Curriculum

The schedule and the course contents are designed to address and cover the contemporary cybersecurity issues and problems and they will reviewed and updated with the developments in cybersecurity field. The contents of all courses cover the following subjects: Cryptography, network security, malware analysis and detection, computer forensics, blockchain security and applications, penetration testing, privacy-preserving data management, cyber security law , cybersecurity planning and management. As the program is primarily intended for professionals, not to interfere with regular working hours, the classes are scheduled after working hours and on Saturdays. The lectures will take place in Minerva Han, Karaköy, İstanbul.

I. Semester: Fall

Code Course Credits
SEC 500
Fundamentals of Computing
  • Introduction to Programming
  • Computers
  • Operating Systems
  • Software Stack
  • Computer Architectures
  • User Interface
  • Storage, Database Systems
  • Networking
Instructor: Erdinç Öztürk

Erdinç Öztürk

Erdinç Öztürk received his BS degree in Microelectronics from Sabanci University in 2003. He received his MS degree in Electrical Engineering in 2005 and PhD degree in Electrical and Computer engineering in 2009 from Worcester Polytechnic Institute. After receiving his PhD degree, he worked at Intel in Hudson, Massachusetts for almost 5 years as a hardware engineer, before joining Istanbul Commerce University in Turkey as an assistant professor. He joined Sabanci University in 2017 as an assistant professor. His research interest focuses on efficient hardware implementations of compute-intensive algorithms.

3
SEC 501
Introduction to Cryptography and Security Protocols

General concepts of cryptography, classical cryptosystem and basics of cryptanalysis, symmetric encryption algorithms, public key cryptography, cryptographic hash functions, data integrity and message authentication, digital signatures, secure key exchange and management, authentication mechanisms (password-based, biometrics, multifactor), related attacks and authentication protocols, security protocol design and implementation, security protocol analysis and verification, access control and authorization. Some existing application layer security protocols (such as email security, e-commerce security) are also discussed.

Instructor: Erkay Savaş

Erkay Savaş

Erkay Savaş received the BS (1990) and MS (1994) degrees in electrical engineering from the Electronics and Communications Engineering Department at Istanbul Technical University. He completed the PhD degree in the Department of Electrical and Computer Engineering (ECE) at Oregon State University in June 2000. He had worked for various companies and research institutions before he joined Sabanci University in 2002. His research interests include applied cryptography, data and communication security, privacy in biometrics, security and privacy in data mining applications, embedded systems security, and distributed systems. He is a member of IEEE, ACM, the IEEE Computer Society, and the International Association of Cryptologic Research (IACR). He is currently an Associate Editor to IEEE Transactions on Computers and Journal of Cryptographic Engineering.

3
SEC 502
Network and Web Security

Overview of the Internet and the TCP/IP protocol stack (incl. TCP, UDP, IP and application layer protocols), network packet/traffic analysis, physical layer security, network layer security (IPSec), transport layer security (SSL/TLS, SSh, HTTPS), DNS Security, wireless security, network-based attacks and defense, firewalls, intrusion detection and prevention, network hardening, honeypots and honeynets, web security principles, WAF (web application firewalls), secure web application design and development.

Instructor: Duygu Karaoğlan Altop

Duygu Karaoğlan Altop

Duygu Karaoğlan Altop received the BSc. degree in Telecommunications Engineering (2007) and the MSc. degree in Computer Science and Engineering (2009), from Sabancı University. She completed the Ph.D. degree in Computer Science and Engineering at Sabancı University in December 2016. Since September 2017, Dr. Karaoğlan Altop is an instructor in Foundations Development Department, Sabancı University. She served as logistics chair of CSW (Computer Science Student Workshop) in both 2010 and 2011, and as publications chair of CSW in 2012. Her research interests include computer and network security, data and communication security, cryptography, pervasive healthcare security, and biometrics.

3
SEC 503
Malware Analysis and Detection

General concepts of malwares, malware types, fundamentals of static and dynamic malware analysis, advanced static analysis, advanced dynamic analysis, reverse engineering, malware countermeasures.

3
SEC 505
Blockchain: Security and Applications

Cryptographic fundamentals for blockchain, distributed systems, crypto-currencies, smart contracts, distributed blockchain applications, consensus algorithms, blockchain mining, security and privacy in blockchain, blockchain ecosystem.

Instructor: Kamer Kaya

Kamer Kaya

Kamer Kaya obtained his PhD in Cryptography at Faculty of Engineering, İhsan Doğramacı Bilkent University in 2009. He then joined CERFACS (European Research Lab for Scientific Computing, Toulouse, France) as a member of the Parallel Algorithms group. In 2011, he joined HPC Lab at the Ohio State University as a Post-graduate Researcher and appointed as Research Assistant Professor in 2012. Since June 2014, Dr. Kaya has been working on Faculty of Engineering and Natural Sciences, Sabancı University. He is actively doing research on High Performance Computing, Parallel Algorithms and Cryptography. 

