Curriculum

The schedule and the course contents are designed to address and cover the contemporary cybersecurity issues and problems and they will reviewed and updated with the developments in cybersecurity field. The contents of all courses cover the following subjects: Cryptography, network security, malware analysis and detection, computer forensics, blockchain security and applications, penetration testing, privacy-preserving data management, cyber security law , cybersecurity planning and management. As the program is primarily intended for professionals, not to interfere with regular working hours, the classes are scheduled after working hours and on Saturdays. The lectures will take place in Minerva Han, Karaköy, İstanbul.

I. Semester: Fall

Code Course Credits
SEC 500
Fundamentals of Computing
  • Introduction to Programming
  • Computers
  • Operating Systems
  • Software Stack
  • Computer Architectures
  • User Interface
  • Storage, Database Systems
  • Networking
Instructor: Erdinç Öztürk

Erdinç Öztürk

Erdinç Öztürk received his BS degree in Microelectronics from Sabanci University in 2003. He received his MS degree in Electrical Engineering in 2005 and PhD degree in Electrical and Computer engineering in 2009 from Worcester Polytechnic Institute. After receiving his PhD degree, he worked at Intel in Hudson, Massachusetts for almost 5 years as a hardware engineer, before joining Istanbul Commerce University in Turkey as an assistant professor. He joined Sabanci University in 2017 as an assistant professor. His research interest focuses on efficient hardware implementations of compute-intensive algorithms.

3
SEC 501
Introduction to Cryptography and Security Protocols

General concepts of cryptography, classical cryptosystem and basics of cryptanalysis, symmetric encryption algorithms, public key cryptography, cryptographic hash functions, data integrity and message authentication, digital signatures, secure key exchange and management, authentication mechanisms (password-based, biometrics, multifactor), related attacks and authentication protocols, security protocol design and implementation, security protocol analysis and verification, access control and authorization. Some existing application layer security protocols (such as email security, e-commerce security) are also discussed.

Instructor: Erkay Savaş

Erkay Savaş

Erkay Savaş received the BS (1990) and MS (1994) degrees in electrical engineering from the Electronics and Communications Engineering Department at Istanbul Technical University. He completed the PhD degree in the Department of Electrical and Computer Engineering (ECE) at Oregon State University in June 2000. He had worked for various companies and research institutions before he joined Sabanci University in 2002. His research interests include applied cryptography, data and communication security, privacy in biometrics, security and privacy in data mining applications, embedded systems security, and distributed systems. He is a member of IEEE, ACM, the IEEE Computer Society, and the International Association of Cryptologic Research (IACR). He is currently an Associate Editor to IEEE Transactions on Computers and Journal of Cryptographic Engineering.

3
SEC 502
Network and Web Security

Overview of the Internet and the TCP/IP protocol stack (incl. TCP, UDP, IP and application layer protocols), network packet/traffic analysis, physical layer security, network layer security (IPSec), transport layer security (SSL/TLS, SSh, HTTPS), DNS Security, wireless security, network-based attacks and defense, firewalls, intrusion detection and prevention, network hardening, honeypots and honeynets, web security principles, WAF (web application firewalls), secure web application design and development.

Instructor: Duygu Karaoğlan Altop

Duygu Karaoğlan Altop

Duygu Karaoğlan Altop received the BSc. degree in Telecommunications Engineering (2007) and the MSc. degree in Computer Science and Engineering (2009), from Sabancı University. She completed the Ph.D. degree in Computer Science and Engineering at Sabancı University in December 2016. Since September 2017, Dr. Karaoğlan Altop is an instructor in Foundations Development Department, Sabancı University. She served as logistics chair of CSW (Computer Science Student Workshop) in both 2010 and 2011, and as publications chair of CSW in 2012. Her research interests include computer and network security, data and communication security, cryptography, pervasive healthcare security, and biometrics.

3
SEC 503
Malware Analysis and Detection

General concepts of malwares, malware types, fundamentals of static and dynamic malware analysis, advanced static analysis, advanced dynamic analysis, reverse engineering, malware countermeasures.

