ت ا ةد –

ت ا ا ةرادا

Deanship of Information Technology – Information Security Management

Information Security Management System

,- . وا 0ا1 جذ4 Product Review Form

/ 2 1 ا

: 300-F-7

را ا : 1

زا / ا ا

Software/ Equipment

ا م ص F o r C o st u m er

ا م ا / ا Requestor / Dep Name

ا ! Product Details

"#ا وا ءا &ا ' ض )ا Business Purpose

ا لو ت # Product Description

\Scope

,ا تا Security Requirements

,-&ا تا Network/Telecom

Requirements

وا ت. /ا#. 0.ر ت ي3آ '"35!

Database Connectivity / File Storage

6 . "# ا Development

7ر د/و ,9 !ا :;#!

ما5ا User License Agreement

Product Implementation Questions / ا <! '/ ,=ا

وا >. ,ا ,=ا ?/ @ا .

ا :;#! ?@ " ,.@ا د#@و م/ لB 6Cو .

ت#>ا 'ا ةراد ?" ?B –

,>@ا ا ' "3 " اذا "G! ت#>ا ,! ةد>.

Answer the following questions “YES” or “NO”. If N/A is answered please give explanation. These questions will be used by Information Security Manager, IT Deanship, King Abdulaziz University to determine if additional review is needed.

Is this product currently being used in any IT Deanship or University environment? ؟ ة+, ا د . #$ا %&آ اذا– ا وا ةد ا ةرادا ي ا اه ماا !ه

If YES, for how long?

Does/could the software/hardware support more than one application? ؟ /-01 2 +3آا !451 ز7 ا / &+- ا . !ه Will the software/hardware be maintained or supported by a departmental Tier 1 or will support by IT Deanship be required? ؟ ز7 ا / &+- ا &8 م9: ي ا 2 If the hardware/software is classified as a tool, (compilers, debuggers, monitors, test tools), is this hardware/software used in a production environment? ؟ج&$ا < ن9= !7 ، ةادآ +- ز7 ا / &+- ا نآ اذا What operating system will this product use? ؟ ا ا7 !45 ا م@& 9ه Does this hardware/software require a modification or a recompilation of the operating system? (i.e. exits, system parameters, configuration files) ؟!45 ا م@& CE. تB 1 وا ت, +1 يا C ا ا جD !ه Does this hardware/software have its own internal security or proprietary security features? ؟ FG ا تاH وا Cا م@& CE. ا ي9D !ه

Do the application activities that use this hardware/software require any administrator (Windows), root (UNIX) or authorized library (mainframe) access to implement or support their usage?

,E ا E45 ا @&$ا 2 ا 2 رادا تBF يا C ا ا جD !ه

؟ ا !45 ،

Does the hardware/software provide a security control function for an application? (i.e. Input Control, Access Control, Processing Control, Output Control, Administrative/Change Control, Telecommunications Control) ؟ ى+G$ا ت:-0 او @&$ =DE ت-1+1 يا دا.ا C ا ا جD !ه Will an application/infrastructure lose significant functionality if this hardware/software breaks? ؟ ا اه LM91 ل D ا - او ت:-0 ا CE. ر# تا+J1 يا كه !ه Does the product have specific availability requirements? ؟ O+9 ت-E0 يا ا جD !ه Would compromise of the hardware/software result in unauthorized access to production programs or data? ؟ ت&- او ا+-E ح9Q +4 ا ل9F9 ا C ا يدR ف9 !ه ، Tو ! C ا ء9E ا ل

Does this hardware/software transmit data to/from Non – IT Deanship sites? ؟ ةد ا C ا وا 2 ت& !: ا اه م9: !ه Will this product need to be accessible from the Internet? ؟ (%&+&$ا) ا ت9E ا =-V لBG 2 W ا ل9F9 ا &+- ا اه جD !ه

,HBI :

ل LE ا Z[9 ا 2 H وا ت:+ د9#و /

Tick if there are attachment

ت ا ةد –

ت ا ا ةرادا

Deanship of Information Technology – Information Security Management

Information Security Management System

,- . وا 0ا1 جذ4 Product Review Form

/ 2 2 ا

: 300-F-7

را ا : 1

,Gا را /

Potential Risks

ت#>ا 'ا لوK م#"

ةد> ,Gا ,او 'ا ?/ ا " 9 ?ا L5ا '/ 3@# ". ت#>ا ,! ةد>.

Information Security Manager will summarize potential risks of this product on the King Abdulaziz IT Deanship infrastructure, security and deployment.

ص ت # > ا ' ا ل وK F o r IS M a n a g er

ت#ا

/ Recommendation and Controls

". ت#>ا ,! ةد>. ت#>ا 'ا لوK م#"

ا )&! وا ءا M 9 ت#ا

This is a summary of Information Security Manager recommendations and controls to be considered before development, purchase or deployment of this product. .

م#"

ا د/ا لB ت#ا N;وو ,Gا تا OPا ,>@ا . '>ا وا ةد>. ' ا N@

All IT Deanship will review, identify potential impacts and make recommendations for deployment of this product.

, ا ,> @ا ا In fo rm a ti o n T ec h n o lo g y R ev ie w ءا Q"ر!

Date Completed

مIا Q"ر!

Date Received

بوا Representative

ا Department

,Gا ,ا ت

Infrastructure Services

تا ت

Application Services

,ا ت

IT Service Desk

N"ر&ا ت Project Services

'ا ت

Security Services

,ا ت" &ا Technology Sales