جامعة القدس المفتوحة
Al-Quds Open University
Information & Communication Technology Center (ICTC)
Information and Network Security Department
 

Overview:

Information and Network Security Department (INSD) is responsible for maintaining information security and developing strategies, standards, and policies on a world-class level to ensure that all identified information assets are available with convenient integrity and speed.

INSD ensures that all the University’s identified information assets are available to the community and that the appropriate integrity and confidentiality are properly maintained.

INSD is also responsible for the effective management of security risks of the information technology assets at the University.

Mission:

The mission of the INSD is to protect the confidentiality, integrity, and availability of information systems by:

- Providing proactive security expertise.

- Creating and maintaining a robust security architecture.

- Enhancing the  culture of security awareness throughout the University.

 

Objectives:

The strategic objectives of the INSD include:

  1. Information is accessible only to internal and external authorized persons.
  2. Maintain confidentiality and integrity of information.
  3. University requirements should be met for the availability of information
  4. Business continuity plans are established, planned, and tested.
  5. Information Security education, awareness, and training are provided to staff and students.
  6. Inform all employees and students that adherence to the policies is mandatory and any violation will result in a penalty.
  7. All breaches of information security, actual or suspected, should be reported to INSD and investigated by the Information Security team.
  8. All applicable regulatory and legislative requirements are always met.
  9. Data loss prevention.
  10. Improve the security of the system and the services of the network
  11. Proactive risk management
  12. Crisis and security incident management.
  13. Enrich awareness to the local community with regard to information security.

 

Tasks:

  1. Implementation and Maintenance of Information Security Policies and Standards.
  2. Training and Awareness:

    3. The INSD team expertise is available to provide training and awareness on information security, such as training on policies, acceptable computer use, malware prevention, and best practices to identify spam, phishing attempts, and protect sensitive data.  This training can also help participants stay informed and better protected when using their personal computers.

  3. Data and Information Disposal:

    4. The INSD can dispose of data properly. The INSD also will ensure that the data is completely wiped (removed).

  4. Vulnerability Assessment and Management:

    5. The INSD regularly scans all University electronic systems & websites, networks & servers’ hardware to evaluate & manage vulnerability properly.

  5. Access Controls:

    6. The INSD team experts can examine shared files, computers, and other devices to confirm that they are properly configured to prevent unauthorized access.

  6. Site Visits/Audits:

    7. The INSD security team schedules a time to do site visits to all branches and centers to implement comprehensive assessment and provide guidance and support on how to improve operations, security, and dissemination of data.

  7. Risk Analysis and Assessment:

    8. Risk Analysis and assessment can be provided on potential or existing systems to analyze the safeguard types needed for these systems in order to be protected as required.

  8. Electronic Privacy:

    9. The INSD services revolve around protecting the University’s students, staff, and faculty members’ privacy.  This includes proper access controls, training, policies and standards, data disposal, and more.

  9. Intrusion Detection:

    10. The detection and prevention of intrusions is a paramount responsibility of the INSD.  The Department works every day to raise and improve the capacity of the INSD teams to protect assets and users at the University.

  10. Information Security Incident Response:

    11. Incidents that are related to information security are promptly & professionally handled once reported.  The INSD employs all tools to investigate, report, and respond to incidents that arise.

  11. Digital Forensic Investigations:

    12. The Department investigates workstations, network appliances, and mobile devices in case of suspected digital crimes.

  12. Access and Accounts Management:

    13. The INSD works diligently to ensure the needed proper access by University’s employees, students, and faculty members.

 

Achievements:

  1. Capacity building for information security team through obtaining international certificates in information security (CPTE, VA&VM, DR, and Secure Coding)
  2. Installation of SSL Certificates.
  3. Provide consultations in the Information Security field at the University.
  4. Conduct a regular and routine vulnerability assessment and management of all systems, web pages, and services.
  5. Protect computerized systems in a professional and organized manner.
  6. Establish, distribute and monitor the implementation of security policies.
  7. Site Visits/Audits by INSD team to all Branches to ensure policies application.
  8. Cope with advanced technologies.
  9. Spread Information security culture through conducting training sessions targeting all users at all levels.
  10. Accomplish the first of three phases of establishing a Security Operations Center (SOC).
  11. Provide consultancy in the field of information security to the local community and international companies.
  12. Prepare and present specialized workshops and courses in the field of information security and social networking sites.
  13. The INSD won the first three places (best responder of security threats, best attacker, best defender) at the level of Palestine in the Vulnerability/Security Hunters Competition organized by the Arab Regional Center for CyberSecurity of the International Telecommunication Union and the Company “Silinsk”, in cooperation with the Response Center Computer Emergency “PalCERT” at the Ministry of Communications and Information Technology.
  14. INSD won first place regionally in the category of attackers in the Security Vulnerability Hunters’ Competition, in which many representatives from different Arab countries participated. This competition was organized by the Arab Regional Center for CyberSecurity of the International Telecommunication Union and the company “Silensec”, in cooperation with the Palestine Response Center for Computer Emergencies “Balcert” at the Ministry of Communications and Information Technology.
  15. Participate in the Regional CyberSecurity Week, which was organized by the Arab Regional Center for CyberSecurity (ITU-ARCC) in the State of the Sultanate of Oman, specialized in new information security, where information security specialists from various companies around the world participated.