Cyber Force standard was launched at GISEC 2023 (March 14-16) with further details about how to register to follow in Q2 2023.

The details of the standard will be published in Q2 2023.

The standard will become mandatory at the end of Q4 2023.  Individuals are encouraged to enrol in the standard as soon as possible to ensure that they are able to meet this timescale.

A key domain of the DCSS is creating a Cyber Smart Society – achieving awareness, skills and capabilities to manage cyber security risks for Dubai’s public and private sectors, and individuals, including:

• Capacity – Availability of knowledgeable, experienced and trained personnel specialised in cyber security for public and private sector organizations.
• Capability – Raising the skills of cyber security experts.

A key guiding principle and domain of the DCSS is National and International collaboration:

• Establishment of international collaboration – setting standards that are internationally recognised and enable Dubai to build a cyber eco-system that aligns with the best globally.
• Collaboration between organisations forming part of the Critical Information Infrastructure (CII) and establishment of partnerships with public and private sectors – connecting the public sector to the private cyber services sector through collaboration with global standard setters.
• Establishment of cyber security legislation and regulations – the implementation of regulations that drive capacity, capability and consistency aligned with international standards.