|
Security Guidelines
1. All the information assets shall be used for business purposes only, and to serve the interests of the university in the context of normal operations.
2. All users shall exercise good judgment with respect to the reasonableness of personal use.
3. All users shall not participate in any illegal activities such as admission to the assets of unauthorized access personnel, and penetration, or causing the introduction of damaging software or the introduction of viruses, or any behaviour that would cause the disable of use of assets.
4. All staff shall understand their responsibilities regarding the protection of all assets owned by the King Abdul Aziz University and / or those that are in its custody.
5. Shall not use the information handling facilities for purposes not related to work. In the case of discovery of any fraud, it will be dealt with according to disciplinary action.
6. Should not transfer personal information or disclose them to an external party.
7. Users may not, under any circumstances, exchange of user names and passwords with each other.
8. Must maintain the privacy, confidentiality and secure use of the username and password to systems.
9. When creating Passwords, all university staff shall implement the following rules:
o Passwords length shall not be less than 6 characters and symbols
o The password consists of letters, numbers and symbols (Capital letters, small letters and numbers).
o That does not include the user name or any part of it.
o Not to be subject to password guessing or a word from the dictionary (English or other languages).
o Passwords must be changed every 120 days.
10. Must act immediately to change the password in case there is any doubt of discloser and to inform the Manager of the Department concerned.
11. All users are allowed to take advantage of all electronic services in order to benefit them to serve the objectives of the official duty of the administrative and academic, research and community service.
12. The use of the University network for the following purposes shall be prohibited:
o Sending or downloading messages or pictures that contain malicious or threatening content.
o Login to, download or store information, images and pornographic sites.
o Download or install the non-licensed software.
o Download or use the information or material protected by intellectual protection systems.
13. The use of the University Email system for the following purposes shall be prohibited:
o Unapproved commercial activities.
o Activities those are illegal and punishable by the system.
o Terrorist or suspicious activities and all that is opposed to security regulations of the State.
o Publicity and advertising.
o Harassment and threats of all kinds.
o Sending or helping to spread viruses or malicious software for computer equipment that might affect the University's network or its users.
o Send promotional mailings or multiple (spamming).
o Activities that contradict with the religion believe or impair the sanctity of Islam or scratching of public morals.
o Activities those are contrary to the state and its regime.
14. Must not leave sensitive or critical information concerning the University to imaging devices, print or fax, because access to these devices might be allowed to unauthorized personnel.
15. All users should run the screen saver on password mode provided on personal computers, mobile computers and servers to prevent unauthorized access to them.
16. Must remove the papers, which contain sensitive or confidential information of the printers as soon as printed.
17. All employees are required to inform their manager of any direct threats or attacks, real or potential within the university environment.
18. All Employees must inform the relevant staff of all juveniles that are confirmed or potential, and who will in turn help in taking corrective action.
19. Should act immediately to inform the team dealing with the information security with the suspected incidents.
20. In cases of travel and working outside the organization, the devices and media, shall not be left without supervision in public places.
21. All mobile users are requested to make adequate care when using mobile computing facilities in public areas, meeting rooms and other unprotected areas.
22. In the event of loss of any mobile device that involves sensitive data, or for any other violation of the information security, management shall be immediately informed.
23. All staff is required to wear the evidence of their identity, and it should visible to others.
24. All university staff is prohibited from exchanging access cards to the university buildings among them.
25. Must obtain written authorization for equipment, information, and software that shall be transferred to outside the university premises.
26. Shall not enable any third party from entering university premises unless they sign a non-disclosure agreement.
|