Information Security Awarness

1. System security

Osool & Bakheet Investment Company recommends that customers to do the following to secure their systems, and to minimize the risk of potential threats:

  1.1: Use a personal firewall.

  1.2: Always download and install authorized operating system updates.

  1.3: Run and maintain an anti-virus product on your home computer and update regularly..

  1.4: Do not run or install programs of unknown origins.

  1.5: Customers are highly recommended not to access their accounts at Osool & Bakheet Investment Company from public computers as they may not be totally secured..

  1.6: Customers are highly recommended and advised never to leave their PCs unattended when they log into Osool & Bakheet Investment Company’s website accounts.

  1.7: Customers must logout properly whenever they finish..


2. Securing your passwords

To secure your own passwords, we recommended the following:

  2.1: Customers must never disclose their passwords to any one, including Osool & Bakheet Investment Company employees.

  2.2: If a customer suspects that his own password has been compromised, he/she must change his/her password as soon as possible.

  2.3: Use alphanumeric passwords to minimize password theft, and avoid using easy passwords such as your birthday and your mobile numbers.

  2.4: Customers must avoid storing their passwords on their PC or Mobile.

  2.5: Customers must not setup their computer to save their passwords and never to tick the “remember password” box.

  2.6: Customers are highly recommended not to assign the same password for websites. .


3. Reporting suspicious activities:

Any suspicious activities such as phishing scams, or in case of receiving any virus threats through an email, needs to be reported immediately to Osool & Bakheet Investment Company’s website, through the following links:

  3.1: Enter to Osool & Bakheet Investment Company’s main page through the htts://

  3.2: From the main page go to the “Contact us” and choose the feedback from the drop down list, where you can report Osool & Bakheet Investment Company any suspicious activities. 3.3: Customer should report any security incident to Osool & Bakheet Investment Company by email at or by calling 0114191797. This will enable Osool & Bakheet Investment Company to take appropriate actions to protect you.


4. Informing Security Awareness:

Osool & Bakheet Investment Company had taken into consideration informing the customers about the updates on the security awareness side, whenever any new updates happen and on a quarterly basis (every three months) where Osool & Bakheet Investment Company will notify the customers as to the following:

  4.1: Osool & Bakheet Investment Company will put and advertise a banner on Osool & Bakheet Investment Company’s websites ( which attracts the customers’ attention.

  4.2: This banner is going to direct the customers whenever its pressed to Osool & Bakheet Investment Company security awareness, where the customers will see the whole updates been done and any security threats on Osool & Bakheet Investment Company’s website in order to be fully aware and cautious about these threats such as (Phishing, malware , etc…).


5. Passwords Best Practices:

Password Handling


• Use different passwords for different information systems and levels
• Change a password immediately if there is even the slightest possibility it has been compromised
• Report possible password breaches to the Tadawul system security department.

Do not

• Write down passwords
• Store passwords in a file on any computer system (including Palm Pilots or similar devices)
• Share or disclose passwords to anyone even to your manager
• Re-use old passwords
• Use TADAWUL passwords on non-TADAWUL systems
• Reveal a password to co-workers while on vacation
• Reveal a password in an e-mail message or other means of electronic communication
• Talk about a password in front of others or hint at the format of a password
• Use the "Remember Password" feature of applications (For example: Outlook, Netscape Messenger)

Password Content

A good password
• Is a mixture of uppercase and lowercase letters, digits (numeric characters), punctuation characters (minimum 8 characters)
• Has at least one upper case character, not in the first position
• Is easy to remember (so you don't need to write it down)
• Is easy to type quickly (makes it difficult for an observer)
• Is difficult to guess

Good examples

• Choose a line or two of a song, poem, … and just use the first characters
• Use special characters to connect two parts of a password
• Use the "Remember Password" feature of applications (For example: Outlook, Netscape Messenger)

Bad examples

• Passwords containing the name "TADAWUL" or the name of the Member or its customers
• Passwords containing words from a dictionary (whatever the language)
Passwords containing name of your spouse, parent, colleague, pet, towns, months, days, car registration number, phone number, birth date or any other personal information
• Passwords containing obvious keyboard sequences
• Passwords containing series of identical letters or numbers
• Passwords containing the user-id
• Any of the above spelled backwards, or with numbers before or after

6. Updating and investigating security aspects:

Updating and investigating security aspects are going to be done on a quarterly basis by the IT security administrator and the network administrator to investigate any new security issues, in order to update the whole security document plus the security awareness materials existed on Osool & Bakheet Investment Company website.


7. Security Links:

Helpful resources providing additional information on a safe and secure online experience:
NetGuide magazine is one of best selling technology magazines. NetGuide's website features advice such as how to keep your computer running efficiently and how to keep it secure. They even have a section that provides you with practical steps to take in order to implement safer online banking tips
Microsoft - Security At Home
Software provider Microsoft has provided a website specifically aimed at providing information to people on how to protect their computer, themselves and their families.
SANS Internet Storm Center (ISC)
he ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
Anti-PhishingGroup Working 
The Anti-Phishing Working Group (APWG) is a global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.