| Code |
Name of the Course Unit |
Semester |
In-Class Hours (T+P) |
Credit |
ECTS Credit |
| BGT252 |
INFORMATION SECURITY MANAGEMENT |
4 |
2 |
2 |
4 |
GENERAL INFORMATION |
| Language of Instruction : |
Turkish |
| Level of the Course Unit : |
, TYY: + , EQF-LLL: , QF-EHEA: |
| Type of the Course : |
Compulsory |
| Mode of Delivery of the Course Unit |
- |
| Coordinator of the Course Unit |
|
| Instructor(s) of the Course Unit |
|
| Course Prerequisite |
No |
OBJECTIVES AND CONTENTS |
| Objectives of the Course Unit: |
Information Security Management, ISO 27001 standard aims to ensure that institutions have knowledge and experience on how to prepare risk management and risk processing plans, duties and responsibilities, business continuity plans, emergency incident management procedures and how to keep records of these in practice, how institutions should publish an information security policy that includes all these activities, and how to raise awareness of their personnel about information security and threats. |
| Contents of the Course Unit: |
Information Security Fundamentals and Threats, Information Security structure and Information Security system development cycle, Information Security system policies, Classification of Assets, Access Control and Physical Security, Information Security Risk Analysis/Distribution of final projects, Information Security Risk management, Business continuity management, ISGM framework systems and ISO27001, BG Violation incidents Management, Information Security Legal issues/Final project interim controls. |
KEY LEARNING OUTCOMES OF THE COURSE UNIT (On successful completion of this course unit, students/learners will or will be able to) |
| Knows the characteristics of Information Security (Confidentiality, Integrity, and Availability). |
| Understands and applies Information Security Management principles in business environments. |
| Defines roles and responsibilities related to information security. |
| Identifies and prioritizes information assets and identifies threats to assets. |
| Calculates and manages information security risks. |
| Defines an Information Security strategy and architecture. |
| Applies the ISO 27001 standard in a real project. |
WEEKLY COURSE CONTENTS AND STUDY MATERIALS FOR PRELIMINARY & FURTHER STUDY |
| Week |
Preparatory |
Topics(Subjects) |
Method |
| 1 |
- |
Information security management system: Basic Concepts |
Expression |
| 2 |
Research |
Information security management standards (ISO) |
Expression |
| 3 |
Research |
Information security management standards (ISO) |
Expression |
| 4 |
Research |
Information security management standards (COBIT, ITIL, NIST) |
Expression |
| 5 |
Research |
Plan-Do-Check-Act approach |
Expression |
| 6 |
Research |
Establishing ISO27001 in an Organization: The Planning Phase |
Expression |
| 7 |
Research |
Establishing ISO27001 in an Organization: The Planning Phase |
Expression |
| 8 |
- |
MID-TERM EXAM |
- |
| 9 |
Research |
Establishing ISO27001 in an Organization: The Planning Phase |
Expression |
| 10 |
Research |
Establishing ISO27001 in an Organization: The Implementation Phase |
Expression |
| 11 |
Research |
Establishing ISO27001 in an Organization: The Check Phase |
Expression |
| 12 |
Research |
Establishing ISO27001 in an Organization: The Take Action Phase |
Expression |
| 13 |
Research |
Information security management system implementation steps |
Expression |
| 14 |
Research |
Annex SL structure |
Expression |
| 15 |
Research |
Standards: mandatory items Standards: Matters to be considered in practice |
Expression |
| 16 |
- |
FINAL EXAM |
- |
| 17 |
- |
FINAL EXAM |
- |
SOURCE MATERIALS & RECOMMENDED READING |
| Security in Computing, Charles Pfleeger, Fourth Edition, 2007. |
| Information Security Management System ISO 27001:2013 Implementation Guide, Faruk Çubukçu, Pusula 20 Technology and Publishing, 1st Edition: November 2018 |
ASSESSMENT |
| Assessment & Grading of In-Term Activities |
Number of Activities |
Degree of Contribution (%) |
Description |
Examination Method |
| Mid-Term Exam |
1 |
50 |
|
|
| Final Exam |
1 |
50 |
|
|
| TOTAL |
2 |
100 |
|
|
| Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
CONTRIBUTION OF THE COURSE UNIT TO THE PROGRAMME LEARNING OUTCOMES
KNOWLEDGE |
Theoretical |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Knows the necessary terms and information in the computer field.
