entities to comply since it is likely that their  cybersecurity center to gather insights and  companies to provide best-in-class ser-
        cybersecurity teams are already familiar  incident intelligence and respond more  vices. At a later stage, an accreditation
        with it.                               effectively to cyber incidents. Furthermore,  program will make it mandatory for vendors
                                               multi-sources of threat intelligence feeds  and system integrators to be compliant with
        3. A  Computer Emergency Response  are being used to cover almost all kinds of  the national accreditations requirements.
        Team (CERT) – As cyberattacks are inevi-  probable attacks through leveraging indica-
        table, every government needs to develop  tions of attacks and compromises.   Room for Improvement
        a national CERT to mitigate the effects of
        such incidents and improve recovery time.  4. National cybersecurity workforce devel-  Various Ecosystems in MENA region are
        In addition to advancing CERT capabilities,  opment and upskilling programs - Several   yet to be heavily focused on education,
        there are several common supporting capa-  countries in the region are developing   research and development, and innovation
        bilities such as:                      cybersecurity training programs,  but   in cybersecurity. This is a shortcoming that
                                               more needs to be done. The global talent   has to be addressed at the strategic level
        • Active monitoring for cyberthreats and  shortage necessitates proactively training,   to balance national needs and strengthen
        passive recording of all reported cyber  reskilling, upskilling and refreshing the   the national economy.
        incidents.                             cyber capabilities of professionals in both
                                               the public and private sectors to bridge the   Having comprehensive strategies alone is
        • Proactive efforts to combat cyberthreats  gap in the global talent supply.   insufficient. Using quantitative risk analyt-
        with a focus on   tackling cyberthreats in  In Jordan, NCSC JO is developing train-  ics for decision making is of paramount
        an automated and scalable manner, such  ing programs targeting new entrants in   importance to cybersecurity; at the core
        as by using AI platforms.              the field and partnering with academia to   of cybersecurity are investment decisions
                                               establish a collaborative effort to develop   about which information and cyber risks to
        • Multi-sources of cyberthreat intelli-  a national cybersecurity curriculum to sup-  accept and how to mitigate them.
        gence  to provide traditional sources of  port schools and universities.
        threat intelligence.                                                          Traditionally, business leaders have made
                                               5. Ecosystem of cybersecurity companies   cyber-risk decisions using a combination
        • Common severity-assessment matrix  - Establishing an ecosystem of licensing   of qualitative analysis, based on previ-
        provides all incident respondents with a  and accreditation for cybersecurity service   ous experiences, intuition, and judgment.
        common understanding of cyber incidents  providers and training providers. Such an   Such an approach is unscientific and has
        with different severity and impact levels.  ecosystem not only pushes companies to   proved to be ineffective for value gover-
                                               improve quality of service but also helps   nance or for security investment at any
        In Jordan, NCSC JO is the single point of  customers differentiate between compe-  scale. In response, enterprises are starting
        contact for all government and private  tent and incompetent service providers.  to strengthen their business with quantita-
        entities. and, increasingly, citizens, to                                     tive risk analytics such as using Factors
        report cyber incidents. In the back end, it  In Jordan, NCSC JO is working on introduc-  Analysis of Information Risk (FAIR) stan-
        is critical to build a centralized repository  ing a modern licensing legislation, which   dard to quantify information and cyber
        across government entities that captures  is currently open for public consultation.   risk. This way, business leaders can make
        data related to all cyber incidents at the  This will be followed by a licensing scheme   better, well-informed decisions. This max-
        national level. This will enable the national  that encourages local and international   imizes security return of investment.
        SOFEX JORDAN 2022                                                                              NOVEMBER-01-2022 | 19