Sorry, you need to enable JavaScript to visit this website.

Cybersecurity Policy for Remote Work

General Requirements:

1- Cybersecurity Risk Management:

·       The cybersecurity risk management methodology must include, at a minimum, the following:

-          A cybersecurity risk assessment when planning and before allowing remote work for any service or system.

-          A cybersecurity risk assessment of remote work systems, at least annually.

-          The cybersecurity risks of remote work systems and services and systems permitted for remote work must be included in King Saud University's cybersecurity risk register, and monitored at least annually.

 

2- Remote Work Controls:

·       All university employees and contractors must adhere to the Acceptable Use of Assets Policy and the Data and Information Protection Policy when using and accessing King Saud University systems and services through remote work.

·       Approval from the relevant management must be obtained, and all appropriate security arrangements and controls must be in place before remote work activities are permitted.

·       Access rights for remote work activities must be provided on a need-to-know basis, taking into account the sensitivity of the systems, the level of access rights, and the type of devices the users will be using.

·       Multi-factor authentication (MFA) must be applied to remote access users.

·       Remote access must be limited to a single session for the same user from multiple computers at the same time (simultaneous logins).

·       The system used for remote work activities must be able to verify that anti-malware is applied on end-user devices before connecting to the university network.

·       Upon completion of remote work activities, access rights and authorizations will be revoked, and devices (if provided by King Saud University) will be returned immediately.

·       An accurate and up-to-date record of all remote work activities must be maintained.

-          King Saud University only permits the use of personal or university-provided devices for remote work and remote network access. The asset owner must consider the following security arrangements:

-          Ensure the physical security of devices and protect against theft and loss.

-         

-           Ensure that devices are encrypted (if they contain confidential information).

-         

-           Use appropriate anti-malware and device security controls (such as antivirus software, personal firewalls, and mobile device management software).

-         

-          Connect to the university network using secure tunneling methods (such as SSL or VPN).

-         

-           Implement appropriate authentication/authorization mechanisms.

-         

-           Securely handle identities and passwords. Each user is responsible for securing their username and password and bears full responsibility for all actions taken through their account.

-         

-          Contact the General Department of Cybersecurity directly in the event of any suspected threat or incident.

-          in the event of any suspected threat or incident.

-          Security patches and required updates must be applied at least once every three months.

·       Remote work systems must be reviewed annually.

·       Session management must be adequately secured, including session authentication, security, and downtime.

·       KSU's penetration testing scope must also cover remote work systems.

·       KSU's remote work systems must be monitored for cybersecurity incidents.

·       Remote access from outside the Kingdom of Saudi Arabia must be prevented.

·       Hosted remote work systems must be located within the Kingdom of Saudi Arabia.

·       The use of all third-party remote work systems not approved by King Saud University for remote work activities, such as TeamViewer, Any Desk, etc., is prohibited.

 

3- Cybersecurity Awareness and Training Program:

·       The cybersecurity awareness program must cover the cyber risks and threats associated with remote work and the safe use of these risks and threats, including:

-          Safe use, maintenance, and protection of devices designated for remote work.

-          Safe handling of login identities and passwords.

-          Protecting data stored on devices used for remote work and handling them according to their classification and King Saud University procedures and policies.

-          Safe handling of applications and solutions used for remote work, such as virtual meetings, collaboration, and file sharing.

-          Safe handling of home networks and ensuring their security settings.

-          Avoid remote work using untrusted public devices or networks or while in public places.

-          Unauthorized physical access, loss, theft, and vandalism of technical assets and remote work systems.

-          Communicate directly with the relevant cybersecurity department at the entity in the event of a suspected cybersecurity threat.

Employees must be trained in the technical skills necessary to ensure cybersecurity requirements and 


Last updated on : September 1, 2025 1:15pm