cybersecurity

Cyber Security Unit

About Cyber Security

According to the regulation of the National Cyber Security Authority (NCA) issued by Royal Decree No. 6801 dated 11/02/1439 AH, Cyber security has been defined as the protection of networks, information technology systems, operation systems, and their content from any malicious programs or harmful programs. Also, it protects the electronic services and the contained data from any breach, disruption, modification, illegal entry, use, or exploitation. Cyber security includes information security, cyber security, digital security, etc.

Cyber Security Terminology

According to the NCA's issued guidelines and controls for cybersecurity, the following terms and definitions have been introduced.

Terms

Definition

Cyberspace

The interconnected network of information technology infrastructure includes the Internet, communications networks, computer systems, devices connected to the Internet, and the processors and associated controllers. The term can also refer to the virtual world or domain as an experienced phenomenon or an abstract concept.

Policy

A document specifies a general commitment, directive, or intent officially expressed by the authority holder. The cybersecurity policy is a document that represents the official commitment of the entity's senior management to implement and improve the entity's cybersecurity program. The policy includes the entity's cybersecurity program objectives, controls, requirements, and improvement and development mechanism.

Privacy

Freedom from unauthorized interference or disclosure of personal information about an individual.

Asset

Anything tangible or intangible has value to the entity. There are many types of assets. Some of these assets include obvious things, such as people, machines, facilities, patents, software, and services. The term can also include intangible things, such as information and characteristics (such as the reputation and public image of the entity or skill and knowledge).

Attack

Any type of malicious activity that attempts to illegally access, collect, disable, prevent, destroy, or destroy information systems resources or the information itself.

Audit

Independent review and study of records and activities to assess cyber security controls' effectiveness and ensure adherence to relevant policies, operational procedures, standards, and legislative and regulatory requirements.

Authentication

Confirmation of the user's identity, process, or device is often a prerequisite for allowing access to resources in the system.

Authorization

The feature of determining and verifying the user's rights/licenses to access the entity's information, technical resources, and assets and allowing it according to what was previously specified in the user's rights/licenses.

Availability

Ensure timely access and use of information, data, systems, and applications.

Backup

Files, devices, data, and procedures are available in case of failure or loss or if the original is deleted or discontinued.

Threat

Any circumstance or event likely to negatively affect the entity's business (including its mission, functions, credibility, or reputation), assets, or employees by exploiting an information system through unauthorized access to information, destruction, disclosure, alteration, or denial of service. Also, the threat source's ability to use one of the weaknesses of a particular information system. This definition includes cyber threats.

Vulnerability

Any kind of weakness in a computer system, its programs or applications, a set of procedures, or anything that makes cybersecurity vulnerable.

CCTV

Closed-circuit television, or video surveillance, uses video cameras to send a signal to a specific location on a limited set of screens. This term is often applied to the technology used for surveillance in areas that may need to be monitored and where physical security is an essential requirement.

Confidentiality

Maintain authorized limits on access to and disclosure information, including protecting personal privacy and proprietary information.

Confidentia Data / Information

It is information (or data) considered extremely sensitive and vital, according to the entity’s classification, and intended for use by a specific entity or entities. One of the ways that can be used to classify this type of information is to measure the extent of harm when it is disclosed or accessed in an unauthorized manner. It may lead to material or moral damage to the entity or those dealing with it, affect the lives of persons related to that information, or act and harm the security of the state, its national economy, or its national capabilities for unauthorized disclosure, loss or destruction, accountability or legal penalties.

Cryptography

It is also called cryptography, and it is the rules that include principles, means, and methods of storing and transmitting data or information in a particular form to hide its semantic content, prevent unauthorized use, or prevent undiscovered modification so that only the persons concerned can read and process it.

Cyber-Attack

Deliberate exploitation of computer systems, networks, and entities whose work depends on information technology and digital communications to cause damage.

Cyber Risks

Risks affecting the entity’s business operations (including the entity’s vision, mission, management, image, or reputation), the entity’s assets, individuals, other entities, or the country due to the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems.

Cyber security Resilience

The entity can withstand cyber events and damage caused and recover from them.

Advanced persistent Threat (APT) Protection

Protection from advanced threats that use hidden methods aimed at illegal entry into technical systems and networks and trying to stay in them for as long as possible by avoiding detection and protection systems. These methods usually use previously unknown (Zero-Day Malware) viruses and malware to achieve their goal.

Identification

A means of verifying the identity of a user, process, or device, and is usually a prerequisite for granting access to resources in the system.

Incident

A security violation violates cybersecurity policies, acceptable use policies, practices, controls, or requirements.

Integrity

Protection against unauthorized modification or destruction of information, including assurance of information non-denial and reliability.

Malware

Software that infects systems in a (mostly) hidden way violates the confidentiality, integrity, accuracy, or availability of data, applications, or operating systems. 

Penetration Testing

The practice of testing a computer system, network, website application, or smartphone application to find vulnerabilities that an attacker can exploit.

Phishing Emails

Obtain sensitive information such as usernames, passwords, or credit card details, often for malicious reasons and intent, by masquerading as a trustworthy entity in emails.

Physical Security

Physical security describes security measures designed to prevent unauthorized access to an entity's facilities, equipment, and resources and to protect people and property from damage or damage (such as espionage, theft, or terrorist attacks). Physical security involves using multiple layers of interconnected systems, including Security guards, security borders, locks, CCTV systems, CCTV access control, and many other technologies.

Controls, Guidelines, and Policies for Cyber Security

In light of the unified government work in the Kingdom of Saudi Arabia (KSA) for digital transformation and cybersecurity, the National Cyber Security Authority (NCA) presented policies, legislation, governance mechanisms, frameworks, standards, controls, and guidelines related to cyber security (Figure: 1).

https://bu.edu.sa/documents/230756/79987764/aa.jpg/2a8c4595-6a3f-82d6-ea0a-68d94457c450?t=1639386486213&imagePreview=1

Figure 1: Overall conceptual mode for Cyber security.

 

These legislations and policies, which have been published lately, aim to be implemented by the relevant government agencies. This will create a safe cyberspace alongside best practices and standards. At Albaha University, as an educational organization, the cybersecurity management department adopted the appropriate guidelines and policies, which were implemented after being approved by the president of Albaha University. 


Please visit the link below for more information about the regulations and controls.

 https://nca.gov.sa/pages/legislation.html

Cybersecurity Toolkit

Legislation links related to cybersecurity skills in Saudi Arabia

Report cypersecurity incidents at albaha university

It is an initiative provided by the Cyber security department at Albaha University through the Cyber security incident response team to treat existing and expected potential cyber risks via:

contact us