Course Detail
Course Description
Course | Code | Semester | T+P (Hour) | Credit | ECTS |
---|---|---|---|---|---|
INFORMATION SECURITY and BUSI.CONTINUITY PLAN. | - | Spring Semester | 3+0 | 3 | 5 |
Course Program |
Prerequisites Courses | |
Recommended Elective Courses |
Language of Course | Turkish |
Course Level | First Cycle (Bachelor's Degree) |
Course Type | Elective |
Course Coordinator | Assist.Prof. Mutlu GÜRSOY |
Name of Lecturer(s) | Assist.Prof. Mutlu GÜRSOY |
Assistant(s) | |
Aim | All businesses today heavily rely on their information systems. Most cannot operate in today’s highly competitive markets without trusted, timely, and accurate information. That’s why it is very important for organizations and IT professionals to have a solid understanding of the emerging role of “information security” as a prime mechanism to control and manage risk. In this course, within the frame of main goals of information security such as confidentiality, integrity, availability and accountability along with the threats, vulnerabilities, risks and security mechanisms will be handled. |
Course Content | This course contains; Need for Information Security,Security Governance Through Principles and Policies,Risk Management and Business Continuity Planning,Cryptography – Foundations of Cryptography, and Cryptographic Algorithms,Cryptography – Cryptographic Tools and protocols for secure communication,Cryptography – Attacks on Cryptosystems,Security Vulnerabilities, Threats and Countermeasures (Client – Based Systems),Security Vulnerabilities, Threats and Countermeasures (Served – Based Systems and Databases),Physical Security, Personnel Security and Social Engineering,Secure Communications and Network Attacks,Secure Network Architecture and Securing Network Components,Access Control (Identification and Authentication),Access Control (Authorization),Disaster Recovery Planning. |
Dersin Öğrenme Kazanımları | Teaching Methods | Assessment Methods |
1. Will be able to identify relationship between information security and Protecting the organization’s ability to function | 10, 16, 9 | A |
1.1 Describe the location of information security principles and goals such as confidentiality, integrity, availability, and accountability in staying organizations functional | ||
1.2 Explain key security concepts such as threat, vulnerability, attack, threat vector that apply to different information systems categories (hardware, software, networks, phisical location, personnel, etc.) | ||
1.3 Summarize the threat modeling concepts and methodologies | ||
2. Will be able to explain risk assessment process and business impact analysis | 10, 16, 9 | A |
2.1 Express the importance of identifying vulnerabilities and threats | ||
2.2 Excplain the risk management methodologies | ||
2.3 Identify the necessity of documents, policies, standards, procedures, and guidelines in security governance. | ||
2.4 Explain key elements of a business continuity plan | ||
3. Will be able to explain the basic principles of cryptography | 10, 16, 9 | A |
3.1 Explain the difference between symetric key and public key cryptography | ||
3.2 Describe the operating principles of the most popular cryptographic tools | ||
3.3 List the major protocols used for secure communications | ||
3.4 Debate the nature and execution of the dominant methods of attack used against cryptosystems | ||
3.5 Explain the digital signature and Public Key Certificates | ||
3.6 Describe the role of PKI (Public Key Infrastructure) | ||
4. Will be able to Identify the threats posed to information security and the more common attacks associated with those threats, | 10, 16, 9 | A |
4.1 Describe the issues facing software developers, as well as the most common errors made by developers | ||
4.2 Explain how software development programs can create software that is more secure and reliable | ||
4.3 Describe three broad mechanisms malware uses to propagate | ||
4.4 Tell the basic operation of viruses, worms, and trojans | ||
4.5 Compare different approaches to database access control | ||
4.6 Explain the unique security issues related to cloud computing | ||
5. Will be able to debate the relationship between information security and physical security and human resources security | 10, 16, 9 | A |
5.1 Explain the need for the separation of duties | ||
5.2 Illustrate how an organization’s employment policies and practices can support the information security effort | ||
5.3 Explain the social engineering practises in the context of information security | ||
5.4 Describe key physical security considerations, including fire control and surveillance systems | ||
5.5 Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies | ||
6. Will be able to explain security issues in a networked environments | 10, 16, 9 | A |
6.1 Provide an overview of secure network protocols | ||
6.2 Describe firewall technology and the various approaches to firewall implementation | ||
