Majmaah University Logo
Toggle grayscale mode

Acceptable Use Policy

  

security-logo

 

 

Objectives

 

The purpose of this policy is to provide cybersecurity requirements; to reduce cyber risks related to the use of university systems and assets, to protect them from internal and external threats, and to maintain the basic objectives of protection which are to maintain confidentiality, integrity, and availability of information.

 

 

Scope of work and applicability

 

This policy covers all information and technical assets of the university and applies to all employees of the entity.

 

 

Policy Terms

 

 

General Terms

 

- Information must be dealt with according to the specified classification, and in accordance with the data classification policy and the university’s data and information protection policy in a way that ensures the protection of the confidentiality, integrity and availability of the information.

- Violating the rights of any person or company protected by copyright, patent, or other intellectual property or similar laws or regulations is prohibited; including, but not limited to, installing unauthorized or illegal software.

- Printouts on the shared printer must not be left unattended.

- External storage media must be kept in a safe and appropriate manner, such as ensuring that the temperature is set to a certain degree, and keeping it in an isolated and safe place.

- It is prohibited to use the password of other users, including the password of the user's manager or his subordinates.

- You must adhere to the safe and clean office policy, and ensure that the - desktop and display screen are free of classified information.

- It is prohibited to disclose any information related to the university, including information related to systems and networks, to any unauthorized party or party, whether internal or external.

- It is prohibited to publish information related to the university through the - media and social networks without prior permission.

- It is prohibited to use the university’s systems and assets for the purpose of achieving personal benefit or business, or achieving any purpose that is not related to the university’s activity and business.

- It is prohibited to connect personal devices to the University network and systems without prior authorization, and in accordance with the Mobile Device Security Policy (BYOD).

- It is prohibited to carry out any activities aimed at bypassing the university’s security systems, including anti-virus, firewall, and malware programs, without obtaining prior permission, and in accordance with the university’s approved procedures.

- The Information and Communications Security Department reserves the right to monitor work-related systems, networks, and personal accounts, and review them periodically to monitor compliance with cybersecurity policies and standards.

- It is prohibited to host unauthorized persons to enter sensitive places without obtaining prior permission.

- The Information and Communications Security Department must be notified if information is lost, stolen, or leaked.

 

 

 

 

 

Protecting computers

 

- It is prohibited to use external storage media without obtaining prior permission from the Information and Communications Security Department.

- It is prohibited to carry out any activity that would affect the efficiency and safety of systems and assets without obtaining prior permission from the Information and Communications Security Department, including activities that enable the user to obtain higher powers and privileges.

- The computer must be secured before leaving the office by locking the screen, or signing out (Sign out or Lock), whether leaving for a short period or at the end of working hours.

- It is prohibited to leave any classified information in easily accessible places, or to view it by unauthorized persons.

- It is prohibited to install external tools on the computer without prior permission from the Deanship of Information Technology.

- The Information and Communications Security Department must be notified when suspecting any activity that may cause damage to the university’s computers or assets.

 

 

 

Acceptable use of the Internet and software

 

- The Information and Communications Security Department must be informed if there are suspicious websites that should be blocked. Or vice versa.

- You must ensure that intellectual property rights are not violated while downloading information or documents for business purposes.

- Use of unlicensed software or other intellectual property is prohibited.

- You must use a secure and authorized browser to access the internal network or the Internet.

- It is prohibited to use technologies that allow bypassing the proxy or firewall to access the Internet.

- It is prohibited to download or install software and tools on university assets without prior permission from the Deanship of Information Technology.

- Use of the Internet for non-work purposes, including downloading media and files and using file sharing software, is prohibited.

- The Information and Communications Security Department must be notified when cyber risks are suspected, and security messages that may appear while browsing the Internet or internal networks must be treated with caution.

- It is prohibited to conduct a security examination for the purpose of discovering security vulnerabilities, including conducting a penetration test, or monitoring the university’s networks and systems, or the networks and systems of third parties, without obtaining prior permission from the Information and Communications Security Department.

- It is prohibited to use file sharing sites without prior permission from the Information and Communications Security Department.

 

 

 

Acceptable use of email and communications system

- The use of email, telephone, fax, or e-fax for non-business purposes is prohibited, and in accordance with cybersecurity policies and standards.

- It is prohibited to circulate messages containing inappropriate or unacceptable content, including messages circulating with internal and external parties.

- Encryption techniques should be used when sending sensitive information via email or communications systems.

- The university's email address must not be registered on any site that is not related to work.

- The Information and Communications Security Department must be notified when there is suspicion of e-mail messages containing content that may cause damage to the university’s systems or assets.

- The university reserves the right to reveal the contents of e-mail messages after obtaining the necessary permissions from the authorized person and the Information and Communications Security Department in accordance with the relevant procedures and regulations.

- Do not open suspicious or unexpected emails and attachments even if they appear to be from trustworthy sources.

 

 Video meetings and web-based communications

 

- It is prohibited to use unauthorized tools or software to make calls or hold video meetings.

- It is prohibited to make calls or hold video meetings that are not work-related without prior authorization.

 

Passwords Usage

- You must choose secure passwords, and maintain passwords for university systems and their origins. You must also choose different passwords than passwords for personal accounts, such as personal email accounts and social networking sites.

- It is prohibited to share the password through any means, including electronic correspondence, voice communications, or paper writing. All users must not disclose the password to any other party, including co-workers and employees of the Deanship of Information Technology.

- You must change your password, when you are provided with a new password by your system administrator.