The DRIS department is responsible for leading the day to day management and monitoring of Information Security Systems and reporting on the risk and compliance of systems and processes that support Data, Governance and Management of IT, Information Systems Acquisition and Software Development and Implementation in accordance with mandated standards and procedures. The Department oversees the conduct of Cybersecurity awareness and implementation of management practices to embed a Digital and Data culture focused on sound operational and compliance risk practices, and on positive customer outcomes.


The Digital Risk & Information Security Department is responsible for:

  • Managing Identity and Access of KFUPM users and services.
  • Adhering to National Cybersecurity Authority mandated security standards.
  • Handling cybersecurity incidents and conduct investigation / forensics of such incidents.
  • Establishing Governance Risk and Compliance for all KFUPM information assets.
  • Providing Security Awareness and Training.
  • Establishing effective policies, plans and procedures and design and implement security architecture to ensure in depth defense for all Information Assets.
  • Ensuring end to end security based on a multi-layered defense in depth design and Zero Trust.
  • Ensuring that KFUPM Information Assets and Services are secured to the mandated level in terms of Confidentiality, Integrity, Availability, and Non-repudiation.


The Digital Risk & Information Security Department has three units:

  • IT Compliance Unit (ITCU)

    The ITCU help in protecting KFUPM information by defining a set of rules, policies, safeguards, procedures, and performing/conducting continuous monitoring, enforcement, reporting, and auditing to remain in compliance with the university regulatory requirements and the National Cybersecurity Authority controls.

    Along with overseeing the ICTC Cybersecurity Awareness activities that focus on developing and implementing awareness and training programs for KFUPM users.

  • Identity and Access Management Unit (IAM)

    IAM is a cybersecurity discipline focused on managing user identities and access permissions on a computer network. the goal of any IAM initiative is to ensure that the right users and devices can access the right resources for the right reasons at the right time.

  • Information security Unit (ISU)

    The Information Security unit ensures that the KFUPM Information Assets and Services are secured to the required level in terms of Confidentiality, Integrity, Availability, and Non-repudiation.

    The security team addresses the challenges based on a proactive risk management methodology. The team is engaged in continuous improvements in Information Security at KFUPM by carrying out a systematic assessment of critical assets, risks to these assets, vulnerabilities, and prioritized risk treatment.  The team establishes effective policies and procedures, plans and designs the technical security components to keep the University safe from cyber threats.