6.3 Describe the technology that enables the use of virtual private networks | ||
6.4 Describe the categories and operating models of intrusion detection and prevention systems | ||
7. Will be able to explain the important role of access control in computerized information systems | 10, 16, 9 | A |
7.1 Explain how access control fits into the broader context that includes authentication, authorization, and audit. | ||
7.2 Define the major categories of access control policies | ||
7.3 Distinguish among subjects, objects, and access rights | ||
7.4 Explain the various methods of access control, including the use of biometric access mechanisms | ||
7.5 Explain the password attack methodologies | ||
8. Will be able to locate disaster recovery planning concept in information security management concept | 10, 16, 9 | A |
8.1 Define the nature of disaster | ||
8.2 Describe recovery strategy and recovery plan development | ||
8.3 Identify importance of training, awareness, and documentation | ||
8.4 Explain importance of the digital forensics |
Teaching Methods: | 10: Discussion Method, 16: Question - Answer Technique, 9: Lecture Method |
Assessment Methods: | A: Traditional Written Exam |
Course Outline
Order | Subjects | Preliminary Work |
---|---|---|
1 | Need for Information Security | |
2 | Security Governance Through Principles and Policies | |
3 | Risk Management and Business Continuity Planning | |
4 | Cryptography – Foundations of Cryptography, and Cryptographic Algorithms | |
5 | Cryptography – Cryptographic Tools and protocols for secure communication | |
6 | Cryptography – Attacks on Cryptosystems | |
7 | Security Vulnerabilities, Threats and Countermeasures (Client – Based Systems) | |
8 | Security Vulnerabilities, Threats and Countermeasures (Served – Based Systems and Databases) | |
9 | Physical Security, Personnel Security and Social Engineering | |
10 | Secure Communications and Network Attacks | |
11 | Secure Network Architecture and Securing Network Components | |
12 | Access Control (Identification and Authentication) | |
13 | Access Control (Authorization) | |
14 | Disaster Recovery Planning |
Resources |
Lecture Notes |
[1] Information Security Fundamentals (2014), T.R.Peltier, Second Edition, CRC Press [2] Modern Cryptography (2016), C.Easttom, McGrawHill [3] CISP Exam Guide (2016), S.Harris, F.Maymi, Seventh Edition, McGrawHill [4] CISP Official Study Guide (2018), Mike Chapple et al, Eighth Edition, John Wiley & Sons [5] Computer Security: Principles and Practice (2012),W.Stallings, L.Brown, Second Edition, Pearson [6] Business Continuity and Disaster Recovery Planning for IT Professionals (2007), S.Snedaker, Elsevier |
Course Contribution to Program Qualifications
Course Contribution to Program Qualifications | |||||||
No | Program Qualification | Contribution Level | |||||
1 | 2 | 3 | 4 | 5 | |||
1 | Defines the theoretical issues in the field of information and management. | X | |||||
2 | Describes the necessary mathematical and statistical methods in the field of information and management. | ||||||
3 | Uses at least one computer program in the field of information and management. | ||||||
4 | Sustains proficiency in a foreign language requiredor information and management studies. | ||||||
5 | Prepares informatics/software projects and work in a team. | X | |||||
6 | Constantly updates himself / herself by following developments in science and technology with an understanding of the importance of lifelong learning through critically evaluating the knowledge and skills that s/he has got.7. Uses theoretical and practical expertise in the field of information and management | X | |||||
7 | Follows up-to-date technology using a foreign language at least A1 level, holds verbal / written communication skills. | X | |||||
8 | Follows up-to-date technology using a foreign language at least A1 level, holds verbal / written communication. | ||||||
9 | Adopts organizational / institutional and social ethical values. | X | |||||
10 | Within the framework of community involvement adopts social responsibility principles and takes initiative when necessary. | ||||||
11 | Uses and analyses basic facts and data in various disciplines (economics, finance, sociology, law, business) in order to conduct interdisciplinary studies. | X | |||||
12 | Writes software in different platforms such as desktop, mobile, web on its own and / or in a team. |
Assessment Methods
Contribution Level | Absolute Evaluation | |
Rate of Midterm Exam to Success | 20 | |
Rate of Final Exam to Success | 80 | |
Total | 100 |
ECTS / Workload Table | ||||||
Activities | Number of | Duration(Hour) | Total Workload(Hour) | |||
Course Hours | 14 | 3 | 42 | |||
Guided Problem Solving | 6 | 2 | 12 | |||
Resolution of Homework Problems and Submission as a Report | 7 | 3 | 21 | |||
Term Project | 0 | 0 | 0 | |||
Presentation of Project / Seminar | 1 | 15 | 15 | |||
