| Course Objectives: |
Security weaknesses in the information and communication systems can lead to the failure or misuse of these systems, loss of life, large-scale economic damage, deterioration of public order and / or violation of national security. With this course, it is aimed to understand the security weaknesses / threats existing in information systems and to raise awareness about the measures to be taken against cyber attacks. |
| Course Content: |
Virtual machine setup for Lab, introduction to Linux operation, basic network concepts, targeted information gathering and vulnerability analysis, Reverse Shell Bind Shell concepts, exploit development, explotation framework and automated tools, network security tests, file transfers and tunneling techniques, password attacks, DOS (Denail of Service) decommission attack tests, security tests for wireless networks, web openings and testing methods, security test applications on voip networks, social engineering, pivoting, pentest report writing |
Course Learning Outcomes (CLOs) are those describing the knowledge, skills and competencies that students are expected to achieve upon successful completion of the course. In this context, Course Learning Outcomes defined for this course unit are as follows:
| Week |
Subject |
Materials Sharing * |
|
Related Preparation |
Further Study |
| 1) |
Introduction and Basic Concepts
What is cybersecurity?
Concepts of threat, vulnerability, and attack
History of cyberattacks
Overview of the cybersecurity field
Current cyber threats |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Read introductory materials on cybersecurity definitions and key concepts.
Research major historical cyberattacks (e.g., Morris Worm, WannaCry).
Familiarize yourself with current cybersecurity threats in the news.
News Clippings: Recent cyber threats and incidents (e.g., ransomware attacks)
Materyal
|
|
| 2) |
Fundamentals of Information Security
Fundamental principles of information security: Confidentiality, Integrity, Availability (CIA Triad)
Information security management processes
Information security policies |
Review the CIA Triad (Confidentiality, Integrity, Availability) model.
Read about basic information security management practices.
Case Study: implementing an Information Security Policy"
Video: BTK Academy - Introduction to Cybersecurity
|
|
| 3) |
Fundamentals of Information Security
Core principles of information security: Confidentiality, Integrity, Availability (CIA Triad)
Information security management processes
Information security policies
|
Learn about the different types of network security devices (firewalls, VPNs, etc.).
Read an introduction to network vulnerabilities and attacks.
Tutorial: Setting Up a Firewall and VPN
Case Study: The Impact of Network Vulnerabilities on Enterprises
|
|
| 4) |
Basics of Cryptography
What is encryption and cryptography?
Symmetric and asymmetric encryption methods
SSL/TLS and secure data transmission
Key cryptographic algorithms |
Review basic encryption concepts (symmetric vs. asymmetric encryption).
Study SSL/TLS and its role in secure communications.
Online Tutorial: "How SSL and TLS Work"
Lab: "Implementing Symmetric and Asymmetric Encryption"
|
|
| 5) |
What is block cipher?
Block cipher algorithms (e.g., DES, AES)
Block cipher modes: ECB, CBC, CFB, OFB
Applications of block cipher
|
Learn about block cipher and the algorithms used.
Study popular algorithms like DES and AES.
Materials:
Textbook: Block Cipher Algorithms chapter
Tutorial: Block Cipher Modes and Applications
|
|
| 6) |
Stream Cipher Methods
What is stream cipher?
Stream cipher algorithms (e.g., RC4)
Comparison between block and stream ciphers
Applications and vulnerabilities of stream ciphers |
Stream Cipher Methods
Pre-Preparation:
Research stream cipher methods.
Learn the differences between block and stream ciphers.
Materials:
Textbook: "Stream Cipher and Applications" chapter
Tutorial: "Comparison Between Block and Stream Ciphers"
|
|
| 7) |
Authentication and Authorization
What is authentication?
Authorization and access controls
Multi-factor authentication (MFA)
Secure password management |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Authentication and Authorization
Pre-Preparation:
Study authentication and authorization systems.
Learn about multi-factor authentication (MFA).
Materials:
Textbook: "Authentication and Authorization" chapter
Tutorial: "MFA: Enhancing Security"
|
|
| 8) |
Midterm |
|
|
| 9) |
Malware
Types of malware: Viruses, worms, trojans, ransomware
Ways malware spreads and prevention methods
Antivirus and anti-malware software |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Malware
Pre-Preparation:
Learn about different types of malware (viruses, worms, trojans).
Study antivirus and anti-malware solutions.
Materials:
Textbook: "Malware and Prevention Methods" chapter
Case Study: "Fighting Against Ransomware"
|
|
| 10) |
Web Security
Basics of web application security
SQL injection, XSS, and other web attacks
Secure web application development
Web security testing tools |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Web Security
Pre-Preparation:
Learn about web application security.
Research common web attacks like SQL injection and XSS.
Materials:
Textbook: "Fundamentals of Web Security" chapter
Tutorial: "Key Considerations in Web Application Security"
|
|
| 11) |
Social Engineering and Human Factor
Social engineering attacks
Types of attacks such as phishing and spear phishing
Human factor and awareness training
Safe behavior habits |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Research social engineering attacks.
