The schedule and the course contents are designed to address and cover the contemporary cybersecurity issues and problems and they will reviewed and updated with the developments in cybersecurity field. The contents of all courses cover the following subjects: Cryptography, network security, malware analysis and detection, computer forensics, blockchain security and applications, penetration testing, privacy-preserving data management, cyber security law , cybersecurity planning and management. As the program is primarily intended for professionals, not to interfere with regular working hours, the classes are scheduled after working hours and on Saturdays. The lectures will take place in Altunizade Digital Campus, İstanbul.
I. Semester: Fall
| Code | Course | Credits |
|---|---|---|
| SEC 500 |
Fundamentals of Computing
Albert Levi
Education B.S. in Computer Engineering, Boğaziçi University, Computer Engineering Department, 1991. M.S. in Computer Engineering, Boğaziçi University, Computer Engineering Department, 1993. Ph.D. in Computer Engineering, Boğaziçi University, Computer Engineering Department, 1999. Areas of Interest: Information and Network Security, Wireless Network Security, IoT Security and Privacy, Cryptography, Certificate Systems and Public Key Infrastructures, Computer Networks Memberships: IEEE, IEEE Computer Society, IEEE ComSoc, ACM, ACM SIGSAC |
3 |
| SEC 501 |
Introduction to Cryptography and Security Protocols
General concepts of cryptography, classical cryptosystem and basics of cryptanalysis, symmetric encryption algorithms, public key cryptography, cryptographic hash functions, data integrity and message authentication, digital signatures, secure key exchange and management, authentication mechanisms (password-based, biometrics, multifactor), related attacks and authentication protocols, security protocol design and implementation, security protocol analysis and verification, access control and authorization. Some existing application layer security protocols (such as email security, e-commerce security) are also discussed. Instructor: Erkay SavaşErkay Savaş
Erkay Savaş received the BS (1990) and MS (1994) degrees in electrical engineering from the Electronics and Communications Engineering Department at Istanbul Technical University. He completed the PhD degree in the Department of Electrical and Computer Engineering (ECE) at Oregon State University in June 2000. He had worked for various companies and research institutions before he joined Sabanci University in 2002. His research interests include applied cryptography, data and communication security, privacy in biometrics, security and privacy in data mining applications, embedded systems security, and distributed systems. He is a member of IEEE, ACM, the IEEE Computer Society, and the International Association of Cryptologic Research (IACR). He is currently an Associate Editor to IEEE Transactions on Computers and Journal of Cryptographic Engineering. |
3 |
| SEC 502 |
Network and Web Security
Overview of the Internet and the TCP/IP protocol stack (incl. TCP, UDP, IP and application layer protocols), network packet/traffic analysis, physical layer security, network layer security (IPSec), transport layer security (SSL/TLS, SSh, HTTPS), DNS Security, wireless security, network-based attacks and defense, firewalls, intrusion detection and prevention, network hardening, honeypots and honeynets, web security principles, WAF (web application firewalls), secure web application design and development. Instructor: Duygu Karaoğlan AltopDuygu Karaoğlan Altop
Duygu Karaoğlan Altop received the BSc. degree in Telecommunications Engineering (2007) and the MSc. degree in Computer Science and Engineering (2009), from Sabancı University. She completed the Ph.D. degree in Computer Science and Engineering at Sabancı University in December 2016. Since September 2017, Dr. Karaoğlan Altop is an instructor in Foundations Development Department, Sabancı University. She served as logistics chair of CSW (Computer Science Student Workshop) in both 2010 and 2011, and as publications chair of CSW in 2012. Her research interests include computer and network security, data and communication security, cryptography, pervasive healthcare security, and biometrics. |
3 |
| SEC 503 |
Malware Analysis and Detection
General concepts of malwares, malware types, fundamentals of static and dynamic malware analysis, advanced static analysis, advanced dynamic analysis, reverse engineering, malware countermeasures. Instructor: Orçun ÇetinOrçun Çetin
