Oman: Al Maha Petroleum Products Marketing Co. SAOG achieves ISO 27001:2022 certification for information security management
This achievement reflects the company's strong commitment to protecting information assets, ensuring data privacy, and implementing best-in-class security practices across the organisation.
© Apex Press and Publishing Provided by SyndiGate Media Inc. (Syndigate.info).
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
06-08-2025
- Zawya
Oman's vehicle registrations rise 5.5% to nearly 1.8mln
Muscat – The total number of registered vehicles in Oman reached 1,798,062 till the end of June this year, marking a 5.5% increase compared to the same period last year, according to the National Centre for Statistics and Information (NCSI). Private vehicles made up the majority of registered vehicles, accounting for 79.3% with 1,425,308 units. Commercial vehicles followed at 14.7% (264,913), while rental vehicles represented 2.3% (41,386). The remainder included taxis, government vehicles, and other categories. White vehicles remained the most common on Omani roads, representing 42.3% of the total, or 761,358 vehicles. Silver was the second most popular colour at 12.9% (231,822), followed by grey with 181,140 registered vehicles. In terms of engine capacity, vehicles with engines between 1,500cc and 3,000cc comprised the largest share at 54.5% (979,300), while those with capacities between 3,001cc and 4,500cc made up 22.2% (399,770). Vehicles weighing under 3 tonnes formed the largest weight category, representing 90.7% of total registrations, or 1,631,392 vehicles. © Apex Press and Publishing Provided by SyndiGate Media Inc. (
TECHx
04-08-2025
- TECHx
What Cybersecurity Vendors Must Do to Earn CISOs Trust
Home » Interview Of The Week » What Cybersecurity Vendors Must Do to Earn CISOs Trust What do CISOs really want from cybersecurity vendors? Denis Yakimov of Equiti Group offers a perspective in this exclusive interview published in CodeRED June–July Edition. From the importance of aligning cybersecurity initiatives with business strategy to the flaws in vulnerability management and the value of co-developing tools, Yakimov outlines what's working, what's broken, and how vendors can better support enterprise security goals in an evolving digital ecosystem. What are the top cybersecurity priorities for your organization this year? This year, our top priority is to support the business in achieving sustainable growth and stability as it works toward its strategic objectives. I often see CISOs setting goals in isolation focusing on internal KPIs or reacting to emerging threats without aligning with the broader business context. But it's critical to remember that security exists to enable the business, and everything we do should be guided by that principle. How do you align cybersecurity initiatives with overall business goals? Everything starts with the business setting its goals for the year, which are typically based on shareholder expectations. At Equiti, business goals are clearly defined and openly communicated, so every employee understands the direction in which the organization is heading. From a security standpoint, we use these goals as a foundation and, at the beginning of the year, during strategy planning, we brainstorm which cybersecurity actions will most effectively support the achievement of these goals. For instance, in 2024 we achieved ISO 27001 certification, which helped Equiti take a significant step toward building stronger trust with key clients and partners and becoming one of the leading brokers in the UAE. Similar security initiatives are aligned with goals related to operational resilience, among others. What are the key factors you consider when evaluating cybersecurity vendors? We take a comprehensive approach when selecting vendors, using comparison tables and well-defined evaluation criteria. These always include compatibility with our existing environment and compliance with local regulatory requirements. For example, in the UAE, financial institutions must store regulated customer data within the country, which immediately disqualifies many SaaS vendors without local data centers. Given that Equiti is a rapidly growing organization, scalability and ease of deployment are critical factors for us. Once all evaluation criteria are met, we proceed with a PoC, a data privacy assessment, and a third-party risk assessment. While the process may seem complex at first, we aim to complete evaluations at a startup pace – typically within 2–3 weeks. How do you prefer vendors to approach you, with education, product demos, proof of value? I believe that anything that helps evaluate a solution within the context of our own environment is highly valuable. I have a hard time understanding vendors who reject proof of concept and instead get caught up in internal approval cycles at this stage. For me, that's usually a yellow flag. If a vendor is willing to schedule as many meetings as necessary to ensure that the solution works effectively within our infrastructure, that is always an additional reason for me to prioritize them. It signals a high likelihood that they will continue to provide support after the purchase and that they have nothing to hide. What are the biggest gaps in current cybersecurity solutions that vendors should address? In my view, areas such as vulnerability management, despite their long history, are still underdeveloped. Even well-established and experienced vendors like Qualys and Rapid7 continue to generate a significant amount of noise in their vulnerability dashboards, and current prioritization methods do little to change that. I regularly speak with many CISOs across the industry, and I keep hearing about hundreds or even thousands of high and critical vulnerabilities reported by their VM solutions. Yet, in reality, 99% of security incidents are either unrelated to vulnerability exploitation or are linked to vulnerabilities that were not flagged or covered by these VM tools at all. Are there specific challenges in integration, scalability, or support that you've faced? We've encountered situations where we acquire a tool that fits our needs very well, but face challenges finding the right