Learn about attack types like phishing and spear phishing.
Materials:
Textbook: "Social Engineering and Awareness" chapter
Tutorial: "The Human Factor and Security"
|
|
| 12) |
Email and Communication Security
Email security threats: Phishing, spam
Email encryption methods
Secure messaging applications and data protection
|
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Email and Communication Security
Pre-Preparation:
Examine email security threats.
Learn about email encryption methods.
Materials:
Textbook: "Email Security" chapter
Tutorial: "Secure Messaging Applications"
|
|
| 13) |
Intrusion Detection and Prevention Systems (IDS/IPS)
Introduction to intrusion detection systems (IDS)
Intrusion prevention systems (IPS) and differences
Security information and event management (SIEM)
Security auditing and log analysis
|
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Learn about intrusion detection and prevention systems.
Research the concept of security information and event management (SIEM).
Materials:
Textbook: "IDS/IPS Systems" chapter
Tutorial: "SIEM and Security Auditing"
|
|
| 14) |
Cloud Security
Advantages and risks of cloud computing
Security measures by cloud service providers
Cloud data encryption and access control
Cloud security standards and compliance
|
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Examine the advantages and risks of cloud computing.
Learn about security measures by cloud service providers.
Materials:
Textbook: "Cloud Security" chapter
Case Study: "Security Strategies in Cloud Computing"
|
|
| 15) |
Careers and Trends in Cybersecurity
Cybersecurity careers and career paths
Certifications (CEH, CISSP, CISM, etc.)
Current technologies and future trends in cybersecurity
Course review and overall summary |
Siber Güvenliğe Giriş- Prof.Dr. Kemal Bıçakçı
Research careers and career paths in cybersecurity.
Learn about current technologies and certifications.
Materials:
Textbook: "Careers in Cybersecurity" chapter
Panel Discussion: "Future Trends in Cybersecurity"
|
|
| 16) |
Final Exam |
|
|
| |
Programme Learning Outcomes |
Contribution Level (from 1 to 5) |
| 1) |
Acquires competency of analyzing and solving the problems. |
1 |
| 1) |
Explains the basic, theoretical and practical information in the field of information security technology. |
|
| 1) |
Follow the patches of information technology systems published against known cyber security gaps. |
5 |
| 1) |
Experiences all processes in business life. |
1 |
| 1) |
Lists the tasks and responsibilities required to identify and prevent any exploitation of hardware. |
5 |
| 1) |
Defines the corporate cyber security rules and guidelines.
|
5 |
| 2) |
Information Security Creates procedure and control components |
5 |
| 2) |
Takes part in activities related to the field of education in a business operating in the field. |
1 |
| 2) |
Explains the importance of authorizing users as much as they can. |
5 |
| 2) |
Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in software components. |
5 |
| 2) |
Know and analyze cyber assets in terms of information security. |
|
| 2) |
Has awareness for ethical and social responsibility. |
1 |
| 3) |
Identify non-technological tools and methods against cyber attack. |
5 |
| 3) |
Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in local area networks. |
5 |
| 3) |
Explains the necessary policies and processes for effective event management. |
5 |
| 3) |
Experience the cyber security risk management system. |
|
| 3) |
Questions the application with theoretical knowledge. |
1 |
| 3) |
Takes responsibility as a team member in works and operations of his/her field. |
1 |
| 4) |
Identifies the methods and methods of technological methods against cyber attack. |
5 |
| 4) |
Is aware of written, verbal communication and interaction. |
1 |
| 4) |
Explains the importance of monitoring the cyber systems for the correct structuring of the powers, the realization of the realized, failed or failed cyber attacks, the timely response to the protection and the fulfillment of the legal requirements. |
5 |
| 4) |
Compiles the knowledge and experience gained in the field. |
1 |
| 4) |
Applies the theoretical knowledge learned in business life for a semester. |
|
| 4) |
He/she applies the theoretical knowledge he/she has acquired in his/her lesson, which is a 21st century skill, in business life. |
|
| 5) |
Acquires the competencies defined as the institutional outcomes of Beykoz University on the basic level, inline with the expectations of business world and the society. |
|
| 5) |
User training and security awareness describes the importance of cyberspace. |
5 |
| 5) |
Follows the developments of advanced technology and digital transformation. |
1 |
| 6) |
Recall national and international legislation and regulations related to the field of Information Security Technology. |
1 |
| 6) |
Acquires the awareness for lifelong learning. |
1 |
| 7) |
Defines the fundamentals of programming and algorithm information. |
1 |
| 7) |
Has awareness about citizenship competency. |
1 |
| 8) |
Evaluates the developments of his/her field with the understanding of an entrepreneur. |
1 |
| 9) |
Acquires communication in a Foreign Language (English) competence defined on the level of at least A2 in European Language Portfolio. (In programs whose medium of instruction is English, on the level of B1). |
1 |