The General Department of Cybersecurity

  1. Acceptable Use Policy for Assets

Acceptable Use Policy for Assets

General Provisions

  • Cybersecurity requirements set forth in the approved policies, standards, and procedures of the Islamic University must be followed.

  • Data and assets (devices, information, or software) must be protected and handled according to their sensitivity and classification, in accordance with the Islamic University’s approved Data Protection Policy, ensuring data confidentiality, integrity, and availability.

  • Printed materials must not be left unattended on shared printers.

  • External storage media must be stored securely and appropriately, such as ensuring suitable temperature settings and keeping them in a secure and isolated location.

  • Disclosure of any information related to the Islamic University, including information related to systems and networks, to any unauthorized internal or external party is prohibited.

  • Publishing information related to the Islamic University through media outlets or social media platforms without authorization from the approving authority is prohibited.

  • Using the Islamic University’s systems and assets for personal benefit, personal business, or any purpose unrelated to the university’s activities and operations is prohibited.

  • Connecting personal devices to the Islamic University’s networks and systems is prohibited without prior authorization from the General Department of Cybersecurity, and must comply with the approved User Devices, Mobile Devices, and Personal Devices Security Policy of the Islamic University.

  • Engaging in any activities intended to bypass the Islamic University’s security systems, including antivirus software, firewalls, or malware protection, is prohibited without prior authorization and must comply with the approved procedures of the Islamic University.

  • The General Department of Cybersecurity reserves the right to monitor and periodically review systems, networks, and work-related personal devices to ensure compliance with the Islamic University’s approved cybersecurity policies and standards.

  • Employee or visitor identification badges must be visibly displayed at all Islamic University facilities.

  • The General Department of Cybersecurity must be notified in the event of loss, theft, or leakage of Islamic University information.

  • Acceptable use rules for information and assets associated with information processing systems must be followed.

  • All employees and staff of the Islamic University must return all files, documents, information, and assets in their possession upon termination of employment, contract, or agreement.

  • Assets must not be removed from their designated locations without prior authorization from the relevant departments.

  • Assets used off-site must be protected while considering the various risks associated with working outside Islamic University premises.

  • Attendance at security awareness sessions, meetings, and materials provided by the Islamic University is mandatory, and compliance with them is required.

  • All employees must sign an acknowledgment confirming their commitment to comply with the Islamic University’s approved Acceptable Use Policy for Assets.

  • All employees must approve and acknowledge the Code of Conduct and the Acceptable Use Policy upon any review or update.

  • Access to Islamic University assets must be granted strictly according to assigned roles and responsibilities required to perform job duties.

  • Technical asset custodians must be notified of cybersecurity patches that must be applied in accordance with the Islamic University’s approved Patch and Update Management Policy.

  • Asset owners must periodically and regularly review user access privileges.

Protection of Computer Devices

  • The use of external storage media is prohibited without prior authorization from the General Department of Cybersecurity. When permitted, data stored on such media must be encrypted in accordance with the encryption standard approved by the Islamic University.

  • Devices must be secured before leaving the office by locking the screen or signing out, whether leaving for a short period or at the end of working hours.

  • Using or installing devices, tools, or applications that are not approved by the Islamic University on computer devices is prohibited without prior authorization from the relevant Information Technology department.

Acceptable Use of the Internet and Software

  • Security alerts that may appear while browsing the internet or internal networks must be handled with caution, and no action should be taken except by contacting the General Department of Cybersecurity.

  • Violating the rights of any individual or company protected by copyright, patents, or other intellectual property rights, or similar laws or regulations, is prohibited. This includes, but is not limited to, installing unauthorized or illegal software for any work-related purpose, or using external storage media without approval from the Islamic University.

  • A secure and authorized browser must be used to access the internal network or the internet.

  • Using technologies that allow bypassing proxy servers, VPNs, or firewalls to access the internet is prohibited.

  • Downloading or installing software and tools on Islamic University assets is prohibited without prior authorization from the General Department of Cybersecurity.

  • Using the internet for non-work purposes is prohibited, including downloading media and files or using file-sharing software without prior authorization from the General Department of Cybersecurity.

  • Conducting any security scanning activities to discover vulnerabilities is prohibited, including penetration testing, monitoring Islamic University networks and systems, or the networks and systems of external entities, without prior authorization from the General Department of Cybersecurity.

Acceptable Use of Email

  • Using email, telephone, or electronic fax for non-work purposes is prohibited. Usage must comply with the Islamic University’s approved cybersecurity policies and standards.

  • Exchanging messages containing inappropriate or unacceptable content is prohibited, including messages exchanged with internal or external parties.

  • Encryption technologies must be used when sending sensitive information via email or communication systems, in accordance with the Islamic University’s approved Data Protection Policy.

  • The Islamic University email address must not be registered on any website unrelated to work.

  • The Islamic University reserves the right to access and review email content after obtaining the necessary approvals from the authorized authority and the General Department of Cybersecurity, in accordance with the relevant approved procedures and regulations.

  • Opening suspicious or unexpected emails or attachments is prohibited, even if they appear to be from trusted sources.

Video Meetings and Internet-Based Communications

  • Using unauthorized tools or software to conduct work-related communications or video meetings is prohibited.

  • Conducting communications or video meetings unrelated to work using Islamic University tools or software is prohibited without prior authorization.

  • Holding work-related meetings in public places is prohibited due to the risk of classified information leakage.

Password Usage

  • Secure passwords must be selected and maintained for the Islamic University’s systems and assets in accordance with the Identity and Access Management Policy. Passwords must be different from those used for personal accounts, such as personal email or social media accounts.

  • Sharing passwords by any means is prohibited, including electronic messages, voice communications, or written notes. Users must not disclose passwords to any party, including colleagues or Information Technology staff, and must immediately report any such incident to the General Department of Cybersecurity.

  • Passwords must be changed periodically in accordance with the Password Policy requirements or immediately upon receiving a new password from a system administrator.

  • Reusing known or previously used passwords is prohibited, and passwords must never be shared with any individual under any circumstances.

Office Use

  • Compliance with the Islamic University’s approved Clean and Secure Desk Policy is required, ensuring that desks and display screens are free of classified and sensitive information in accordance with approved classifications.

  • Leaving classified or sensitive Islamic University information in locations easily accessible or viewable by unauthorized individuals is prohibited.

  • Leaving office doors or cabinets containing classified or sensitive information open is prohibited.