Securing information from unauthorised, or unlawful, access, use, modification, disclosure or harm is a priority for governments and businesses alike. Our increasing reliance on sophisticated IT solutions makes securing that information more challenging than ever before. Having recognised these challenges, government departments in the UAE are taking steps to bolster internal information security measures. In recent years, each of the governments of Abu Dhabi and Dubai have implemented their own Emirate-specific information security policies. Information security measures are now being formalised at a federal level with the passing into law, on 29 October 2013, of UAE Cabinet Decision No. 21/2013 (the Decision) which regulates information security in federal authorities in the UAE.