Acceptable Use Policy

  

Image
security-logo

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Protecting computers
 
- It is prohibited to use external storage media without obtaining prior permission from the Information and Communications Security Department.
- It is prohibited to carry out any activity that would affect the efficiency and safety of systems and assets without obtaining prior permission from the Information and Communications Security Department, including activities that enable the user to obtain higher powers and privileges.
- The computer must be secured before leaving the office by locking the screen, or signing out (Sign out or Lock), whether leaving for a short period or at the end of working hours.
- It is prohibited to leave any classified information in easily accessible places, or to view it by unauthorized persons.
- It is prohibited to install external tools on the computer without prior permission from the Deanship of Information Technology.
- The Information and Communications Security Department must be notified when suspecting any activity that may cause damage to the university’s computers or assets.

 

 

 
Acceptable use of the Internet and software
 
- The Information and Communications Security Department must be informed if there are suspicious websites that should be blocked. Or vice versa.
- You must ensure that intellectual property rights are not violated while downloading information or documents for business purposes.
- Use of unlicensed software or other intellectual property is prohibited.
- You must use a secure and authorized browser to access the internal network or the Internet.
- It is prohibited to use technologies that allow bypassing the proxy or firewall to access the Internet.
- It is prohibited to download or install software and tools on university assets without prior permission from the Deanship of Information Technology.
- Use of the Internet for non-work purposes, including downloading media and files and using file sharing software, is prohibited.
- The Information and Communications Security Department must be notified when cyber risks are suspected, and security messages that may appear while browsing the Internet or internal networks must be treated with caution.
- It is prohibited to conduct a security examination for the purpose of discovering security vulnerabilities, including conducting a penetration test, or monitoring the university’s networks and systems, or the networks and systems of third parties, without obtaining prior permission from the Information and Communications Security Department.
- It is prohibited to use file sharing sites without prior permission from the Information and Communications Security Department.

 

 

 
Acceptable use of email and communications system
- The use of email, telephone, fax, or e-fax for non-business purposes is prohibited, and in accordance with cybersecurity policies and standards.
- It is prohibited to circulate messages containing inappropriate or unacceptable content, including messages circulating with internal and external parties.
- Encryption techniques should be used when sending sensitive information via email or communications systems.
- The university's email address must not be registered on any site that is not related to work.
- The Information and Communications Security Department must be notified when there is suspicion of e-mail messages containing content that may cause damage to the university’s systems or assets.
- The university reserves the right to reveal the contents of e-mail messages after obtaining the necessary permissions from the authorized person and the Information and Communications Security Department in accordance with the relevant procedures and regulations.
- Do not open suspicious or unexpected emails and attachments even if they appear to be from trustworthy sources.
 
 Video meetings and web-based communications
 
- It is prohibited to use unauthorized tools or software to make calls or hold video meetings.
- It is prohibited to make calls or hold video meetings that are not work-related without prior authorization.
 
Passwords Usage
- You must choose secure passwords, and maintain passwords for university systems and their origins. You must also choose different passwords than passwords for personal accounts, such as personal email accounts and social networking sites.
- It is prohibited to share the password through any means, including electronic correspondence, voice communications, or paper writing. All users must not disclose the password to any other party, including co-workers and employees of the Deanship of Information Technology.
- You must change your password, when you are provided with a new password by your system administrator.