• HOME
• ABOUT US
  • Name Address
  • General Description
  • Governance
  • Academic Calendar
  • Degree Programmes
  • List of Programmes in English
  • General Admission and Registration Procedures
  • Credit Mobility and Recognition of Prior Learning
  • ECTS Credit Allocation
  • Academic Guidance
  • Contacts
• Degree Programmes
  • Third Cycle Programmes (Doctorate Degree)
  • Second Cycle Programmes (Master's Degree)
  • First Cycle Programmes (Bachelor's Degree)
  • Short Cycle Programmes (Associate's Degree)
• GENERAL INFORMATION FOR STUDENTS
  • Cost of Living
  • Accommodation
  • Meals
  • Medical Facilities
  • Facilities for Disabled Students
  • Insurance
  • Financial Supports
  • Student Affairs Office
  • Practical Information for International Students
  • Language Courses
  • Work Placement Possibilities
  • Sports, Social and Cultural Facilities
  • Student Associations and Clubs
  • About İzmir - Turkey
• INTERNATIONAL RELATIONS
  • International Relations Office
  • Registration Procedures
  • Agreements
  • Coordinators
  • Documents
  • List of Programmes in English
  • ECTS / DS Labels

Description of Individual Course Units

Course Unit Code Course Unit Title Type Of Course D U L ECTS YBS 4004 SYSTEM SECURITY COMPULSORY 3 0 0 4

Offered By

Management Information Systems

Level of Course Unit

First Cycle Programmes (Bachelor's Degree)

Course Coordinator

PROFESSOR VAHAP TECIM

Offered to

Management Information Systems

Course Objective

Giving students point of view about basic principles of system security management and system security risk management.

Learning Outcomes of the Course Unit

1   Being able to do formal system security risk analysis and risk evaluation applying some methodologies 2   Involving in firms with ISMS projects 3   Having general information about business process analysis and data security management 4   Having information about general and related data security and risk standards mentioned in ISO 5   Making involved in companies/organizations having ISO 27001 certification 6   Developing theoratical and practical information experience in ISMS projects;creating risk management,policies and procedures,providing technical and administrative controls.

Mode of Delivery

Face -to- Face

Prerequisites and Co-requisites

None

Recomended Optional Programme Components

None

Course Contents

Week Subject Description 1 Introduction to system security and risks; basic concepts and terminologies 2 Data security management - 1;international standards;methodologies;the best applications 3 Data security management -2 :ISMS,ISO 27001,ISO 27002,PDCA model,business processes and relationship wit data security,concepts of risk-oriented management 4 ISMS in ISO/IEC 27001;important phases,control,risk analysis and evaluation,monitoring,audits,ISO 27001 cetificate 5 Application of ISMS with the help of ISO/IEC 27001;phases;critical success factors;methods;the best applications,case studies constitutes business life. 6 Decreasing risks and ISO27001 data security risks;security controls;security solutions;principles;technological aspects;administrative aspects of ISO 27001 control;applying controls with the help of ISO 27002,applied seminars 7 General data security analysis.Qualitative data security risk analysis and evaluation 8 Mid-Term 9 Mid-Term 10 Qualitative data security risk analysis evaluation;statistical concepts;tools,software,application and case studies. Seminars. 11 Quantitative data security risk analysis evaluation;statistical background,tools,software,application and case studies. Seminars 12 Other data security risk analysis evaluation methods;and related statistical methods,tools,software,application and case studies. Seminars 13 ISO/IEC 27005 data security risk management standard;introduction,approach to risk concept,methodologies,concepts 14 27005 tools and the best practices;case studies about implementation and application of ISO/IEC in business life.

Recomended or Required Reading

Main Textbook: ISO/IEC, 2005. ISO/IEC 27001:2005 Information Security Management Systems. International Organization for Standardization. ISO/IEC, 2008. ISO/IEC 27005:2008. Information Security Risk Management System. International Organization for Standardization. Peltier, T. R., 2001. Information Security Risk Analysis. Auerbach Yayınları.

Planned Learning Activities and Teaching Methods

Assessment Methods

SORTING NUMBER SHORT CODE LONG CODE FORMULA 1 MTE MIDTERM EXAM 2 MTEG MIDTERM GRADE MTEG * 1 3 FIN FINAL EXAM 4 FCGR FINAL COURSE GRADE MTEG * 0.40 + FIN * 0.60 5 RST RESIT 6 FCGR FINAL COURSE GRADE (RESIT) MTEG * 0.40 + RST * 0.60 *** Resit Exam is Not Administered in Institutions Where Resit is not Applicable.

Further Notes About Assessment Methods

None

Assessment Criteria

Students will undergo two exams, one mid-term and one final.

Language of Instruction

Turkish

Course Policies and Rules

The rules applied by the department is valid.

Contact Details for the Lecturer(s)

To be announced.

Office Hours

To be announced.

Work Placement(s)

None

Workload Calculation

Activities Number Time (hours) Total Work Load (hours) Lectures 12 3 36 Preparations before/after weekly lectures 12 3 36 Preparation for midterm exam 1 10 10 Preparation for final exam 1 15 15 Midterm 1 1 1 Final 1 1 1 TOTAL WORKLOAD (hours) 99

Contribution of Learning Outcomes to Programme Outcomes

PO/LO PO.1 PO.2 PO.3 PO.4 PO.5 PO.6 PO.7 PO.8 PO.9 PO.10 PO.11 PO.12 PO.13 LO.1 5 5 LO.2 5 5 LO.3 5 5 LO.4 5 5 LO.5 5 5 LO.6 5 5