The purpose of this policy is to provide cybersecurity requirements; To reduce cyber risks related to the use of Jouf University’s systems and assets, protect them from internal and external threats, and take care of the basic objectives of protection; It is to maintain the confidentiality, integrity, and availability of information.

This policy aims to comply with the requirements of cybersecurity and related legislative and regulatory requirements, which is a legislative requirement in Regulation No. 2-3-1 of the Basic Controls for Cyber Security (ECC-1:2018) issued by the National Cybersecurity Authority.

Scope of work and applicability

This policy covers all information and technical assets of Jouf University and applies to all employees of Jouf University

This policy covers all information and technical assets of Jouf University and applies to all employees of Jouf University.

General Items

1- Information must be dealt with according to the specified classification, and in accordance with the data classification policy and the data and information protection policy of Al-Jouf University in a way that ensures the protection of information confidentiality, integrity and availability.

2. It is prohibited to infringe the rights of any person or company protected by copyright, patent, or other intellectual property, or similar laws or regulations; Including, but not limited to, installing unauthorized or illegal software.

3- Publications should not be left on the shared printer unattended.

4- External storage media must be kept safe and appropriate, such as making sure that the temperature is set to a certain degree, and keeping it in an isolated and safe place.

5- It is prohibited to use the password of other users, including the password of the user's manager or his subordinates.

6- The safe and clean office policy must be adhered to, and the desktop, as well as the display screen, must be free of classified information.

7- It is prohibited to disclose any information related to Jouf University, including information related to systems and networks, to any unauthorized party or party, whether internally or externally.

8- It is prohibited to publish information about Jouf University through the media and social networks without prior permission.

9- It is prohibited to use the systems and assets of Al-Jouf University for the purpose of achieving personal benefit and business, or to achieve any purpose not related to the activity and business of Al-Jouf University.

10- It is prohibited to connect personal devices to the networks and systems of Jouf University without obtaining prior permission, and in accordance with the Mobile Device Security Policy (BYOD).

11- It is prohibited to carry out any activities aimed at bypassing the protection systems of Al-Jouf University, including anti-virus programs, firewall, and malicious software without prior permission, and in accordance with the procedures approved by Al-Jouf University.

12- The Cyber ​​Security Department reserves the right to monitor systems, networks and personal accounts related to work, and to review them periodically to monitor compliance with cyber security policies and standards.

13- It is forbidden to host unauthorized persons to enter sensitive places without obtaining prior permission.

14- The identification card must be worn in all Jouf University facilities.

15- The Cyber ​​Security Department must be notified in the event of information loss, theft or leakage.

Acceptable Use Policy Computer Protection

1- It is prohibited to use external storage media without prior permission from the Cyber ​​Security Department.

2- It is prohibited to carry out any activity that would affect the efficiency and safety of systems and assets without prior permission from the Cyber ​​Security Department, including activities that enable the user to obtain higher powers and privileges.

3- The device must be secured before leaving the office by locking the screen, or signing out (Sign out or Lock), whether leaving for a short period or at the end of working hours.

4- It is prohibited to leave any classified information in accessible places, or to view it by unauthorized persons.

5- It is prohibited to install external tools on the computer without prior permission from the General Administration of Information and Communication Technology.

6- The Cyber ​​Security Department must be notified when suspected of any activity that may cause damage to the computers or assets of Al-Jouf University.

Acceptable Use Policy Acceptable Use of the Internet and Software

1- The Cyber ​​Security Department must be informed in the event of suspicious websites that should be blocked; Or vice versa.

2- It must be ensured that intellectual property rights are not infringed while downloading information or documents for business purposes.

3- The use of unlicensed software or other intellectual property is prohibited.

4- You must use a secure and authorized browser to access the internal network or the Internet.

5- It is prohibited to use techniques that allow bypassing the proxy or firewall to access the Internet.

6- It is prohibited to download or install software and tools on the assets of Al-Jouf University without obtaining prior permission from the General Administration of Information and Communication Technology.

7- It is prohibited to use the Internet for purposes other than work, including downloading media and files, and using file-sharing software.

8- The Cyber ​​Security Department must be informed when cyber risks are suspected, and security messages that may appear while browsing the Internet or internal networks must be dealt with carefully.

9- It is prohibited to conduct a security examination for the purpose of discovering security vulnerabilities, including conducting penetration testing, or monitoring Jouf University networks and systems, or networks and systems of third parties without obtaining prior permission from the Cyber ​​Security Department.

10- It is prohibited to use file-sharing sites without prior permission from the Cyber ​​Security Department.

11- It is prohibited to visit suspicious websites, including hacking sites.

Acceptable Use Policy Acceptable Use of Email and Communications System

1- It is prohibited to use e-mail, telephone, fax or electronic fax for purposes other than business, and in accordance with cybersecurity policies and standards.

2- It is prohibited to circulate messages containing inappropriate or unacceptable content, including messages circulated with internal and external parties.

3- Encryption techniques should be used when sending sensitive information via e-mail or communication systems.

4- The email address of Al-Jouf University must not be registered on any website that is not related to the work.

5- The Cyber ​​Security Department must be notified when there is a suspicion of e-mail messages containing content that may cause damage to the systems or assets of Al-Jouf University.

6- Al-Jouf University reserves the right to disclose the contents of e-mail messages after obtaining the necessary permits from the authorized person and managing cyber security in accordance with the relevant procedures and regulations.

7- It is forbidden to open suspicious or unexpected emails and attachments, even if they appear to be from reliable sources.

Acceptable Use Policy Video Meetings and Web-Based Communication

1- It is prohibited to use unauthorized tools or software to conduct video calls or hold meetings.

2- It is forbidden to make calls or hold video meetings that are not related to work without obtaining a prior permission.

Acceptable Use Policy Use of passwords.

1- You must choose secure passwords, and keep passwords for Jouf University systems and their origins. It is also necessary to choose passwords that are different from the passwords for personal accounts, such as personal mail accounts and social networking sites.

2- It is prohibited to share the password through any means, including electronic correspondence, voice communications, and paper writing. Also, all users must not disclose the password to any third party, including work colleagues and employees of the General Administration of Information and Communication Technology.

3- The password must be changed, when a new password is provided to you by the system administrator.

The supervisor of the Cybersecurity Department must ensure that Al-Jouf University adheres to this policy on a regular basis.

All employees at Jouf University must adhere to this policy.

Any violation of this policy may subject the violator to disciplinary action; According to the procedures followed at Al-Jouf University.