Information Security Awareness Policy

The purpose of this policy is to ensure that all members at UTAS-Sur are aware about information security policies, procedures, standards, and threats. The awareness efforts are structured to align with the university’s specific security needs. 

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated.  

Information Systems and Educational Technologies Center.

‏Assistant Vice Chancellor for UTAS – Sur.  

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions. 

Awareness Program Implementation: 

• UTAS must establish and implement a formal security awareness plan that includes all members 

• The plan should outline specific activities and communication channels for disseminating security awareness messages and training materials. 

• The responsibility for designing, executing, and maintaining this plan lies with Information Systems and Educational Technologies Center. 

• All university members and relevant third parties must participate in awareness programs to ensure compliance with security policies. 

• Security policies, privacy statements, and other related documents must be made publicly accessible on the university’s official website. 

• UTAS must implement clear, measurable methods to assess security awareness levels among users. 

 

Online Security Awareness: 

• The university must encourage users of its online services to secure their devices with updated security solutions, including antivirus software, anti-spyware, spam filters, and firewall protections. 

• UTAS should provide educational programs to protect the university’s members from losing passwords and phishing threats to both internal users and customers. 

• Users must be informed about safe online practices and ways to identify potential security risks. 

• Employees and third parties must be trained in how to recognize phishing, data interception, and social engineering attacks. 

• Any suspicious activity must be reported immediately to the university’s information security team. 

This policy shall take effect from the approval date.