Dr. Orçun Çetin received his B.Sc. (Hons) Computing Science (Networked Systems and Internet Technologies) from Newcastle University in England. He received his M.Sc. on Networks and Security from University of Kent (England) with highest distinction. He has completed his Ph.D. degree at Delft University of Technology. He also worked as a Research Associate at the University of Kent’s School of Computing. Dr. Orcun Cetin and his co-authors won the Distinguished Paper Award for their work “Cleaning up the internet of evil things: real-world evidence on ISP and consumer efforts to remove mirai” at the Network and Distributed System Security Symposium 2019 (NDSS), one of the “Big 4” conferences in the cyber security field, which took place in San Diego. His research focuses on the global vulnerability and malicious activity scanning and notifying affected parties all around the world. In recent projects, he focused on economics and human aspects of cybersecurity, where he uses qualitative and quantitative methods to answer questions related to cybersecurity policies and cybercrime victimisation. |
3 |
| SEC 505 |
Blockchain: Security and Applications
Cryptographic fundamentals for blockchain, distributed systems, crypto-currencies, smart contracts, distributed blockchain applications, consensus algorithms, blockchain mining, security and privacy in blockchain, blockchain ecosystem. Instructor: Kamer KayaKamer Kaya
Kamer Kaya obtained his PhD in Cryptography at Faculty of Engineering, İhsan Doğramacı Bilkent University in 2009. He then joined CERFACS (European Research Lab for Scientific Computing, Toulouse, France) as a member of the Parallel Algorithms group. In 2011, he joined HPC Lab at the Ohio State University as a Post-graduate Researcher and appointed as Research Assistant Professor in 2012. Since June 2014, Dr. Kaya has been working on Faculty of Engineering and Natural Sciences, Sabancı University. He is actively doing research on High Performance Computing, Parallel Algorithms and Cryptography. |
3 |
II. Semester: Spring
| Code | Course | Credits |
|---|---|---|
| SEC 504 |
Computer Forensics
Fundamentals of computer forensics, computer crimes and law, evidence gathering, data recovery, computer forensics tools, network forensics, wireless and mobile network forensics. Instructors: Kamil Akdağ ve Mustafa SansarKamil Akdağ
After graduating from the Physics Department of the Faculty of Arts and Sciences of Dokuz Eylul University, he started his work on server and network security in the area of informatics. After 7 years of experience in server infrastructure and network security, he turned to the field of Digital Forensics Informatics and completed his master's degree in Information Security. Since 2014, he has been working on Forensic Cyber Crimes. In 2017, he started to work as a laboratory director in Fordefence Adli Bilişim . Mustafa Sansar
Mustafa Sansar graduated from Yüzüncü Yıl University in 2001 and Police Academy in 2004. He is one of the founders of İstanbul Security Directorate - Department of Cyber Crimes and served 10 years of active duty. He resigned at his own request in 2012 and founded Fordefence Forensics Lab. As the founder of Fordefence Forensics Lab, he provides consultancy to holdings, factories, banks, finance establishments, government institutions, politicians and celebrities within national and international scope. Mustafa Sansar has prepared more than 11.000 reports as under oath referee of T.C. Ministry of Justice since 2004. He completed Bilgi University IT and Technology Law graduate school and he is giving lectures on Digital Forensics, Cyber Crimes, IT Laws and Ethical Hacking at several universities. He continues to serve as general secretary of IT Forensics and IT Law Association which is the first non-profit organization in Turkey |
3 |
| SEC 507 |
Penetration Testing
Fundamentals of modern IT systems and their vulnerabilities, ethical hacking methods, reconnaissance methods and tools, scanning methods and tools, network and web vulnerabilities, social engineering, penetration testing tools. Instructor: Nurlan AbishovNurlan AbishovOSCP, CISSP, CISA, CIA, CEH, ISO27001 LA, BS25999 LA
|
3 |
| SEC 508 |
Privacy-Preserving Data Management
Privacy of personal and sensitive data; privacy issues concerning data collection, storage, processing and publishing; anonymity metrics; privacy-enhancing techniques; case studies. Trainer: Mustafa AfyonluoğluMustafa Afyonluoğlu
