Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Executive NESA Summary Report

by Ben Smith
April 16, 2020

 Executive NESA Summary Report

The United Arab Emirates’ (UAE) National Electronic Security Authority (NESA) Information Assurance Standards state that various information security policies should be in place across the organization and should comply with policies and with any other standards that are applicable. The NESA standard is a composite of many different types of controls and was derived from similar standards including the ISO 27000 standards, NIST 800, and CIS Controls. NESA makes it clear that organizations must comply with all applicable policies, laws, and compliance standards. Many controls require the organization to have appropriate policies covering all aspects of information security. In this report, the CISO can easily see the organization’s current compliance state with NESA and how that compares to other similar standards.

Ensuring that policies are in place for all aspects of information security is another goal of NESA. Tenable.sc provides visibility into system configuration policies and vulnerability management controls.  The existence and adherence to policies are the result of a healthy vulnerability management program. Then, the CISO can see the frequency with which vulnerabilities of varying criticalities are discovered in the environment. The total number of vulnerabilities in the organization’s environment versus vulnerabilities that have been previously mitigated are easily understood.

NESA makes clear that organizations are to perform their own risk analysis. The organization should rely on a risk ranking for all risks in the environment and utilize that information when deciding patching necessity and frequency. Vulnerability Priority Rating (VPR) quantifies how urgently a vulnerability should be remediated. The CISO can easily understand risks that have been ranked this way versus CVSS score. All environments being different, the CISO or security consultant can also understand which risks have changed to a different criticality in the environment by looking at risks that have been recast.

A compliance program requires the ability to track success and failure over time. NESA requires the tracking of success and failure over time. The CISO can efficiently understand how compliance with the NESA standard has changed over a recent time frame by checking a trend line showing audit checks results.

Tenable.sc Continuous View (CV) is the market-defining On-Prem Cyber Exposure Platform. Tenable.sc CV provides the ability to continuously Measure an organization’s policy compliance. Tenable.sc provides customers with a full and complete Cyber Exposure platform for completing an effective Cyber Hygiene program prescribed by NESA standard.

This report contains:

Compliance Summary: The Compliance Summary chapter shows the executive team the overall state of compliance in their NESA environment. Starting with a trend line which shows the count of compliance issues over the past 25 days, the executive team is able to assess the organization's remediation efforts. Following the trend line is a matrix that quickly lays out the organization's adherence to NESA and similar compliance standards.

Vulnerability Summary: The Vulnerability Summary chapter shows the currently vulnerable systems on the network. The executive leadership utilizes the information in this chapter to understand where patch efforts should be prioritized. This chapter also shows how vulnerable the network currently is and can assist determining how well patch efforts are going.

Risk Summary: The Risk Summary chapter shows the executive team overall risk in their environment. The chapter establishes vulnerability counts over time along with a heat map to illustrate levels of risk across the network. It focuses on vulnerabilities discovered in the network in relation to their VPR score to show how many higher risk vulnerabilities are being detected. It then shows vulnerabilities in the environment that have been through a risk scoring process and have had their risk rating "recast."

Tenable.sc Continuous View (CV) is the market-defining On-Prem Cyber Exposure Platform. Tenable.sc CV provides the ability to continuously Measure an organization’s policy compliance. Tenable.sc provides customers with a full and complete Cyber Exposure platform for completing an effective Cyber Hygiene program prescribed by the NESA standard.

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.