Acceptable Use Policy of Technical Assets
Document Classification: Internal – Restricted
 

  1. General Items
    • 1-1. Information must be handled according to the specified classification, in accordance with data classification policy, data protection and information security policy of Najran University, ensuring the confidentiality, integrity, and availability of information.
  • 1-2. It is prohibited to infringe upon the rights of any person or company protected by copyrights or patents or any other intellectual property or similar laws or regulations; including installing unauthorized software or through illegal means.
  • 1-3. Printed materials should not be left on the shared printer without supervision.
  • 1-4. External storage devices (such as USB drives, portable hard drives) should be securely and appropriately protected, such as by setting a suitable password and storing them in an isolated and secure location.
  • 1-5. يُمنع استخدام بطاقة المرور أو كلمة المرور الخاصة بمستخدم آخر أو مرؤوس لديه على أي جهاز.
  • 1-6. Must adhere to the Clean Desk and General Neatness Policy; and ensure that the desk surface and display screen are free of classified or sensitive information.
  • 1-7. Prohibits the disclosure of any information pertaining to Najran University, including information related to systems and networks, to any party or entity not authorized, whether internally or externally.
  • 1-8. Prohibits the dissemination of information related to Najran University through media outlets or social media without prior approval.
  • 1-9. يمنع استخدام أجهزة وأصول جامعة نجران في تحقيق منفعة شخصية أو أية أعمال شخصية أو نشاطات لا تتوافق مع مهام الجامعة وأمنها.
  • 1-10. Prohibits connecting personal devices to the networks or systems of Najran University without obtaining prior approval, and in accordance with the mobile device security policy (BYOD).
  • 1-11. Prohibits any activity that exceeds approved protection controls, such as installing malicious software or bypassing antivirus and firewall systems, unless prior approval and permission are obtained from the Cybersecurity Administration.
  • 1-12. The Cybersecurity Department retains the right to request university staff to monitor systems, networks, and personal accounts, and to review them periodically to ensure compliance with cybersecurity policies and standards.
  • 1-13. Prohibits hosting unauthorized individuals in sensitive areas without prior authorization.
  • 1-14. Must wear the identification card in all facilities of Najran University.
  • 1-15. Must report to the Cybersecurity Department immediately in the event of loss, theft, or damage to information.
  • Asset and Device Protection
    • 2-1. Prevents the use of external storage media (such as USB drives and portable storage devices) without prior approval from the Cyber Security Administration.
  • 2-2. Prohibits any activity that may affect the efficiency of systems and technical assets, including actions that prevent a user from obtaining higher privileges or authorities without prior approval from the Cybersecurity Administration.
  • 2-3. Must secure the device (your laptop or desktop) before leaving the office; by locking the screen or logging out (Sign out or Lock) at the end of working hours or for short absences.
  • 2-4. Prohibits leaving any classified information (paper or electronic) in easily accessible places or allowing unauthorized individuals to view them.
  • 2-5. Prohibits the installation of any external tools (hardware or software) on the computer without prior approval from the Cyber Security Administration.
  • 2-6. Must report the Cyber Security Management immediately upon suspicion of any activity or behavior that may cause damage to the computers and its technical assets of Najran University.
  • Acceptable Use of Network, Software, and Internet
    • 3-1. Cybersecurity Administration must be notified when suspicious websites or links are detected; this also applies if documents related to functional operations relate to intellectual property infringements.
  • 3-2. Prohibits the use of any unlicensed software or copyrighted materials, patents, or intellectual property without legal authorization.
  • 3-3. Only use an approved browser to access the internal network or the internet; unauthorized browsers are not permitted.
  • 3-4. Prohibits the use of technologies that enable bypassing network intermediaries (Proxies) or firewalls to access the internet, including virtual private network (VPN) software.
  • 3-5. Prohibits the download or installation of any software or tools that violate university policies or applicable systems from the university network or the Internet without obtaining prior approval from the Cyber Security Administration.
  • 3-6. Prohibits the use of the University's internal network or the Internet for downloading or sharing unauthorized files or media.
  • 3-7. Must be handled with caution regarding emails; and if there is suspicion of a cybersecurity risk (such as a virus or phishing) must immediately notify the Cybersecurity Administration.
  • 3-8. A security audit and penetration test must be conducted to identify vulnerabilities; this includes conducting tests by licensed external agencies after obtaining prior approval from the Cyber Security Administration.
  • 3-9. Prohibited from using file sharing websites or cloud storage services without obtaining prior approval from the Cybersecurity Administration.
  • 3-10. Prohibits visiting any suspicious website or one related to hacking techniques or consuming illegal substances.
  • Acceptable Use of Email and Communication Systems
    • 4-1. Email and phone or fax or electronic fax use is prohibited in activities unrelated to work, and must comply with cybersecurity policies and standards.
  • 4-2. Prohibits the exchange of messages containing inappropriate or unacceptable content with internal or external parties.
  • 4-3. When sending sensitive information via email, you must adhere to approved security methods to ensure encryption and protection.
  • 4-4. Do not register the email address of Najran University on any website that is not related to work tasks.
  • 4-5. Must notify the Cybersecurity Department immediately upon discovering any content in emails that may cause damage to assets or systems.
  • 4-6. The Cybersecurity Department retains the right to examine the contents of university email messages to verify that the user has obtained the necessary permissions and in accordance with the applicable procedures.
  • 4-7. Prohibits the opening of suspicious or untrusted email messages or attachments under any circumstances.
  • Video and Audio Conferences
    • 5-1. Prohibits the holding of video or audio (Video/Voice) conferences via the internet without authorization.
  • 5-2. Prohibits conducting communications or holding meetings on unauthorized by the University programs or devices for work purposes.
  • Passwords and Account Security
    • 6-1. Passwords must be strong and secure, and passwords for university systems and assets must be kept away from others. University system passwords must not be used to access personal accounts or vice versa.
  • 6-2. You must change the password the first time when a new password is provided to the user by the system administrator, and it must be changed periodically according to the university’s policies.

    •