Instructor: Orçun Çetin

Orçun Çetin

Dr. Orçun Çetin received his B.Sc. (Hons) Computing Science (Networked Systems and Internet Technologies) from Newcastle University in England. He received his M.Sc. on Networks and Security from University of Kent (England) with highest distinction. He has completed his Ph.D. degree at Delft University of Technology. He also worked as a Research Associate at the University of Kent’s School of Computing. Dr. Orcun Cetin and his co-authors won the Distinguished Paper Award for their work “Cleaning up the internet of evil things: real-world evidence on ISP and consumer efforts to remove mirai” at the Network and Distributed System Security Symposium 2019 (NDSS), one of the “Big 4” conferences in the cyber security field, which took place in San Diego. His research focuses on the global vulnerability and malicious activity scanning and notifying affected parties all around the world. In recent projects, he focused on economics and human aspects of cybersecurity, where he uses qualitative and quantitative methods to answer questions related to cybersecurity policies and cybercrime victimisation.

3
SEC 505
Blockchain: Security and Applications

Cryptographic fundamentals for blockchain, distributed systems, crypto-currencies, smart contracts, distributed blockchain applications, consensus algorithms, blockchain mining, security and privacy in blockchain, blockchain ecosystem.

Instructor: Kamer Kaya

Kamer Kaya

Kamer Kaya obtained his PhD in Cryptography at Faculty of Engineering, İhsan Doğramacı Bilkent University in 2009. He then joined CERFACS (European Research Lab for Scientific Computing, Toulouse, France) as a member of the Parallel Algorithms group. In 2011, he joined HPC Lab at the Ohio State University as a Post-graduate Researcher and appointed as Research Assistant Professor in 2012. Since June 2014, Dr. Kaya has been working on Faculty of Engineering and Natural Sciences, Sabancı University. He is actively doing research on High Performance Computing, Parallel Algorithms and Cryptography. 

3

II. Semester: Spring

Code Course Credits
SEC 504
Computer Forensics

Fundamentals of computer forensics, computer crimes and law, evidence gathering, data recovery, computer forensics tools, network forensics, wireless and mobile network forensics.

Instructors: Kamil Akdağ ve Mustafa Sansar

Kamil Akdağ

After graduating from the Physics Department of the Faculty of Arts and Sciences of Dokuz Eylul University, he started his work on server and network security in the area of informatics. After 7 years of experience in server infrastructure and network security, he turned to the field of Digital Forensics Informatics and completed his master's degree in Information Security.

Since 2014, he has been working on Forensic Cyber Crimes. In 2017, he started to work as a Digital Forensics Specialist in ABH Forensic Services Company.

Mustafa Sansar

Mustafa Sansar graduated from Yüzüncü Yıl University in 2001 and Police Academy in 2004. He is one of the founders of İstanbul Security Directorate - Department of Cyber Crimes and served 10 years of active duty. He resigned at his own request in 2012 and founded Fordefence Forensics Lab.

As the founder of Fordefence Forensics Lab, he provides consultancy to holdings, factories, banks, finance establishments, government institutions, politicians and celebrities within national and international scope.

Mustafa Sansar has prepared more than 11.000 reports as under oath referee of T.C. Ministry of Justice since 2004.

He completed Bilgi University IT and Technology Law graduate school and he is giving lectures on Digital Forensics, Cyber Crimes, IT Laws and Ethical Hacking at several universities.

He continues to serve as general secretary of IT Forensics and IT Law Association which is the first non-profit organization in Turkey

3
SEC 507
Penetration Testing

Fundamentals of modern IT systems and their vulnerabilities, ethical hacking methods, reconnaissance methods and tools, scanning methods and tools, network and web vulnerabilities, social engineering, penetration testing tools.

Instructor: Fatih Emiral

Fatih Emiral

OSCP, CISSP, CISA, CIA, CEH, ISO27001 LA, BS25999 LA

Emiral had provided pentest, IT audit and information security management system consulting services for more than 100 enterprises in finance, telecom and public sectors. Some of his previous engagements are:

  • Network, web application and mobile application penetration testing engagements
  • Computer and network forensic support for internal investigations
  • ISO 27001 based ISMS implementation consulting
  • CobiT and ITIL based IT controls and ISO27002 based information security controls audits
  • General computer controls audits for BDDK, BTK and SOX regulated companies
  • ERP application control audits
  • Pentesting, information security and IT audit trainings

Emiral is the managing partner of the information security company BTRisk since 2009.