Dr. Mustafa Afyonluoğlu (graduated from Hacettepe University Department of Electrical & Electronics Engineering, 1992) completed 1st Masters Degree from same department (1996), 2nd in “Cyber Law” (Bilgi University, 2012) and “Good Governance” program (Bogazici University, 2016-2017). His academic studies continue in law (Anadolu University). His doctoral study is about Anonymization in Personal Data Protection. He has worked in several managerial positions in the public and private sector and he is project manager, during last 30 years, for more than 70 national and international large-scale e-government projects, which five of them are award-winning and prioritized by Prime Ministry. Afyonluoglu was e-Transformation unit manager and e-Government institution consultant in TUBITAK (The Scientific and Technological Council of Turkey), PM e-government expert and head of e-Government Advisory Group on Prime Ministry Office, coordinator of 2016-2019 National e-Government Strategy & Action Plan, EU capacity development key expert, UN project coordinator on migration & e-Government, cyber security & e-government external expert of Presidency (State Audit Board). He was consultant of Ministry of Trade and responsible from “National Points of Single Contact for Business (PSC)” & “Retail Information System (PERBIS)”. He is currently member of Expert Group on a high-level strategy entitled “Digital Economy Strategy for the Arab World, 2020-2025” by The Council of Arab Economic Unity of the League of Arab States. Currently, he is preparing e-gov & digital economy short-term action plan and provides consultancy service for implementation phases for a country. In voluntary activities side, he is member of Executive Board of Informatics Association of Turkey (TBD), head of Digital Economy Strategic Studies of Executive Board and member of “Local Business Association Advisory Board”. He continues his studies on personal data protection and public sector applications of blockchain. Afyonluoğlu is married and has 2 children. |
3 |
| SEC 509 |
Secure Coding and Software Security
Secure coding principles; vulnerabilities and exploits: buffer overflow, SQL injection, cross-site-scripting, session hijacking, sensitive data exposure; countermeasures; advanced testing and program analysis techniques. Instructor: Orçun ÇetinOrçun Çetin
Dr. Orçun Çetin received his B.Sc. (Hons) Computing Science (Networked Systems and Internet Technologies) from Newcastle University in England. He received his M.Sc. on Networks and Security from University of Kent (England) with highest distinction. He has completed his Ph.D. degree at Delft University of Technology. He also worked as a Research Associate at the University of Kent’s School of Computing. Dr. Orcun Cetin and his co-authors won the Distinguished Paper Award for their work “Cleaning up the internet of evil things: real-world evidence on ISP and consumer efforts to remove mirai” at the Network and Distributed System Security Symposium 2019 (NDSS), one of the “Big 4” conferences in the cyber security field, which took place in San Diego. His research focuses on the global vulnerability and malicious activity scanning and notifying affected parties all around the world. In recent projects, he focused on economics and human aspects of cybersecurity, where he uses qualitative and quantitative methods to answer questions related to cybersecurity policies and cybercrime victimisation. |
3 |
| SEC 510 |
Cyber Security Law
Cyber crimes; digital signature law; intellectual property law; digital communication law; data protection and privacy law; cybercrime incidences; laws and regulations for cyber security in the world; ethical issues in cyber security. Instructor: Mehmet Bedii Kaya, Tuğrul Sevim and Batu KınıkoğluMehmet Bedii Kaya
Dr. Mehmet Bedii Kaya is a lecturer at Istanbul Bilgi University IT Law Institute, where he delivers post-graduate lectures on Internet law and E-Government. He holds LLB from Istanbul Bilgi University, LLM in Internet Law from Istanbul Bilgi University and Ph.D. in Law from the University of Nottingham. Dr. Mehmet Bedii Kaya’s research and practice interests are primarily in the area of IT law, in particular, in the fields of Internet governance, Internet content policy and regulations, data protection and cyber security. He has written various publications addressing the legitimacy and subsidiary of Internet governance and content regulation in Turkey. Batu Kınıkoğlu
Dr. Batu Kınıkoğlu graduated from Istanbul University Law Faculty and received his LL.M. degree in Innovation, Technology and the Law from the University of Edinburgh. He received his Ph.D. degree in Law from Vrije Universiteit Amsterdam with his thesis on intellectual property rights on virtual items. He is working as a lawyer specializing in information technology law and continues to teach undergraduate and graduate law courses as a lecturer. He has articles published in international refereed academic journals on subjects ranging from cybersecurity to data protection, copyright, and internet regulation. Tuğrul Sevim
