Lack of security documentation 

It leads to weak data and information protection, increased security risks, difficulty in responding to incidents, as well as lack of clarity of security procedures for employees and students.  

No control  

1. Create a Security Documentation Plan  
2. Define clear policies for access control and permission levels for sensitive data and systems.  
3. Create written protocols for handling data breaches, cyber-attacks, or other security incidents. This includes identifying responsible parties, containment procedures, and communication strategies.  
4. Create and document procedures for data backup, storage, and recovery to ensure continuity of operations in the event of data loss or system failures    

The chairman of risk management sub-committee in UTAS-SUR
Dr.Sami Al-Batashi, Phone: +968 9293 9604
Email: sami.albattashi@utas.edu.om

Risk Management Committee in UTAS-SUR

  High 

  High 

  High 

1. The incident is assessed immediately to determine its severity and take containment actions.  
2. The response team gathers information and data to analyses the incident and identify the root cause.  
3. Actions are taken to remove threats and malware from affected systems.  
4. The process of restoring services and systems begins, ensuring they are secure before being brought back online.  
5. After the incident, a review is conducted to assess the response and analyses lessons learned for future improvement.   
6. Modifying the Security Documentation  

By sending the final report explaining the problem causes and how we can mitigate next times.