|
|
|
|
|
|
|
| 2 |
Gains knowledge of the concept of information security.
|
|
|
|
|
|
|
KNOWLEDGE |
Factual |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Gains the ability to learn the necessary concepts in the computer field.
|
|
|
|
|
|
|
SKILLS |
Cognitive |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Ability to identify, define, formulate and solve complex Information Security problems; for this purpose, the ability to select and apply appropriate analysis and modeling methods
|
|
|
|
|
|
|
SKILLS |
Practical |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Ability to design a complex computer-based system, process, security to meet specific requirements under realistic constraints and conditions; for this purpose, the ability to apply modern design methods.
|
|
|
|
|
|
|
OCCUPATIONAL |
Autonomy & Responsibility |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Ability to design, conduct experiments, collect data, analyze and interpret results for examining Information Security problems
|
|
|
|
|
|
|
| 2 |
Ability to work effectively within the discipline of Information Security and in multi-disciplinary teams; individual study skills
|
|
|
|
|
|
|
| 3 |
Professional and ethical responsibility awareness
|
|
|
|
|
|
|
| 4 |
Knowledge of project management and business practices such as risk management and change management; awareness of entrepreneurship, innovation and sustainable development
|
|
|
|
|
|
|
OCCUPATIONAL |
Learning to Learn |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Ability to develop, select and use modern techniques and tools required for Information Security applications
|
|
|
|
|
|
|
| 2 |
Awareness of the necessity of lifelong learning; ability to access information, follow developments in science and technology, and constantly renew oneself
|
|
|
|
|
|
|
OCCUPATIONAL |
Communication & Social |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Ability to communicate effectively in Turkish orally and in writing, foreign language knowledge
|
|
|
|
|
|
|
OCCUPATIONAL |
Occupational and/or Vocational |
|
Programme Learning Outcomes |
Level of Contribution |
| 0 |
1 |
2 |
3 |
4 |
5 |
| 1 |
Information about the effects of Information Security practices on health, environment and security in universal and social dimensions and the problems of the age; Awareness of the legal consequences of Information Security solutions
|
|
|
|
|
|
|
WORKLOAD & ECTS CREDITS OF THE COURSE UNIT |
Workload for Learning & Teaching Activities |
| Type of the Learning Activites |
Learning Activities (# of week) |
Duration (hours, h) |
Workload (h) |
| Lecture & In-Class Activities |
14 |
2 |
28 |
| Preliminary & Further Study |
14 |
2 |
28 |
| Land Surveying |
0 |
0 |
0 |
| Group Work |
0 |
0 |
0 |
| Laboratory |
0 |
0 |
0 |
| Reading |
0 |
0 |
0 |
| Assignment (Homework) |
0 |
0 |
0 |
| Project Work |
2 |
2 |
4 |
| Seminar |
0 |
0 |
0 |
| Internship |
0 |
0 |
0 |
| Technical Visit |
0 |
0 |
0 |
| Web Based Learning |
0 |
0 |
0 |
| Implementation/Application/Practice |
0 |
0 |
0 |
| Practice at a workplace |
0 |
0 |
0 |
| Occupational Activity |
0 |
0 |
0 |
| Social Activity |
0 |
0 |
0 |
| Thesis Work |
0 |
0 |
0 |
| Field Study |
0 |
0 |
0 |
| Report Writing |
0 |
0 |
0 |
| Final Exam |
1 |
1 |
1 |
| Preparation for the Final Exam |
14 |
2 |
28 |
| Mid-Term Exam |
1 |
1 |
1 |
| Preparation for the Mid-Term Exam |
7 |
2 |
14 |
| Short Exam |
0 |
0 |
0 |
| Preparation for the Short Exam |
0 |
0 |
0 |
| TOTAL |
53 |
0 |
104 |
|
Total Workload of the Course Unit |
104 |
|
|
Workload (h) / 25.5 |
4,1 |
|
|
ECTS Credits allocated for the Course Unit |
4,0 |
|