Information Security Department at the Deanship of Information Technology, University of Tabuk
Within the direction of the Deanship of Information Technology to provide protection for information assets from the risks that may threaten them, the Department has established the Information Security Department, and the main goal of the Department is to create a safe work environment by ensuring the protection of information assets and the continuous assurance of their confidentiality, integrity and availability. Based on the latest and best practices, the administration consists of four main departments:
1- Section: Application and Hardware Security and Access Control
His job :
Ensuring the protection of information assets at the University of Tabuk proactively from electronic threats, and to prevent the occurrence of cybersecurity incidents or their recurrence in line with the risk management policy at the University of Tabuk.
His tasks:
Determining the requirements of confidentiality, integrity and availability of information assets at the University of Tabuk.
• Maintaining a safe infrastructure at the University of Tabuk.
Ensure that security requirements are met during the development and use of all assets.
• Identifying, prioritizing and classifying vital information and assets (classification by the extent of importance and sensitivity of information assets).
• Developing and maintaining inventories of information assets at the University of Tabuk.
2- Section: Security Operations Center
And its spectrum:
Monitor, detect and monitor ongoing work, discover any security incidents, and report suspicious incidents or unauthorized entries as soon as possible.
His tasks:
• Collecting information and following up on all new developments about potential threats to information security.
• Analyzing and managing threats to information security.
Monitor records and other information sources (users, applications, networks, systems, access to physical assets, etc.).
• Managing security vulnerabilities, viruses and malware.
3- Section: Responding to Security Incidents
His job:
Prompt response and deal when a cybersecurity incident occurs, reduce its impact and ensure the speed of returning assets to normal operations as soon as possible The assets include technology and information.
His tasks:
• Incident management planning and response.
• Business continuity planning.
• Plan for disaster recovery.
• Conducting tests, exercises and rehearsals on all response plans.
• Security incidents management (detection, analysis, response and recovery).
• Cause analysis and post-incident security reviews.
• Work with law enforcement and other regulatory agencies during and after a security incident.
4- Department: Information Security Governance
His job:
Managing, measuring performance and correcting the course of all information security activities. It includes ensuring compliance with all external and internal requirements, spreading security culture and minimizing risks in line with Tabuk University's risk-bearing policy.
His tasks:
• Develop, implement and maintain the information security program, planning and operations.
Defining information security roles and responsibilities.
• Allocating appropriately trained and skilled resources to implement the information security program and plan.
• Identify, manage and maintain the assets required to implement the information security program and plan.
• Defining and implementing information security policies. And conduct audits.
• Managing relationships with third parties (suppliers, contractors, partners, national cybersecurity centers ...)
• Managing knowledge, skills, capabilities, availability of an information security team, and implementing an information security awareness and training program for employees of Tabuk University.