Information Security Incident Management Policy

The purpose of this policy is to ensure that all information security incidents related to the IT systems at UTAS-Sur are reported, investigated, and resolved promptly and effectively. 

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated. 

Information Systems and Educational Technologies Center.

‏Assistant Vice Chancellor for UTAS – Sur.

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions. 

 Definition of Information Security Incidents   

Information security incidents UTAS-Sur are defined as any unexpected events that may impact the university’s information systems. These may include: 

• Service disruptions or system failures that affect the availability of IT services.
• Breaches of confidentiality, integrity, or availability of university data.
• Cybersecurity threats, including malware attacks, phishing attempts, and unauthorized access.
• Physical security breaches affecting information security.

 

Reporting Information Security Incidents 

• All university members must immediately report any security incidents through designated channels. 

• A dedicated email or reporting platform must be made available for incident submission. 

• The university must maintain a centralized log of all reported incidents for analysis and mitigation. 

•  The Information Security Department must investigate and take appropriate corrective measures. 

•  Critical incidents must be escalated to senior management for review and action. 

 

Incident Handling and Response: 

• The university must establish a documented incident response plan. 

• Security incidents should be classified based on their severity and impact. 

• The response team should conduct a thorough investigation, containment, and recovery process. 

• Any lessons learned from incidents should be used to enhance security measures. 

 

Incident Prevention and Monitoring: 

• Regular security audits and monitoring must be conducted to detect vulnerabilities. 

• Employees should receive ongoing training to identify and prevent security threats. 

• Security policies and all security documents should be continuously updated to reflect new threats and risks. 

  

This policy shall take effect from the approval date.