Information Technology Protection Department (IT)

IT Security Department

Given the increasing growth in the production and recording of device information on computers and computer networks, and the inter-device exchange of correspondence and data, protecting the digital information assets of the information technology field and minimizing any internal and external threats and vulnerabilities is of great importance. This necessitates a set of security initiatives and measures, both hardware and software, to counter and neutralize threats. Protecting the digital information assets of the IT field and minimizing any internal and external threats and vulnerabilities is the most important goal of this unit.

Job Description

1- Identifying the information security space and defining its scope and boundaries

2- Identifying existing information assets and categorizing them

3- Following up on the formation of the Information Security Strategic Committee and active participation in that committee

4- Following up on the preparation of a computer identity card for networks, hardware, software, user access, and updating it by the device's information technology unit

5- Determining general security regulations, the location of main hardware systems, and controlling access to those locations

6- Determining the security classification of information that has been digitized.

7- Preparing and following up on the implementation of security regulations and instructions, the production, maintenance, circulation, access, duplication, and destruction of digital documents and information

8- Supervising the establishment or blocking of physical and logical input and output ports of systems by the device's information technology unit

9- Developing and issuing security regulations related to the entry and exit of hardware and software equipment from buildings and places and supervising their proper implementation

10- Supervising the observance of security considerations regarding the installation and development of existing networks in the device

11- Following up on the implementation and periodic review of the possibility of penetration and security vulnerabilities of existing systems and following up on the elimination of possible defects

12- Following up, receiving, and reviewing reports of successful and unsuccessful attempts to penetrate existing systems and reporting to the relevant officials of the device and the country's general security

13- Following up on the implementation of network traffic monitoring by the device's information technology unit and supervising and obtaining occasional and periodic reports from that unit

14- Determining the qualifications of contractors and consultants of the organization to perform information technology services before signing a contract

15- Periodic monitoring of the process of preparing backup copies of classified information and how they are stored.