3
SEC 508
Privacy-Preserving Data Management

Privacy of personal and sensitive data; privacy issues concerning data collection, storage, processing and publishing; anonymity metrics; privacy-enhancing techniques; case studies.

Trainer: Mustafa Afyonluoğlu

Mustafa Afyonluoğlu

Dr. Mustafa Afyonluoğlu (graduated from Hacettepe University Department of Electrical & Electronics Engineering, 1992) completed 1st Masters Degree from same department (1996), 2nd in “Cyber Law” (Bilgi University, 2012) and “Good Governance” program (Bogazici University, 2016-2017). His academic studies continue in law (Anadolu University). His doctoral study is about Anonymization in Personal Data Protection. He has worked in several managerial positions in the public and private sector and he is project manager, during last 30 years, for more than 70 national and international large-scale e-government projects, which five of them are award-winning and prioritized by Prime Ministry. Afyonluoglu was e-Transformation unit manager and e-Government institution consultant in TUBITAK (The Scientific and Technological Council of Turkey), PM e-government expert and head of e-Government Advisory Group on Prime Ministry Office, coordinator of 2016-2019 National e-Government Strategy & Action Plan, EU capacity development key expert, UN project coordinator on migration & e-Government, cyber security & e-government external expert of Presidency (State Audit Board). He was consultant of Ministry of Trade and responsible from “National Points of Single Contact for Business (PSC)” & “Retail Information System (PERBIS)”. He is currently member of Expert Group on a high-level strategy entitled “Digital Economy Strategy for the Arab World, 2020-2025” by The Council of Arab Economic Unity of the League of Arab States. Currently, he is preparing e-gov & digital economy short-term action plan and provides consultancy service for implementation phases for a country. In voluntary activities side, he is member of Executive Board of Informatics Association of Turkey (TBD), head of Digital Economy Strategic Studies of Executive Board and member of “Local Business Association Advisory Board”. He continues his studies on personal data protection and public sector applications of blockchain. Afyonluoğlu is married and has 2 children.

3
SEC 509
Secure Coding and Software Security

Secure coding principles; vulnerabilities and exploits: buffer overflow, SQL injection, cross-site-scripting, session hijacking, sensitive data exposure; countermeasures; advanced testing and program analysis techniques.

Instructor: Orçun Çetin

Orçun Çetin

Dr. Orçun Çetin received his B.Sc. (Hons) Computing Science (Networked Systems and Internet Technologies) from Newcastle University in England. He received his M.Sc. on Networks and Security from University of Kent (England) with highest distinction. He has completed his Ph.D. degree at Delft University of Technology. He also worked as a Research Associate at the University of Kent’s School of Computing. Dr. Orcun Cetin and his co-authors won the Distinguished Paper Award for their work “Cleaning up the internet of evil things: real-world evidence on ISP and consumer efforts to remove mirai” at the Network and Distributed System Security Symposium 2019 (NDSS), one of the “Big 4” conferences in the cyber security field, which took place in San Diego. His research focuses on the global vulnerability and malicious activity scanning and notifying affected parties all around the world. In recent projects, he focused on economics and human aspects of cybersecurity, where he uses qualitative and quantitative methods to answer questions related to cybersecurity policies and cybercrime victimisation.

3
SEC 510
Cyber Security Law

Cyber crimes; digital signature law; intellectual property law; digital communication law; data protection and privacy law; cybercrime incidences; laws and regulations for cyber security in the world; ethical issues in cyber security.

Instructor: Leyla Keser Berber, Mehmet Bedii Kaya ve Tuğrul Sevim

Leyla Keser Berber

Istanbul Bilgi University
Director of Information Technology (IT) Law Institute 

Completing graduate degree at Marmara University Faculty of Law, she was research assistant at the same faculty till 1998. She was awarded PhD in 1998 and started to work at Istanbul Bilgi University. She is the founder and Director of IT Law Institute at Bilgi University since 2010. She has authored books, articles and reports on computer forensics, e-signature, e-government, e-commerce, information security, biometric methods, e-invoice, DRM (digital rights management), ICT Law, e-health records, data protection/privacy, Digital Company, online behavioral advertising and cyber security. She is the Author of Cyber Law Turkey (for Kluwer Law International, 2009 and 2014). She was legal counsel of the Ministry of Customs and Trade for Turkish Commercial Code on Digital Company, IT Law and e-Commerce Law. She gives consultancy for several governmental organizations on IT Law since 2004. She represents IT Law Institute within Network of Centers (https://networkofcenters.net/). She was faculty fellow of the Berkman Center for Internet and Society at Harvard University.  

