Ministerial controls and legislation

_

Electronic policies and controls for the University of Baghdad

_
Managing and using e-mail for the University of Baghdad domain

Introduction
Policies and controls for managing and using e-mail are a basic document that clarifies work frameworks, defines roles and responsibilities, and shows the correct practices and minimum commitment required to be observed and implemented by university e-mail users of all grades, categories, and positions to achieve the security and safety of the university e-mail service.
Note: The policies and controls of the University of Baghdad do not conflict with the information and data security policies and standards document issued by the General Secretariat of the Council of Ministers (rather, they are complementary to it).

Goal
Providing a safe, reliable, and smooth information and electronic correspondence systems environment to ensure the optimal use of the university email account service, so that all employees within the university bear responsibility for the correct use of the email system by establishing controls and instructions that clarify acceptable and prohibited practices and protecting the system from illegal access.

Field
All employees within the University of Baghdad who have an official university account under the uobaghdad.edu.iq domain

General controls
a. All members of the staff of the University of Baghdad and students of primary and postgraduate studies have the right to own a university email account within the domain uobaghdad.edu.iq
B. The university account is the property of the university and may not be used for personal purposes or in a way that may negatively affect the progress of work, harm the reputation of the university, or exhaust available resources without benefit or scientific or administrative need. For example, do not send large attachments except when needed, such as audio and image files or any other large files, which may negatively affect the efficiency of the system.
C. Official e-mail should be used for official correspondence and commercial e-mail accounts should not be used.
D. Use formal formats for the body and title of the message, especially in official correspondence, where the message must contain a clear title and body that explains the purpose of the message. The message must be appended with an electronic signature that includes the name of the affiliation or the body sending the message (with the necessity of writing the name of the University of Baghdad) and any other means of communication, if any. Found, in addition to the presence of a disclaimer wording (as in paragraph five)
E. The official university accounts and information exchanged via e-mail are the property of the University of Baghdad, so the university has the right to audit and monitor e-mail and the content of correspondence whenever necessary (as stated in the information security policies and standards document and statements issued by the General Secretariat of the Council of Ministers). Auditing and monitoring are carried out by the system manager and members of the work team, in coordination with the information security manager, after obtaining the approval of senior management.
F. The Information Security Manager has the right to suggest any security technical additions to the System Manager for the public interest and to ensure the security of exchanged messages.
G. Do not respond to any strange, suspicious or unknown message, but the system administrator must be notified of the arrival of messages of this type so that the necessary measures can be taken.
H. It is not permissible to reveal the password or allow others to use unauthorized e-mail, and the violator shall bear the resulting legal consequences.
I. University accounts are divided into two parts:
1. Personal account: It bears the person’s name and is private only to the owner (student or affiliate), according to what is registered in the user profile.
2. An administrative or scientific formation account (department, division, unit, committee, conference, etc.) that is specific to a subsidiary administrative body of the university, such as colleges, institutes, centers, and what branches from them, such as departments, divisions, units, journals, committees, or any other body, according to work requirements, and the account must be created by an official request. It states the purpose of the innovation and the person responsible for its management.
J. Use a password that is unique, difficult to guess, non-consecutive, and long enough. It must be composed of letters, numbers, and symbols and without repetition, taking into account changing it periodically and not using it in more than one account or login system.
K. Resetting passwords is the responsibility of the work team and the account management officials of colleges, institutes and universities, and it is done in the event of forgetting or losing the password that the user is currently using, after submitting a request from the account holder and verifying his identity.
L. The System Administrator and the Information Security Director have the authority to add additional security features to some of the university’s sensitive accounts, the penetration of which could lead to serious harm, as required by the public interest.
M. The university has the right to set limits on the storage capacity of accounts according to their type and purpose to control the available storage space.
N. Adherence to the terms and conditions of use of the university’s email service provider

Managing the websites of the University of Baghdad

Introduction
Website management policies and controls are a basic document that clarifies work frameworks, defines roles and responsibilities, and shows the correct practices required to be observed and implemented by website administrators affiliated with the University of Baghdad, with their various powers, to achieve the security and safety of websites.
Note: The policies and controls of the University of Baghdad do not conflict with the information and data security policies and standards document issued by the General Secretariat of the Council of Ministers (rather, they are complementary to it).

