COURSE UNIT TITLE

: INFORMATION SECURITY MANAGEMENT

Description of Individual Course Units

Course Unit Code Course Unit Title Type Of Course D U L ECTS
CSC 5016 INFORMATION SECURITY MANAGEMENT ELECTIVE 3 0 0 8

Offered By

Graduate School of Natural and Applied Sciences

Level of Course Unit

Second Cycle Programmes (Master's Degree)

Course Coordinator

ASSISTANT PROFESSOR ERDEM ALKIM

Offered to

Ph.D. in Computer Science (English)
Computer Science

Course Objective

This course aims to provide the students with an overview of the field of information security and assurance including risk based security activities, methods, methodologies, and procedures. It aims to convey the key elements of risk facing any given enterprise as well as the options and resources available to that enterprise to address these risk elements. It also aims to focus on the elements of risk assessment and operational business continuity using the international security management standards, models and methodologies. It aims to provide the students a comprehensive knowledge to establish information security management by the aid of qualitative, quantitative, non-linear or other mathematical and statistical methods.

Learning Outcomes of the Course Unit

1   Demonstrate both theoretical and practical knowledge and skills to manage information security system projects including risk management.
2   Develop an understanding of the basic tools, models and techniques used in security risk assessment of information systems.
3   Learn the different international risk management frameworks from entities such as ISO.
4   Demonstrate an understanding of handling each of the phases throughout an entire information security management system.
5   Develop basic skills to establish and manage an information security management system in an organization.

Mode of Delivery

Face -to- Face

Prerequisites and Co-requisites

None

Recomended Optional Programme Components

None

Course Contents

Week Subject Description
1 Introduction to risk and information security risks; basic standards, methods and terminologies.
2 Information theory, entropy, quantities of information, uncertainty, computational methodologies for value of information.
3 ISO/IEC 27001 information security management standard; introduction, approach to risk concept and methodologies. ISO/IEC 27005 risk management methodology Part 1: Risk identification, risk analysis, risk assessment, risk treatment.
4 ISO/IEC 27001 security management methodology Part 2: Risk identification, risk analysis, risk assessment, risk treatment in detail. Examples and relevant case studies. Assignment discussion.
5 Information security management system - ISMS, ISO 27001, ISO 27002, PDCA model, business processes and its relations with information security, risk oriented management concepts. Risks and mitigation of information security risks in ISO27001, security controls, security solutions, policies, technological aspects, managerial aspects in ISO 27001 controls.
6 Qualitative methods in information security risk analysis and assessment Part 1; statistical and theoretical concepts, discretization of data, tools, software, implementations and case studies.
7 Qualitative methods in information security risk analysis and assessment Part 2; some other qualitative methods. Workshop. Assignment discussion.
8 Recap
9 Quantitative methods in information security risk analysis and assessment Part 1; statistical and theoretical concepts, tools, software, implementations and case studies.
10 Quantitative methods in information security risk analysis and assessment Part 2; statistical and theoretical concepts, tools, software, implementations and case studies.

Recomended or Required Reading

Textbook(s): Layton, T. P., Information Security; Design, Implementation, Measurement and Compliance. Auerbach Publications, 2007.
Supplementary Book(s): ISO/IEC, ISO/IEC 27001:2013. Information Security Management System. International Organization for Standardization, 2013.

Planned Learning Activities and Teaching Methods

The course is taught in a lecture, class presentation and discussion format. Besides the taught lecture, group presentations are to be prepared by the groups assigned and presented in a discussion session. In some weeks of the course, results of the homework given previously are discussed.

Assessment Methods

SORTING NUMBER SHORT CODE LONG CODE FORMULA
1 PRJ PROJECT
2 MTE MIDTERM EXAM
3 FIN FINAL EXAM
4 FCG FINAL COURSE GRADE PRJ * 0.30 + MTE * 0.30 + FIN * 0.40
5 RST RESIT
6 FCGR FINAL COURSE GRADE (RESIT) PRJ * 0.30 + MTE * 0.30 + RST * 0.40


Further Notes About Assessment Methods

None

Assessment Criteria

To be announced.

Language of Instruction

English

Course Policies and Rules

To be announced.

Contact Details for the Lecturer(s)

To be announced.

Office Hours

To be announced.

Work Placement(s)

None

Workload Calculation

Activities Number Time (hours) Total Work Load (hours)
Lectures 13 3 39
Preparations before/after weekly lectures 13 4 52
Preparation for midterm exam 1 20 20
Preparation for final exam 1 20 20
Preparing assignments 2 20 40
Preparing presentations 2 15 30
Final 1 2 2
Midterm 1 2 2
TOTAL WORKLOAD (hours) 205

Contribution of Learning Outcomes to Programme Outcomes

PO/LOPO.1PO.2PO.3PO.4PO.5PO.6PO.7PO.8PO.9PO.10
LO.1444454555
LO.25454354554
LO.3454555555
LO.45454344554
LO.5544454555