A simple icon, consisting of a series of links surrounded by a circle, is a common symbol for a connection or hyperlink. The lines of the icon are outlined in a dark black color on the background, with the addition of military elements of the Saudi national identity such as the Ghutra, Shamaa, and Saudi Bisht, to reflect the distinctive local character of Qassim University.
Links to official Saudi educational websites end with edu.sa
All links to official educational websites of government agencies in Saudi Arabia end with .edu.sa.
Black leather minimalist gesture tag, black circular grip, topped with a clear depiction of a Saudi tunic with a shamma and aqal, emphasizing the features of the Saudi bisht. This design symbolizes the concept of security and digital data privacy and reflects the identity of Qassim University.
protocol for encryption and security. HTTPS for encryption and security.
Secure websites in the Kingdom of Saudi Arabia use the HTTPS protocol for encryption.
Digital Government Authority

Registered with the Digital Government Authority with no: 20250413538

Qassim University logo
Open search engine
Search
MyQU Single Sign-On Portal
MyQU

Cybersecurity Management

Cybersecurity controls for sensitive systems

This document, “Cybersecurity Controls for Sensitive Systems,” outlines a comprehensive framework aimed at defining the minimum requirements and procedures necessary to protect high-priority systems within government entities and their associated organizations.

These controls are an extension of the fundamental cybersecurity controls, focusing specifically on systems whose failure or compromise could have significant negative impacts on national security, the economy, or critical services.

The document begins by clarifying fundamental concepts, such as the definition of critical systems and the criteria by which a system is classified as critical. These criteria include impacts on national security, financial losses, or the disruption of services provided to a wide segment of beneficiaries. It also reviews the components of these systems, which are not limited to technical aspects like networks, servers, and applications, but extend to include human elements, procedures, and associated documentation.

The document covers the scope of application, emphasizing the mandatory implementation of these controls for all entities owning or operating sensitive systems, with the necessity of risk assessment and identification of appropriate controls for each entity according to its nature of work. It also focuses on the importance of continuous commitment, periodic review, and updates in line with the evolution of cyber threats.

The controls are divided into four main areas, including: cybersecurity governance, cybersecurity enhancement, cybersecurity resilience, and security related to external parties and cloud computing.

Each domain includes a set of detailed controls covering multiple aspects such as identity and access management, data protection, encryption, vulnerability management, backup, and penetration testing. In general, the document aims to raise the cybersecurity readiness level of entities, enhance their ability to counter attacks, ensure business continuity, and protect information and technical assets, thereby achieving security and stability of the digital environment at the national level.

Suggestions

Single Sign-On Portal
Achievement
E-learning
Email
Directory of services
Query services

Cookies

This website uses special cookies to ensure ease of use, improve your browsing experience, and clarify the terms and policies related to About user privacy. By continuing to browse this website, you acknowledge that you accept the use of cookies and the terms of the Privacy Policy

Accept