Mehmet Bedii Kaya

Dr. Mehmet Bedii Kaya is a lecturer at Istanbul Bilgi University IT Law Institute, where he delivers post-graduate lectures on Internet law and E-Government. He holds LLB from Istanbul Bilgi University, LLM in Internet Law from Istanbul Bilgi University and Ph.D. in Law from the University of Nottingham.

Dr. Mehmet Bedii Kaya’s research and practice interests are primarily in the area of IT law, in particular, in the fields of Internet governance, Internet content policy and regulations, data protection and cyber security. He has written various publications addressing the legitimacy and subsidiary of Internet governance and content regulation in Turkey.

Tuğrul Sevim

Tugrul specializes in complex IT and telecommunication contracts (development, licensing, integration, outsourcing), electronic commerce and internet legal issues, privacy law and complex IT litigation (Expert proceedings, alternative dispute resolution)

Tuğrul Sevim is one of the founding partners of BTS&Partners.

He assists clients in the management of their Intellectual Property portfolios and establishment of their market strategies on complex ICT projects and in negotiating and drafting complex IT contracts with strong Intellectual Property and regulatory content. Mr. Tugrul Sevim's client include consultancy management, technology services and outsourcing companies, telecommunication companies, software and hardware suppliers, fintech companies.

Tuğrul also has a strong capability in data privacy. advises businesses on how to strategically manage their privacy, security, electronic workplace, and e-business legal risks both domestically and globally. He has assisted a wide range of business in a variety of industries by developing a privacy strategy that yields practical solutions in a rapidly evolving area and that weighs costs and benefits in a light of a company's risk profile and culture

He was graduated from Marmara University Law Faculty in 2003 and is admitted to Istanbul Bar Association since 2004. He completed his LL.M at Istanbul Bilgi University on Economics Law and he still continues his Ph.D. studies at Yeditepe University on Private Law. Mr. Tugrul Sevim is also a part-time lecturer at Bilgi University Economy Law Master Program. Currently he gives a lecture on information security law.

He provides services in Turkish; English and French.

3
Code Course Credits
SEC 506
Advanced Cryptography

Mathematical foundations, elliptic curve cryptography, homomorphic encryption, secret sharing protocols, oblivious transfer, zero-knowledge proofs, secure multi-party computation, e-voting applications, e-cash, post-quantum cryptography.

Instructor: Erkay Savaş
3
SEC 511
Cyber ​​Security Planning and Management

Cyber security risk management; cyber security planning and policy; management of cyber security operations: detection, response and intelligence; incident response team management; security awareness and training management; security management standards and best practices; regulatory compliance in cyber security.

3
SEC 592
Project Course

All graduate students pursuing a non-thesis MSc. Program are required to complete a project. The project topic and contents are based on the interest and background of the student and are approved by the faculty member serving as the Project Supervisor. At the completion of the project, the student is required to submit a final report and present the project. The final report is to be approved by the Project Supervisor.

3
DA 525
Project Management and Business Communication

This course is intended to provide industry insight into the world of project management and business communication. Upon completion of this course, students are expected to have a clear understanding of the tasks and challenges that are fundamental to project management requirements. The course will also cover issues on team management and other aspects of project management on schedules, risks and resources for a successful project outcome. The second part of this course will concentrate on effective communication with team members, presentation techniques for a wide range of audiences and communicating results and recommendations to upper management and clients.

Instructor: Hakan Aksungar

Hakan Aksungar

Aksungar started his career as a software development expert in the field of Information Technologies in 1984 and completed his institutional experience as a Program Manager in the finance sector in 2007. In the meantime, he has assumed managerial responsibility in a wide range of projects.

Then, as a self-employed consultant in the field of Information Technologies, he continued his services by sharing his knowledge and experiences in different sectors and companies. In 2010, as a founding partner, Fonksiyon Information Technologies Consulting and Training Ltd. Sti. under the umbrella of Chief Executive Officer and continuing his training and consulting activities.

Fonksiyon360, Training, Consultancy and Coaching Services.

3
English