expertise to implement it properly, considering all the specific requirements. And it's not even about internal resources – it's about the expertise available on the market. While evaluating a solution itself is relatively straightforward, assessing the contractor's expertise, especially ensuring they are both trustworthy and fairly priced, can be quite difficult. I've previously worked at various MSPs, and I clearly remember how service providers often focused on selling the service first, while trying to acquire the necessary expertise during the implementation phase. What role do vendors play in helping you maintain compliance? When it comes to vendors and compliance, I truly appreciate the direction the market is taking toward GRC Engineering. I believe this area has the potential to become highly developed and popular in the future – similar to how DevSecOps gained momentum in its time. Take Vanta, for example. Although it is essentially a tool for automating GRC processes, its interface is so simple and intuitive that it has successfully captured a market even among startups—a segment where selling anything from the security domain is typically challenging due to immaturity and limited budgets. On our side, we are also taking proactive steps toward compliance automation. However, we must consider a wide range of factors, including our presence in multiple countries and various privacy obligations. How is your cybersecurity budget evolving year-over-year? There is a lot of talk on social media about cybersecurity underbudgeting, but in reality, many organizations tend to overinvest. A common pattern is CISOs onboarding numerous dashboards that generate excessive noise and offer limited optimization. At Equiti, even though we're open to increasing the cybersecurity budget, our team has been focused on cost optimization for two consecutive years, mainly through smarter licensing decisions. This often means replacing vendors – always with a proper risk assessment – but given the vast range of available solutions on the market, finding quality alternatives at a lower cost is rarely a challenge today. What's your advice to vendors looking to position their solutions for budget approval? My advice is not to focus on addressing yet another threat, but rather to demonstrate how your tool brings real business value. Modern CISOs are increasingly expected to speak the language of the business and sit at the board table. As a result, the tools in a CISO's toolkit should support business enablement, not just threat mitigation or the addition of another dashboard. If you look at the most successful cybersecurity companies such as Wiz, Okta, or Zscaler they've become integral to their customers' operations and have a direct impact on business efficiency. Have you collaborated with vendors on co-developing or customizing solutions? Absolutely. Vendors willing to adapt their roadmap for our needs are always strong candidates. For example, we're working closely with a SAST vendor that is developing integration features for one of our specific CI/CD environments. Since this environment is relatively niche and not widely supported out of the box, the vendor's willingness to invest effort in saving us extensive engineering time on custom integration has been a major factor in our decision. I must admit, this kind of flexibility is more common among small to mid-sized vendors. What common mistakes do vendors make when engaging with CISOs? Pushing too hard and being overly persistent. In my view, if someone genuinely needs your product, they will be responsive and willing to do whatever it takes to close the deal quickly. If you spend your time chasing people who show limited interest, you might move the deal forward temporarily, but in the end, it will likely fall through and you will have simply wasted time. What's one innovation or improvement you hope to see from vendors in the next 12 months? Although I remain skeptical about the grand future predicted for AI,where it is expected to replace humans, I personally would like to see more practices focused not on solving isolated micro-tasks or problems by introducing yet another tool to the portfolio, but rather on enabling the correlation of all available security data into a unified pool of interconnected knowledge. Such an approach could help predict where threats are most likely to emerge or which changes would yield the most significant impact. I believe that an AI system capable of aggregating insights across the entire organization and its cybersecurity tools could deliver this kind of value. In today's world, many security leaders still make strategic decisions based on educated guesses and abstract, subjective risk assessments essentially, reading tea leaves rather than relying on data-driven foresight.
Zawya
04-08-2025
- Zawya
Yusuf Bin Ahmed Kanoo Group achieves ISO 27001:2022 Certification
Manama, Bahrain – Yusuf Bin Ahmed Kanoo Group (YBA Kanoo) has achieved a significant milestone by obtaining the ISO 27001:2022 certification, reflecting its ongoing commitment to strengthening information security, enhancing internal systems, and aligning with international standards. This certification underscores the Group's dedication to protecting its data assets and maintaining the trust of its clients, partners, and stakeholders. The implementation of ISO/IEC 27001:2022 not only reinforces YBA Kanoo's internal controls but also improves operational efficiency by reducing time, cost, and risks associated with human error. It also demonstrates the company's commitment towards maintaining robust and resilient security practices. In line with its core values and commitment to staying ahead of evolving global standards, YBA Kanoo is exploring additional initiatives to further strengthen its information security posture. This includes investing in advanced security technologies across the group. Looking ahead, YBA Kanoo remains committed to continuous improvement and the adoption of advanced security practices. The Group continues to align with global standards, investing in new technologies, and promoting a culture of accountability to protect stakeholder interests and support long-term operational excellence.
