COURSE UNIT TITLE

: INFORMATION SECURITY MANAGEMENT SYSTEM IN BUSINESS

Description of Individual Course Units

Course Unit Code Course Unit Title Type Of Course D U L ECTS
QMT 4231 INFORMATION SECURITY MANAGEMENT SYSTEM IN BUSINESS ELECTIVE 3 0 0 5

Offered By

BUSINESS ADMINISTRATION

Level of Course Unit

First Cycle Programmes (Bachelor's Degree)

Course Coordinator

PROFESSOR DOCTOR GÜZIN ÖZDAĞOĞLU

Offered to

BUSINESS ADMINISTRATION

Course Objective

The aim of the course is to develop understanding of the principles of information security management that are commonly used in business by introducing the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.

Learning Outcomes of the Course Unit

1   Have an understanding of the key themes and principles of informaiton security management
2   Describe the need for and development of information security policies, and identify guidelines and models for writing policies
3   Understand how to apply the principles of information security management in a variety of contexts and standards;
4   Explain integral parts of overall good information security practices;
5   Be able to apply the principles and policies in designing solutions to managing security risks effectively;
6   Have an appreciation of the interrelationship between the various elements of information security management and its role in protecting organisations.

Mode of Delivery

Face -to- Face

Prerequisites and Co-requisites

None

Recomended Optional Programme Components

None

Course Contents

Week Subject Description
1 Information Systems Security: Nature and Scope
2 Security of Technical Systems in Organizations
3 Security of Technical Systems in Organizations
4 Models for Technical Specification of Information Security
5 Models for Technical Specification of Information Security
6 Planning and Designing Information Security System
7 Planning and Designing Information Security System Case discussions
8 Developing Security Policy Case discussions
9 Information System Risk Management: Introduction to Techniques
10 Information System Risk Management: Techniques
11 Information Security Systems Standards Case discussions
12 Information Security Systems Standards
13 Student Project Presentations
14 Student Project Presentations

Recomended or Required Reading

1. Information Security Governance, a Practical Development and Implementation Approach, Krag Brotby, 2009, Wiley Inc., ISBN: 978-0470-13118-3.
2. Principles of Information Systems Security: Texts and Cases, Gurpreet Dhillon, 2007, Wiley Inc. ISBN 978-0-470-55978-9
3. Implementing the ISO/IEC 27001 Information Security Management System Standard. By Edward Humphreys. Published by Artech House Publishers.

Planned Learning Activities and Teaching Methods

1. Lecture
Lectures will cover theoretical basis of information security problems, criteria and related standards, i.e., ISO 27001, and class discussions will be carried out over the case studies. Cases will be handled within class activities, but, a report will be prepared for each case as a home activity.
2. Groupwork
According to the number of students, small groups are constructed, and each group will manage a project base on designing information security management system within a virtual company.
3. Presentations
Projects will be presented and discussed in the last weeks of the semester.

Assessment Methods

SORTING NUMBER SHORT CODE LONG CODE FORMULA
1 MT Midterm
2 ASS Assignment
3 FN Final
4 FCG FINAL COURSE GRADE MT * 0.35 +ASS * 0.25 + FN * 0.40
5 RST RESIT
6 FCGR FINAL COURSE GRADE (RESIT) MT * 0.35 + ASS * 0.25 + RST * 0.40


*** Resit Exam is Not Administered in Institutions Where Resit is not Applicable.

Further Notes About Assessment Methods

1. Case Assignments
There will be few particular cases, and these cases will be analyzed in each phase of technology management.
2. Group Project
There will be just one term project that is handled in a group. The group project will be evaluated through context, detail level, report context and format, and presentation effort.
3. Midterm
Midterm exam will cover multiple choice and essay questions.
4. Final Exam
Final exam will cover multiple choice and essay questions.

Assessment Criteria

1. Case reports should be complete and submitted on time.
2. Members of the groups should demonstrate their individual knowledge and ability during presentations and discussions.
3. Reports and homework papers should be prepared according to specific academic format, i.e., APA..