Quiz | 1 | 15 | 15 | |||
Midterm Exam | 1 | 20 | 20 | |||
General Exam | 1 | 25 | 25 | |||
Performance Task, Maintenance Plan | 0 | 0 | 0 | |||
Total Workload(Hour) | 150 | |||||
Dersin AKTS Kredisi = Toplam İş Yükü (Saat)/30*=(150/30) | 5 | |||||
ECTS of the course: 30 hours of work is counted as 1 ECTS credit. |
Detail Informations of the Course
Course Description
Course | Code | Semester | T+P (Hour) | Credit | ECTS |
---|---|---|---|---|---|
INFORMATION SECURITY and BUSI.CONTINUITY PLAN. | - | Spring Semester | 3+0 | 3 | 5 |
Course Program |
Prerequisites Courses | |
Recommended Elective Courses |
Language of Course | Turkish |
Course Level | First Cycle (Bachelor's Degree) |
Course Type | Elective |
Course Coordinator | Assist.Prof. Mutlu GÜRSOY |
Name of Lecturer(s) | Assist.Prof. Mutlu GÜRSOY |
Assistant(s) | |
Aim | All businesses today heavily rely on their information systems. Most cannot operate in today’s highly competitive markets without trusted, timely, and accurate information. That’s why it is very important for organizations and IT professionals to have a solid understanding of the emerging role of “information security” as a prime mechanism to control and manage risk. In this course, within the frame of main goals of information security such as confidentiality, integrity, availability and accountability along with the threats, vulnerabilities, risks and security mechanisms will be handled. |
Course Content | This course contains; Need for Information Security,Security Governance Through Principles and Policies,Risk Management and Business Continuity Planning,Cryptography – Foundations of Cryptography, and Cryptographic Algorithms,Cryptography – Cryptographic Tools and protocols for secure communication,Cryptography – Attacks on Cryptosystems,Security Vulnerabilities, Threats and Countermeasures (Client – Based Systems),Security Vulnerabilities, Threats and Countermeasures (Served – Based Systems and Databases),Physical Security, Personnel Security and Social Engineering,Secure Communications and Network Attacks,Secure Network Architecture and Securing Network Components,Access Control (Identification and Authentication),Access Control (Authorization),Disaster Recovery Planning. |
Dersin Öğrenme Kazanımları | Teaching Methods | Assessment Methods |
1. Will be able to identify relationship between information security and Protecting the organization’s ability to function | 10, 16, 9 | A |
1.1 Describe the location of information security principles and goals such as confidentiality, integrity, availability, and accountability in staying organizations functional | ||
1.2 Explain key security concepts such as threat, vulnerability, attack, threat vector that apply to different information systems categories (hardware, software, networks, phisical location, personnel, etc.) | ||
1.3 Summarize the threat modeling concepts and methodologies | ||
2. Will be able to explain risk assessment process and business impact analysis | 10, 16, 9 | A |
2.1 Express the importance of identifying vulnerabilities and threats | ||
2.2 Excplain the risk management methodologies | ||
2.3 Identify the necessity of documents, policies, standards, procedures, and guidelines in security governance. | ||
2.4 Explain key elements of a business continuity plan | ||
3. Will be able to explain the basic principles of cryptography | 10, 16, 9 | A |
3.1 Explain the difference between symetric key and public key cryptography | ||
3.2 Describe the operating principles of the most popular cryptographic tools | ||
3.3 List the major protocols used for secure communications | ||
3.4 Debate the nature and execution of the dominant methods of attack used against cryptosystems | ||
3.5 Explain the digital signature and Public Key Certificates | ||
3.6 Describe the role of PKI (Public Key Infrastructure) | ||
4. Will be able to Identify the threats posed to information security and the more common attacks associated with those threats, | 10, 16, 9 | A |
4.1 Describe the issues facing software developers, as well as the most common errors made by developers | ||
4.2 Explain how software development programs can create software that is more secure and reliable | ||
4.3 Describe three broad mechanisms malware uses to propagate | ||
4.4 Tell the basic operation of viruses, worms, and trojans | ||
4.5 Compare different approaches to database access control | ||
4.6 Explain the unique security issues related to cloud computing | ||
5. Will be able to debate the relationship between information security and physical security and human resources security | 10, 16, 9 | A |
5.1 Explain the need for the separation of duties | ||
5.2 Illustrate how an organization’s employment policies and practices can support the information security effort | ||
5.3 Explain the social engineering practises in the context of information security | ||
