Introduction

The increase in digital transformations in the financial sector has led to a deeper integration of modern information technology tools within business operations. This regulation provides the security requirements and mechanisms to secure Financial Service Operators (FSOs) from cyberattacks and security risks. Financial Service Operators (FSO) refers to exchange houses, investment companies, finance houses and their relevant brokers.

Scope

Technology risk instructions shall apply to all Financial Service Operators including exchange houses, investment companies, finance houses and their relevant brokers which are operating in Qatar, and are regulated by Qatar Central Bank.

Acronyms and Abbreviations

AES Advanced Encryption Standard

CEO Chief Executive Officer

CIO Chief Information Officer

DoS Denial of Services

DDoS Distributed denial of service

DMZ Demilitarized Zone

DSS Data Security Standard

FSO Financial Service Operator

IAIS International Association of Insurance

ICMP Internet Control Message Protocol

ICT Information Communication Technology

IDS Intrusion detection system

IPS Intrusion prevention system

IS Information Security

ISO Information Security Officer

ISAE International Standard for Assurance Engagements

ISO27001 Industry Standard Organization 27001

ISO22301 Industry Standard Organization 22301

ISO11770 Industry Standard Organization 11770

MOI Ministry of Interior

NAC Network access control

NDA Non-disclosure Agreement