Assignment Rubric
1. Project Planning and Design (20%)
Excellent (A): Demonstrates a comprehensive understanding of the project requirements with a well-structured and innovative project plan. Clearly identifies objectives, scope, and methodologies.
Good (B): Provides a solid project plan with clear objectives and methodologies. Minor gaps in structure or innovation.
Satisfactory (C): Outlines a basic project plan with general objectives and methodologies. Some gaps in planning and structure.
Needs Improvement (D/F): Lacks a coherent project plan. Objectives, scope, and methodologies are poorly defined or missing.
2. Application of ISMS Principles (25%)
Excellent (A): Expertly applies ISMS principles and standards to the project. Demonstrates a deep understanding of ISMS frameworks and effectively integrates them into the project.
Good (B): Applies ISMS principles and standards correctly with minor errors or omissions. Shows a solid understanding of ISMS frameworks.
Satisfactory (C): Basic application of ISMS principles and standards with significant gaps. Limited integration of ISMS frameworks.
Needs Improvement (D/F): Struggles to apply ISMS principles and standards. Misunderstands or overlooks key ISMS frameworks.
3. Technical Execution (20%)
Excellent (A): Uses technical tools and methodologies proficiently to achieve project objectives. Shows innovation and technical expertise.
Good (B): Competent use of technical tools and methodologies with minor issues. Achieves project objectives with some level of proficiency.
Satisfactory (C): Basic use of technical tools and methodologies. Some objectives met, but lacks proficiency and innovation.
Needs Improvement (D/F): Poor or incorrect use of technical tools and methodologies. Fails to meet project objectives.
4. Analysis and Critical Thinking (15%)
Excellent (A): Provides comprehensive analysis of project outcomes. Demonstrates exceptional critical thinking in identifying strengths, weaknesses, opportunities, and threats.
Good (B): Solid analysis of outcomes with critical insights. Identifies key strengths and weaknesses effectively.
Satisfactory (C): Basic analysis with limited critical insights. Some identification of strengths and weaknesses.
Needs Improvement (D/F): Limited or superficial analysis. Struggles to identify project outcomes or critical insights.
5. Presentation and Reporting (20%)
Excellent (A): Exceptional presentation of the project. Clear, coherent, and persuasive reporting of findings, methodologies, and analysis. Professional use of visuals and documentation.
Good (B): Good presentation skills with clear reporting of key findings and methodologies. Effective use of visuals and documentation with minor errors.
Satisfactory (C): Basic presentation skills. Reports findings and methodologies with some clarity. Visuals and documentation lack polish.
Needs Improvement (D/F): Poor presentation skills. Incoherent reporting of findings and methodologies. Ineffective or missing visuals and documentation.

Language of Instruction

English

Course Policies and Rules

1. Attending at least 70 percent of lectures is mandatory.
2. Plagiarism of any type will result in disciplinary action.
3. Participation in class discussions is required. The subject matter is mastered through student s active participation and practice.
4. Students should submit the homework a week after the related chapter is completed.
5. This course is designed to encourage student participation and practice.

Contact Details for the Lecturer(s)

guzin.kavrukkoca@deu.edu.tr

Office Hours

To be announced.

Work Placement(s)

None

Workload Calculation

Activities Number Time (hours) Total Work Load (hours)
Lectures 14 2 28
Tutorials 14 1 14
Preparations before/after weekly lectures 8 3 24
Preparation for midterm exam 1 16 16
Preparation for final exam 1 16 16
Preparation for quiz etc. 0 0 0
Preparing assignments 2 4 8
Preparing presentations 1 25 25
Final 1 1,5 2
Midterm 1 1,5 2
Quiz etc. 0 0 0
TOTAL WORKLOAD (hours) 135

Contribution of Learning Outcomes to Programme Outcomes

PO/LOPO.1PO.2PO.3PO.4PO.5PO.6PO.7PO.8PO.9PO.10PO.11PO.12PO.13PO.14PO.15
LO.1221
LO.231222
LO.311532
LO.4121222
LO.513322231232
LO.6123434142