3

II. Semester: Spring

Code Course Credits
SEC 504
Computer Forensics

Fundamentals of computer forensics, computer crimes and law, evidence gathering, data recovery, computer forensics tools, network forensics, wireless and mobile network forensics.

Instructors: Kamil Akdağ ve Mustafa Sansar

Kamil Akdağ

After graduating from the Physics Department of the Faculty of Arts and Sciences of Dokuz Eylul University, he started his work on server and network security in the area of informatics. After 7 years of experience in server infrastructure and network security, he turned to the field of Digital Forensics Informatics and completed his master's degree in Information Security.

Since 2014, he has been working on Forensic Cyber Crimes. In 2017, he started to work as a Digital Forensics Specialist in ABH Forensic Services Company.

Mustafa Sansar

Mustafa Sansar graduated from Yüzüncü Yıl University in 2001 and Police Academy in 2004. He is one of the founders of İstanbul Security Directorate - Department of Cyber Crimes and served 10 years of active duty. He resigned at his own request in 2012 and founded Fordefence Forensics Lab.

As the founder of Fordefence Forensics Lab, he provides consultancy to holdings, factories, banks, finance establishments, government institutions, politicians and celebrities within national and international scope.

Mustafa Sansar has prepared more than 11.000 reports as under oath referee of T.C. Ministry of Justice since 2004.

He completed Bilgi University IT and Technology Law graduate school and he is giving lectures on Digital Forensics, Cyber Crimes, IT Laws and Ethical Hacking at several universities.

He continues to serve as general secretary of IT Forensics and IT Law Association which is the first non-profit organization in Turkey

3
SEC 506
Advanced Cryptography

Mathematical foundations, elliptic curve cryptography, homomorphic encryption, secret sharing protocols, oblivious transfer, zero-knowledge proofs, secure multi-party computation, e-voting applications, e-cash, post-quantum cryptography.

3
SEC 507
Penetration Testing

Fundamentals of modern IT systems and their vulnerabilities, ethical hacking methods, reconnaissance methods and tools, scanning methods and tools, network and web vulnerabilities, social engineering, penetration testing tools.

Instructor: Fatih Emiral

Fatih Emiral

OSCP, CISSP, CISA, CIA, CEH, ISO27001 LA, BS25999 LA

Emiral had provided pentest, IT audit and information security management system consulting services for more than 100 enterprises in finance, telecom and public sectors. Some of his previous engagements are:

  • Network, web application and mobile application penetration testing engagements
  • Computer and network forensic support for internal investigations
  • ISO 27001 based ISMS implementation consulting
  • CobiT and ITIL based IT controls and ISO27002 based information security controls audits
  • General computer controls audits for BDDK, BTK and SOX regulated companies
  • ERP application control audits
  • Pentesting, information security and IT audit trainings

Emiral is the managing partner of the information security company BTRisk since 2009.

3
SEC 508
Privacy-Preserving Data Management

Privacy of personal and sensitive data; privacy issues concerning data collection, storage, processing and publishing; anonymity metrics; privacy-enhancing techniques; case studies.

3
SEC 509
Secure Coding and Software Security

Secure coding principles; vulnerabilities and exploits: buffer overflow, SQL injection, cross-site-scripting, session hijacking, sensitive data exposure; countermeasures; advanced testing and program analysis techniques.

Instructor: Alp Öztarhan
3
SEC 510
Cyber Security Law

Cyber crimes; digital signature law; intellectual property law; digital communication law; data protection and privacy law; cybercrime incidences; laws and regulations for cyber security in the world; ethical issues in cyber security.

Instructor: Leyla Keser Berber, Mehmet Bedii Kaya ve Tuğrul Sevim

Leyla Keser Berber

Istanbul Bilgi University
Director of Information Technology (IT) Law Institute 

Completing graduate degree at Marmara University Faculty of Law, she was research assistant at the same faculty till 1998. She was awarded PhD in 1998 and started to work at Istanbul Bilgi University. She is the founder and Director of IT Law Institute at Bilgi University since 2010. She has authored books, articles and reports on computer forensics, e-signature, e-government, e-commerce, information security, biometric methods, e-invoice, DRM (digital rights management), ICT Law, e-health records, data protection/privacy, Digital Company, online behavioral advertising and cyber security. She is the Author of Cyber Law Turkey (for Kluwer Law International, 2009 and 2014). She was legal counsel of the Ministry of Customs and Trade for Turkish Commercial Code on Digital Company, IT Law and e-Commerce Law. She gives consultancy for several governmental organizations on IT Law since 2004. She represents IT Law Institute within Network of Centers (https://networkofcenters.net/). She was faculty fellow of the Berkman Center for Internet and Society at Harvard University.  

