Overview:
Information and Network Security Department (INSD) is responsible for maintaining information security and developing strategies, standards, and policies on a world-class level to ensure that all identified information assets are available with convenient integrity and speed.
INSD ensures that all assets of identified information of the University are available to the community and that the appropriate integrity and confidentiality are properly maintained.
INSD is also responsible for effective management of security risks of the information technology assets at the University.
Mission:
The mission of the Information and Network Security Department (INSD) is to protect the confidentiality, integrity, and availability of information systems by:
- Providing proactive security expertise.
- Creating and maintaining a robust security architecture.
- Enhancing the culture of security awareness throughout the University.
Objectives:
The strategic objectives of the Information and Network Security Department include:
- Information is accessible only to internal and external authorized persons.
- Maintaining confidentiality and integrity of information.
- University requirements should be met for the availability of information
- Business continuity plans are established, planned and tested.
- Information Security education, awareness and training provided to staff and students.
- All breaches of information security, actual or suspected, should be reported to INSD and investigated by the Information Security team.
- All applicable regulatory and legislative requirements always met.
- Data loss prevention.
- Improve the security of the system and the services of the network
- Proactive risk management
- Crisis and security incident management.
Tasks:
- Implementation and maintenance of Information Security Policies and Standards.
- Training and Awareness
INSD team expertise is available to provide training and awareness on information security such as (training on policies, acceptable computer use, and malware prevention, best practices to identify spam and phishing attempts and protect sensitive data. This training can also help participants to be informed and better protected when using their personal computers.
- Data and Information Disposal
The Department of Information and Network Security can dispose data proporly. INSD also will ensure that the data is completely wiped (removed).
- Vulnerability Assessment and Management:
Information & Network Security Department regularly scans all University electronic systems & websites, networks & servers’ hardware to properly evaluate & vulnerability.
- Access Controls
INSD team experts can examine shared files, computers, and other devices to confirm that they are properly configured to prevent unauthorized access.
- Site Visits/Audits
INSD security team schedules a time to do site visits to all Branches and Centers to do comprehensive assessment, and provide guidance and support on how to improve operations, security, and dissemination of data.
- Risk Analysis and Assessment
Risk Analysis and assessment can be provided on potential or existing systems to provide analysis on the kind of safeguard needed for these systems in order to be protected as required.
- Electronic Privacy
INSD services revolve around protecting the University’s students, staffs, and faculty members’ privacy. This includes proper access controls, training, policies and standards, data disposal, and more.
- Intrusion Detection
The detection and prevention of intrusions is a paramount responsibility of Information & Networks Security department. INSD works every day to raise and improve the capacity of INSD teams in order to the assets and users and the University.
- Information Security Incident Response
Incidents that are related to information security are promptly & professionally handled once reported. INSD employs all tools to investigate, report, and respond to incidents that arise.
- Digital Forensic Investigations:
The department investigates Workstation, Network Appliance; Mobile Device in case of suspected digital crimes.
- Access and Accounts Management
- INSD works diligently to ensure the needed proper access by University’s employees, students, and faculty members.
Achievements:
- Capacity building for information security team through obtaining international certificates in information security (CPTE, VA&VM, DR and Secure Coding)
- Installation of SSL Certificates.
- Providing consults in Information Security field in the University.
- Conduct a regular and routine vulnerability assessment and vulnerability management on all Systems, Web Pages and Services.
- Protect computerized systems in a professional and organized manner.
- establish, distribute and monitor the implementation of security policies.
- Site Visits/Audits by INSD team to all Branches to ensure policies application .
- Coping with advanced technologies.
- Spreading Information security culture through conducting training sessions targeting all users at all levels.
- Accomplish the first of three phases of establishing Security Operations Center (SOC).