The Central Agency for Information Technology has developed the Kuwait National IT Governance Framework (KNIGF) to be implemented by all IT Centres across the State of Kuwait’s Government entities and agencies CAIT Initiative objectives:
- Better management of IT to improve quality of IT services delivered by the government agencies
- Manage risks, and meeting key stakeholder expectations the Government entities
- More alignment between IT and the organizational strategic plans
- Ensure the Government entities’ compliance with regulatory requirements
- Optimize the use of IT resources in the Government agencies
CLIENT: The Central Agency for Information Technology, Kuwait
SERVICES: National infrastructure information technology risk management
The CAIT has the vision to employ information technology to support institutional work in government agencies and linked to strategic goals, plans. It plays the required technical role in the implementation of initiatives and development programs and projects which contribute to the achievement of the desired results from applications of information technology and the sustainability of its highly efficient and effective economy.
As a brand new department, the CAIT was charged with centralising all information technologies to attain an e-Government platform to better serve the population and businesses throughout the Kingdom.
Part of the oversight and execution of this vision for the country was understandably the ability to recognise and manage network risks and to be able to prioritize which areas should be attended to first.
Due to the early phase of the program, there was an absence of existing knowledge and strategic know-how to determine which tools would best serve in managing risks. One exception to this was the establishment of CERT Middle East, but the focus of CERT is in electronic threats, rather than operations that create dependencies and criticalities.
We were able to demonstrate to the senior management of the CAIT our software tools to identify priority targets and risk exposures across multiple operations and locations, which had not been delivered before.
Our interactions in the Middle East led to changes in the software to better suit the target user, with an easier to understand red/amber/green status identification, acceptable variances from baseline, set by the user, to allow for the early stage of their program.
We also delivered additional non-electronic threat models for incorporating into the outputs, since in the region, a physical attack on network infrastructure assets, such as data centres, poses a greater level of risk than other types of physical threats such as flooding in other geographies.