Mehmet Bedii Kaya

Dr. Mehmet Bedii Kaya is a lecturer at Istanbul Bilgi University IT Law Institute, where he delivers post-graduate lectures on Internet law and E-Government. He holds LLB from Istanbul Bilgi University, LLM in Internet Law from Istanbul Bilgi University and Ph.D. in Law from the University of Nottingham.

Dr. Mehmet Bedii Kaya’s research and practice interests are primarily in the area of IT law, in particular, in the fields of Internet governance, Internet content policy and regulations, data protection and cyber security. He has written various publications addressing the legitimacy and subsidiary of Internet governance and content regulation in Turkey.

Tuğrul Sevim

Tugrul specializes in complex IT and telecommunication contracts (development, licensing, integration, outsourcing), electronic commerce and internet legal issues, privacy law and complex IT litigation (Expert proceedings, alternative dispute resolution)

Tuğrul Sevim is one of the founding partners of BTS&Partners.

He assists clients in the management of their Intellectual Property portfolios and establishment of their market strategies on complex ICT projects and in negotiating and drafting complex IT contracts with strong Intellectual Property and regulatory content. Mr. Tugrul Sevim's client include consultancy management, technology services and outsourcing companies, telecommunication companies, software and hardware suppliers, fintech companies.

Tuğrul also has a strong capability in data privacy. advises businesses on how to strategically manage their privacy, security, electronic workplace, and e-business legal risks both domestically and globally. He has assisted a wide range of business in a variety of industries by developing a privacy strategy that yields practical solutions in a rapidly evolving area and that weighs costs and benefits in a light of a company's risk profile and culture

He was graduated from Marmara University Law Faculty in 2003 and is admitted to Istanbul Bar Association since 2004. He completed his LL.M at Istanbul Bilgi University on Economics Law and he still continues his Ph.D. studies at Yeditepe University on Private Law. Mr. Tugrul Sevim is also a part-time lecturer at Bilgi University Economy Law Master Program. Currently he gives a lecture on information security law.

He provides services in Turkish; English and French.

3

III. Semester: Summer

Code Course Credits
SEC 511
Siber Cyber ​​Security Planning and Management

Cyber security risk management; cyber security planning and policy; management of cyber security operations: detection, response and intelligence; incident response team management; security awareness and training management; security management standards and best practices; regulatory compliance in cyber security.

Instructor: Nafiz Ünlü

Nafiz Ünlü

Dr. Nafiz Ünlü graduated from the Department of Electrical Engineering, Faculty of Engineering of Yıldız Technical University in Istanbul in 1982.

In 1991, Dr. Ünlü received a post graduate degree in Artificial Intelligence applications from the University of Wales.

In 1995, he completed his PhD in Electronics from the Department of Electronics at Istanbul University.

He has been a manager in many R&D projects supported by TÜBİTAK and KOSGEB.

Dr. Ünlü has worked and researched in various sectors and universities on IT applications in Banking, Information Technologies, Information Security, Cyber Security, Project Management and System Analysis and Design.

He is the author of two books and publications in national and international journals and conferences.

3
SEC 592
Project Course

All graduate students pursuing a non-thesis MSc. Program are required to complete a project. The project topic and contents are based on the interest and background of the student and are approved by the faculty member serving as the Project Supervisor. At the completion of the project, the student is required to submit a final report and present the project. The final report is to be approved by the Project Supervisor.

3
DA 525
Project Management and Business Communication

This course is intended to provide industry insight into the world of project management and business communication. Upon completion of this course, students are expected to have a clear understanding of the tasks and challenges that are fundamental to project management requirements. The course will also cover issues on team management and other aspects of project management on schedules, risks and resources for a successful project outcome. The second part of this course will concentrate on effective communication with team members, presentation techniques for a wide range of audiences and communicating results and recommendations to upper management and clients.

Instructor: Hakan Aksungar

Hakan Aksungar

Aksungar started his career as a software development expert in the field of Information Technologies in 1984 and completed his institutional experience as a Program Manager in the finance sector in 2007. In the meantime, he has assumed managerial responsibility in a wide range of projects.

Then, as a self-employed consultant in the field of Information Technologies, he continued his services by sharing his knowledge and experiences in different sectors and companies. In 2010, as a founding partner, Fonksiyon Information Technologies Consulting and Training Ltd. Sti. under the umbrella of Chief Executive Officer and continuing his training and consulting activities.

Fonksiyon360, Training, Consultancy and Coaching Services.

3
English

Cyber Security Non-thesis Master's Program For Professionals 2019 Brochure