جامعة القدس المفتوحة
Al-Quds Open University
Information & Communication Technology Center (ICTC)
Information and Network Security Department
 

Overview:

Information and Network Security Department (INSD) is responsible for  maintaining information security and developing strategies, standards, and policies on a world-class level to ensure that all identified information assets are available with convenient integrity and speed.

INSD ensures that all assets of identified information of the University are available to the community and that the appropriate integrity and confidentiality are properly maintained.

INSD is also responsible for effective management of  security risks of the information technology assets at the University.

 

Mission:

The mission of the Information and Network Security Department (INSD) is to protect the confidentiality, integrity, and availability of information systems by:

- Providing proactive security expertise.

- Creating and maintaining a robust security architecture.

- Enhancing the  culture of security awareness throughout the University.

 

Objectives:

The strategic objectives of the Information and Network Security Department include:

  • Information is accessible only to internal and external authorized persons.
  • Maintaining confidentiality and integrity of information.
  • University requirements should be met for the availability of information
  • Business continuity plans are established, planned and tested.
  • Information Security education, awareness and training provided to staff and students.
  • All breaches of information security, actual or suspected, should be reported to INSD and investigated by the Information Security team.
  • All applicable regulatory and legislative requirements always met.
  • Data loss prevention.
  • Improve the security of the system and the services of the network
  • Proactive risk management
  • Crisis and security incident management.

 

Tasks:

  • Implementation and maintenance of Information Security Policies and Standards.
  • Training and Awareness

    INSD team expertise is available to provide training and awareness on information security such as (training on policies, acceptable computer use, and malware prevention, best practices to identify spam and phishing attempts and protect sensitive data.  This training can also help participants to be informed and better protected when using their personal computers.

  • Data and Information Disposal

    The Department of Information and Network Security can dispose data proporly.  INSD also will ensure that the data is completely wiped (removed).

  • Vulnerability Assessment and Management:

    Information & Network Security Department regularly scans all University electronic systems & websites, networks & servers’ hardware to properly evaluate & vulnerability.

  • Access Controls

     INSD team experts can examine shared files, computers, and other devices to confirm that they are properly configured to prevent unauthorized access.

  • Site Visits/Audits

    INSD security team schedules a time to do site visits to all Branches and Centers to   do comprehensive assessment, and provide guidance and support on how to improve operations, security, and dissemination of data.

  • Risk Analysis and Assessment

    Risk Analysis and assessment can be provided on potential or existing systems to provide analysis on the kind of safeguard needed for these systems in order to be protected as required.

  • Electronic Privacy

     INSD services revolve around protecting the University’s students, staffs, and faculty members’ privacy.  This includes proper access controls, training, policies and standards, data disposal, and more.

  • Intrusion Detection

     The detection and prevention of intrusions is a paramount responsibility of Information & Networks Security department.  INSD works every day to raise and improve the capacity of INSD teams in order to the assets and users and the University.

  • Information Security Incident Response

    Incidents that are related to information security are promptly & professionally handled once reported.  INSD employs all tools to investigate, report, and respond to incidents that arise.

  • Digital Forensic Investigations:

     The department investigates Workstation, Network Appliance; Mobile Device in case of suspected digital crimes.

  • Access and Accounts Management

    - INSD works diligently to ensure the needed proper access by University’s employees, students, and faculty members.

 

Achievements:

  • Capacity building for information security team through obtaining international certificates in information security (CPTE, VA&VM, DR and Secure Coding)
  • Installation of SSL Certificates.
  • Providing consults in Information Security field in the University.
  • Conduct a regular and routine vulnerability assessment and vulnerability management on all Systems, Web Pages and Services.
  • Protect computerized systems in a professional and organized manner.
  • establish, distribute and monitor the implementation of security policies.
  • Site Visits/Audits by INSD team to all Branches to ensure policies application .
  • Coping with advanced technologies.
  • Spreading Information security culture through conducting training sessions targeting all users at all levels.
  • Accomplish the first of three phases of establishing Security Operations Center (SOC).