Tugrul specializes in complex IT and telecommunication contracts (development, licensing, integration, outsourcing), electronic commerce and internet legal issues, privacy law and complex IT litigation (Expert proceedings, alternative dispute resolution) Tuğrul Sevim is one of the founding partners of BTS&Partners. He assists clients in the management of their Intellectual Property portfolios and establishment of their market strategies on complex ICT projects and in negotiating and drafting complex IT contracts with strong Intellectual Property and regulatory content. Mr. Tugrul Sevim's client include consultancy management, technology services and outsourcing companies, telecommunication companies, software and hardware suppliers, fintech companies. Tuğrul also has a strong capability in data privacy. advises businesses on how to strategically manage their privacy, security, electronic workplace, and e-business legal risks both domestically and globally. He has assisted a wide range of business in a variety of industries by developing a privacy strategy that yields practical solutions in a rapidly evolving area and that weighs costs and benefits in a light of a company's risk profile and culture He was graduated from Marmara University Law Faculty in 2003 and is admitted to Istanbul Bar Association since 2004. He completed his LL.M at Istanbul Bilgi University on Economics Law and he still continues his Ph.D. studies at Yeditepe University on Private Law. Mr. Tugrul Sevim is also a part-time lecturer at Bilgi University Economy Law Master Program. Currently he gives a lecture on information security law. He provides services in Turkish; English and French. |
3 |
| SEC 506 |
Advanced Cryptography
Mathematical foundations, elliptic curve cryptography, homomorphic encryption, secret sharing protocols, oblivious transfer, zero-knowledge proofs, secure multi-party computation, e-voting applications, e-cash, post-quantum cryptography. Instructor: Erkay Savaş |
3 |
| SEC 511 |
Cyber Security Planning and Management
Cyber security risk management; cyber security planning and policy; management of cyber security operations: detection, response and intelligence; incident response team management; security awareness and training management; security management standards and best practices; regulatory compliance in cyber security. |
3 |
| SEC 512 |
Advanced Malware and Code Analysis
A small reminder of previous course
|
3 |
| SEC 592 |
Project Course
All graduate students pursuing a non-thesis MSc. Program are required to complete a project. The project topic and contents are based on the interest and background of the student and are approved by the faculty member serving as the Project Supervisor. At the completion of the project, the student is required to submit a final report and present the project. The final report is to be approved by the Project Supervisor. |
3 |
| DA 525 |
Project Management and Business Communication
This course is intended to provide industry insight into the world of project management and business communication. Upon completion of this course, students are expected to have a clear understanding of the tasks and challenges that are fundamental to project management requirements. The course will also cover issues on team management and other aspects of project management on schedules, risks and resources for a successful project outcome. The second part of this course will concentrate on effective communication with team members, presentation techniques for a wide range of audiences and communicating results and recommendations to upper management and clients. Instructor: Hakan AksungarHakan Aksungar
Aksungar started his career as a software development expert in the field of Information Technologies in 1984 and completed his institutional experience as a Program Manager in the finance sector in 2007. In the meantime, he has assumed managerial responsibility in a wide range of projects. Then, as a self-employed consultant in the field of Information Technologies, he continued his services by sharing his knowledge and experiences in different sectors and companies. In 2010, as a founding partner, Fonksiyon Information Technologies Consulting and Training Ltd. Sti. under the umbrella of Chief Executive Officer and continuing his training and consulting activities. Fonksiyon360, Training, Consultancy and Coaching Services. |
3 |