COURSE UNIT TITLE

: INFORMATION SECURITY MANAGEMENT SYSTEM IN BUSINESS

Description of Individual Course Units

Course Unit Code Course Unit Title Type Of Course D U L ECTS
QMT 4231 INFORMATION SECURITY MANAGEMENT SYSTEM IN BUSINESS ELECTIVE 3 0 0 5

Offered By

BUSINESS ADMINISTRATION

Level of Course Unit

First Cycle Programmes (Bachelor's Degree)

Course Coordinator

ASSOCIATE PROFESSOR GÜZIN ÖZDAĞOĞLU

Offered to

BUSINESS ADMINISTRATION

Course Objective

The aim of the course is to develop understanding of the principles of information security management that are commonly used in business by introducing the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.

Learning Outcomes of the Course Unit

1   Have an understanding of the key themes and principles of informaiton security management
2   Describe the need for and development of information security policies, and identify guidelines and models for writing policies
3   Understand how to apply the principles of information security management in a variety of contexts and standards;
4   Explain integral parts of overall good information security practices;
5   Be able to apply the principles and policies in designing solutions to managing security risks effectively;
6   Have an appreciation of the interrelationship between the various elements of information security management and its role in protecting organisations.

Mode of Delivery

Face -to- Face

Prerequisites and Co-requisites

None

Recomended Optional Programme Components

None

Course Contents

Week Subject Description
1 Information Systems Security: Nature and Scope
2 Security of Technical Systems in Organizations
3 Models for Technical Specification of Information Security
4 Planning and Designing Information Security System
5 Planning and Designing Information Security System Case discussions
6 Developing Security Policy Case discussions
7 Information System Risk Management: Introduction to Techniques
8 Information System Risk Management: Techniques
9 Information Security Systems Standards Case discussions
10 Information Security Systems Standards
11 Student Project Presentations
12 Student Project Presentations

Recomended or Required Reading

1. Information Security Governance, a Practical Development and Implementation Approach, Krag Brotby, 2009, Wiley Inc., ISBN: 978-0470-13118-3.
2. Principles of Information Systems Security: Texts and Cases, Gurpreet Dhillon, 2007, Wiley Inc. ISBN 978-0-470-55978-9
3. Implementing the ISO/IEC 27001 Information Security Management System Standard. By Edward Humphreys. Published by Artech House Publishers.

Planned Learning Activities and Teaching Methods

1. Lecture
Lectures will cover theoretical basis of information security problems, criteria and related standards, i.e., ISO 27001, and class discussions will be carried out over the case studies. Cases will be handled within class activities, but, a report will be prepared for each case as a home activity.
2. Groupwork
According to the number of students, small groups are constructed, and each group will manage a project base on designing information security management system within a virtual company.
3. Presentations
Projects will be presented and discussed in the last weeks of the semester.

Assessment Methods

SORTING NUMBER SHORT CODE LONG CODE FORMULA
1 MTE MIDTERM EXAM
2 PRJ PROJECT
3 CAS CASE STUDY
4 FIN FINAL EXAM
5 FCG FINAL COURSE GRADE MTE*0.20+PRJ*0.30+CAS*0.20+FIN*0.30


*** Resit Exam is Not Administered in Institutions Where Resit is not Applicable.

Further Notes About Assessment Methods

1. Case Assignments
There will be few particular cases, and these cases will be analyzed in each phase of technology management.
2. Group Project
There will be just one term project that is handled in a group. The group project will be evaluated through context, detail level, report context and format, and presentation effort.
3. Midterm
Midterm exam will cover multiple choice and essay questions.
4. Final Exam
Final exam will cover multiple choice and essay questions.

Assessment Criteria

1. Case reports should be complete and submitted on time.
2. Members of the groups should demonstrate their individual knowledge and ability during presentations and discussions.
3. Reports and homework papers should be prepared according to specific academic format, i.e., APA..

Language of Instruction

English

Course Policies and Rules

1. Attending at least 70 percent of lectures is mandatory.
2. Plagiarism of any type will result in disciplinary action.
3. Participation in class discussions is required. The subject matter is mastered through student s active participation and practice.
4. Students should submit the homework a week after the related chapter is completed.
5. This course is designed to encourage student participation and practice.

Contact Details for the Lecturer(s)

guzin.kavrukkoca@deu.edu.tr

Office Hours

To be announced.

Work Placement(s)

None

Workload Calculation

Activities Number Time (hours) Total Work Load (hours)
Lectures 12 2 24
Tutorials 12 1 12
Preparations before/after weekly lectures 8 3 24
Preparation for midterm exam 1 16 16
Preparation for final exam 1 16 16
Preparation for quiz etc. 0 0 0
Preparing assignments 2 4 8
Preparing presentations 1 25 25
Final 1 1,5 2
Midterm 1 1,5 2
Quiz etc. 0 0 0
TOTAL WORKLOAD (hours) 129

Contribution of Learning Outcomes to Programme Outcomes

PO/LOPO.1PO.2PO.3PO.4PO.5PO.6PO.7PO.8PO.9PO.10PO.11PO.12PO.13PO.14PO.15
LO.1221
LO.231222
LO.311532
LO.4121222
LO.513322231232
LO.6123434142