5.4 Describe key physical security considerations, including fire control and surveillance systems | ||
5.5 Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies | ||
6. Will be able to explain security issues in a networked environments | 10, 16, 9 | A |
6.1 Provide an overview of secure network protocols | ||
6.2 Describe firewall technology and the various approaches to firewall implementation | ||
6.3 Describe the technology that enables the use of virtual private networks | ||
6.4 Describe the categories and operating models of intrusion detection and prevention systems | ||
7. Will be able to explain the important role of access control in computerized information systems | 10, 16, 9 | A |
7.1 Explain how access control fits into the broader context that includes authentication, authorization, and audit. | ||
7.2 Define the major categories of access control policies | ||
7.3 Distinguish among subjects, objects, and access rights | ||
7.4 Explain the various methods of access control, including the use of biometric access mechanisms | ||
7.5 Explain the password attack methodologies | ||
8. Will be able to locate disaster recovery planning concept in information security management concept | 10, 16, 9 | A |
8.1 Define the nature of disaster | ||
8.2 Describe recovery strategy and recovery plan development | ||
8.3 Identify importance of training, awareness, and documentation | ||
8.4 Explain importance of the digital forensics |
Teaching Methods: | 10: Discussion Method, 16: Question - Answer Technique, 9: Lecture Method |
Assessment Methods: | A: Traditional Written Exam |
Course Outline
Order | Subjects | Preliminary Work |
---|---|---|
1 | Need for Information Security | |
2 | Security Governance Through Principles and Policies | |
3 | Risk Management and Business Continuity Planning | |
4 | Cryptography – Foundations of Cryptography, and Cryptographic Algorithms | |
5 | Cryptography – Cryptographic Tools and protocols for secure communication | |
6 | Cryptography – Attacks on Cryptosystems | |
7 | Security Vulnerabilities, Threats and Countermeasures (Client – Based Systems) | |
8 | Security Vulnerabilities, Threats and Countermeasures (Served – Based Systems and Databases) | |
9 | Physical Security, Personnel Security and Social Engineering | |
10 | Secure Communications and Network Attacks | |
11 | Secure Network Architecture and Securing Network Components | |
12 | Access Control (Identification and Authentication) | |
13 | Access Control (Authorization) | |
14 | Disaster Recovery Planning |
Resources |
Lecture Notes |
[1] Information Security Fundamentals (2014), T.R.Peltier, Second Edition, CRC Press [2] Modern Cryptography (2016), C.Easttom, McGrawHill [3] CISP Exam Guide (2016), S.Harris, F.Maymi, Seventh Edition, McGrawHill [4] CISP Official Study Guide (2018), Mike Chapple et al, Eighth Edition, John Wiley & Sons [5] Computer Security: Principles and Practice (2012),W.Stallings, L.Brown, Second Edition, Pearson [6] Business Continuity and Disaster Recovery Planning for IT Professionals (2007), S.Snedaker, Elsevier |
Course Contribution to Program Qualifications
Course Contribution to Program Qualifications | |||||||
No | Program Qualification | Contribution Level | |||||
1 | 2 | 3 | 4 | 5 | |||
1 | Defines the theoretical issues in the field of information and management. | X | |||||
2 | Describes the necessary mathematical and statistical methods in the field of information and management. | ||||||
3 | Uses at least one computer program in the field of information and management. | ||||||
4 | Sustains proficiency in a foreign language requiredor information and management studies. | ||||||
5 | Prepares informatics/software projects and work in a team. | X | |||||
6 | Constantly updates himself / herself by following developments in science and technology with an understanding of the importance of lifelong learning through critically evaluating the knowledge and skills that s/he has got.7. Uses theoretical and practical expertise in the field of information and management | X | |||||
7 | Follows up-to-date technology using a foreign language at least A1 level, holds verbal / written communication skills. | X | |||||
8 | Follows up-to-date technology using a foreign language at least A1 level, holds verbal / written communication. | ||||||
9 | Adopts organizational / institutional and social ethical values. | X | |||||
10 | Within the framework of community involvement adopts social responsibility principles and takes initiative when necessary. | ||||||
11 | Uses and analyses basic facts and data in various disciplines (economics, finance, sociology, law, business) in order to conduct interdisciplinary studies. | X | |||||
12 | Writes software in different platforms such as desktop, mobile, web on its own and / or in a team. |
Assessment Methods
Contribution Level | Absolute Evaluation | |
Rate of Midterm Exam to Success | 20 | |
Rate of Final Exam to Success | 80 | |
Total | 100 |