Goal
Providing a safe, reliable, and smooth information systems environment to ensure the optimal use of website management, so that all website administrators (according to their granted powers) within the university bear responsibility for correct and secure use by establishing controls and instructions that clarify acceptable and prohibited practices and protecting the system from illegal access.

Field
All website administrators with their various powers

General Controls
A. The official university email account must be used in the website administration accounts.
B. It is not permissible to reveal the password or allow others to use it, the confidentiality of the information within the system must be maintained, and the violator shall bear the resulting legal consequences.
C. Four types of accounts differ in roles or powers to manage the website:
1. Superadmin account for the system administrator and the website system management team: The owner of this account has absolute powers to access all websites affiliated with the University of Baghdad, and they are identified by the system administrator and in an official letter.
2. Administrator account: A unique account whose owner is the website unit administrator in colleges, institutes, or centers, or the website administrator in the university presidency departments. The owner of this account has almost absolute powers that allow him to manage his site.
3. Editor’s account within the supporting team: The owner of this account has fewer powers than the site administrator’s account.
4. The writer’s account within the supporting team: Author: The owner of this account has the privilege to add and edit news only.
D. A unique password should be assigned, difficult to guess, non-consecutive, and long enough. It must be composed of letters, numbers, and symbols without repetition, taking into account changing it periodically and not using it in more than one account or login system.
E. Resetting passwords is the responsibility of the website system management team in the website and is done in the event of forgetting or losing the password used by the user, after submitting a request from the account holder through the technical support system.
F. The Information Security Manager has the right to suggest any security technical additions to the System Manager for the public interest and to ensure the security of websites.
G. It is necessary to activate the two-factor authentication feature in the website administration accounts.
H. Two or more accounts for the site manager category in one configuration were not allowed, and the administrator of the website unit or the person responsible for managing it is the sole owner of this account.
I. It may be necessary to review logs by the system administrator
J. The formation can submit a request in an official letter addressed to the Website Division to create a website with a subdomain within the domain of the University of Baghdad for conferences held within the formations, its management will be either through the Website Division by adding a member of the division’s staff within the conference committees, or by nominating a name within the formation staff.
K. In the event of changing the website administrator, an official handover of the accounts must be made between the previous and current administrator and the website division must be notified with an official letter containing the full information for the new administrator (full name in Arabic, full name in English, official university account, phone number).
l. The Website Division determines the levels of authority referred to in Paragraph (Third – C) according to what it deems appropriate from a technical and security standpoint.
m. All categories of accounts have the right to use the technical support system for technical inquiries or to modify the site administration accounts (except the site manager account).

User data protection policy

Introduction
Data is one of the University of Baghdad’s main assets that requires procedures and responsibilities to protect it. Differently classified data should be protected in storage, transmission, access, etc. so that it cannot be disclosed, disseminated or modified.

Goal
The data protection policy addresses the stored (electronic) data maintained by the University of Baghdad, as well as the people who use it, the methods they follow in dealing with it, and the devices used to access it, to ensure data confidentiality and maintain quality standards in data protection.

Field
This policy applies to all systems, people, and work methods that conduct business, including all executives, committees, departments, partners, employees, and other parties who have access to data systems or data used for the University of Baghdad.

Commitments

  • The University of Baghdad is committed to the data protection clause, which is included in the national policies for information security and safety and approved by the National Authority for Information Security and Safety.
  • All electronic data is stored on its systems to allow for regular backups
  • Employees must not be allowed to access data unless they are informed and agree to the conditions for accessing the data they will deal with
  • Databases containing personal data have specific procedures for managing it and securing records and documents
  • Files that are classified as potential security risks are stored in the most secure areas of the network
  • The University of Baghdad is committed to maintaining the confidentiality of user data for its systems and disclaims any responsibility if the data is disclosed or disclosed by the same person or for unsafe use.
  • The University of Baghdad is committed to Google’s policies regarding the correct and safe use and methods of protecting linked electronic accounts.

Comments are disabled.