Remote Access Policy
|
The university's academic staff, students and others may need access to information services and internal resources from outside the campus. This policy streamlines the process, while making sure that all the communication is secure and is provided to valid users.
|
Overview
|
|
This policy applies to all employees, academic staff, students and others who may wish to access the university network remotely.
|
Scope
|
|
The objective of this policy is to ensure that the university identifies, develops and implements adequate controls for the management of risks associated with remote access.
|
Objective
|
Operational Policies and Procedures
- Remote access must be used for only business purposes.
- Members of the university community shall only have access to the services that they have been specifically authorized to use.
- Access by remote users shall be subject to password authentication using the normal UQU credentials.
- Access to information services shall be through a secure log-on process.
- Access by remote users is subject to being recorded and monitored.
Device and Program Configurations as well as Standards for Remotely Accessing UQU Networks
Device Configurations as well as Standards before Accessing the Network
- The availability of the latest operating system updates for the device to connect to the network.
- The availability of an original and updated version of an antivirus program supported by the manufacturer.
Device Configurations as well as Standards while Accessing the Network
- Safe surfing and Internet use: avoid visiting suspicious websites while using the VPN.
- Secure communication via e-mail services and social media: take necessary precautions to avoid e-mails and social media accounts being exploited in phishing scams.
- Handle mobile devices and storage media in a secure manner.
- Avoid accessing the UQU network using unreliable public devices and networks.
- Respect intellectual property rights; do not make available or upload files that contain software or other material, data, or information not owned by the visitor, or for which he does not have a license.
- Do not use the e-services badly, in any way, to send any commercial "spam" emails, or any similar misuse of the UQU portal.
- Avoid making available or uploading files on this portal that may contain viruses or corrupt data.
- Do not publish, post, distribute, or disseminate defamatory, infringing, pornographic, or indecent material that violates Islamic teachings, or any other unlawful material or information, via the UQU portal.
- Do not engage in any activity through the UQU portal that is considered illegal or unlawful in the Kingdom of Saudi Arabia.
- Do not advertise any product or service that would result in the UQU portal violating any applicable law or regulation of any jurisdiction.
- Do not use any device, software or procedure to interfere or attempt to interfere with the proper operation of the UQU portal;
- Avoid taking any action that imposes an unreasonably or inappropriately large load on the UQU portal infrastructure.
- Directly contact the Information Security Department in case of any cyber security threat or suspicious activity.
Relevant Documents
This policy is connected to the policies of UQU, represented by the Deanship of Information Technology, related to the access, control and remote access to the network. It is also related to the basic policies and regulations of the National Cyber Security Authority in the Saudi Kingdom as well as the policy of using a Virtual Private Network (VPN) and the regulations and policies issued by the National Cyber Security Authority, as delineated in the following table:
