HOME INSTITUTIONAL INFORMATIONINFORMATION ON DEGREE PROGRAMMES Information Security TechnologyCERTIFICATE PROGRAMMESUSEFUL INFORMATION, RESOURCES & SERVICES FOR STUDENTSUSEFUL LINKS AND DOCUMENTSADITIONAL & SUPPORTING INFORMATION

SECTION I: GENERAL INFORMATION ABOUT THE COURSE

Course Code Course Name Year Semester Theoretical Practical Credit ECTS
50613METOZ-BGP0063 Security Incident Management 2 Fall 2 0 2 3
Course Type : Compulsory
Cycle: Associate      TQF-HE:5. Master`s Degree      QF-EHEA:Short Cycle      EQF-LLL:5. Master`s Degree
Language of Instruction: Turkish
Prerequisities and Co-requisities: N/A
Mode of Delivery: Face to face
Name of Coordinator: Instructor FATİH BİNGÜL
Dersin Öğretim Eleman(lar)ı:

Dersin Kategorisi: Programme Specific

SECTION II: INTRODUCTION TO THE COURSE

Course Objectives & Content

Course Objectives: Security Incident Management Course Description: The Security Incident Management course covers the processes of identifying, monitoring, analyzing, and responding to security incidents within information systems. This course teaches students the fundamentals of the incident management process, providing knowledge and skills on how to detect and manage security breaches. It also addresses topics such as incident reporting and evaluating outcomes. The course aims to equip students with practical experience through real-world scenarios and hands-on projects
Course Content: Logging, Log management, information security, event management, Server Active Directory setup, Event Log: Log Policy settings, Active Directory Event Log: Log Analysis, SIEM: Installation of applications, Data collection and analysis operations, Data models and graphics, Cyber Incident Response Processes (SOME), SGOM, Data analysis applications, Case studies

Course Learning Outcomes (CLOs)

Course Learning Outcomes (CLOs) are those describing the knowledge, skills and competencies that students are expected to achieve upon successful completion of the course. In this context, Course Learning Outcomes defined for this course unit are as follows:
Knowledge (Described as Theoritical and/or Factual Knowledge.)
  1) Learns the concept of log.
Skills (Describe as Cognitive and/or Practical Skills.)
  1) Gains the ability to store logs on remote systems.
  2) Can create alarm and reporting structures for critical logs.
  3) Gains the skill of using Splunk application.
Competences (Described as "Ability of the learner to apply knowledge and skills autonomously with responsibility", "Learning to learn"," Communication and social" and "Field specific" competences.)
  1) Learns the steps to follow in case of an unexpected cyber incident (cyber attack).

Weekly Course Schedule

Week Subject
Materials Sharing *
Related Preparation Further Study
1) Basic concepts of logging and log management Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
2) Basic concepts of logging and log management Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
3) Log management in terms of standards Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
4) Information security and incident management Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
5) Windows Server Active Directory installation Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
6) Event Log: Log policy settings Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
7) Active Directory Event Log: Log analysis Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
8) Midterm
9) SIEM: Installation of applications Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
10) Data collection and analysis operations Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
11) Data collection and analysis operations Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
12) Data models and graphics Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
13) Cyber incident response processes SOME, SGOM Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
14) Data analysis applications Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
15) Case studies Cenk Karaman, 2020; Log Kayıtları ve Analizi. Reading the related chapter and other resources to be obtained
16) Final Exam
*These fields provides students with course materials for their pre- and further study before and after the course delivered.

Recommended or Required Reading & Other Learning Resources/Tools

Course Notes / Textbooks: Cenk Karaman, 2020; Log Kayıtları ve Analizi

References: Erdal Özkaya, 2020; Siber Güvenlik: Saldırı ve Savunma Stratejileri, Buzdağı Yayınevi
Joseph Muniz, Gary McIntyre, Nadhem AlFardan, 2015; Security Operations Center: Building, Operating, and Maintaining your SOC, Cisco Press
Anton Chuvakin , Kevin Schmidt , Chris Phillips, Logging and Log Management, Elsevier Science
David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask, 2010; Security Information and Event Management (SIEM) Implementation, McGraw-Hill Osborne Media
Gregory Jarpey and R. Scott McCoy (Auth.), 2017; Security Operations Center Guidebook. A Practical Guide for a Successful SOC, Butterworth-Heinemann
Ric Messier, 2019; CEH v10 Certified Ethical Hacker Study Guide, Sybex
Evren Pazoğlu, 2019; M.Nezir Yücesoy, Siber Güvenlik Operasyonları Merkezi, Gazi Kitabevi

SECTION III: RELATIONSHIP BETWEEN COURSE UNIT AND COURSE LEARNING OUTCOMES (CLOs)

(The matrix below shows how the course learning outcomes (CLOs) associates with programme learning outcomes (both KPLOs & SPLOs) and, if exist, the level of quantitative contribution to them.)

Relationship Between CLOs & PLOs

(KPLOs and SPLOs are the abbreviations for Key & Sub- Programme Learning Outcomes, respectively. )
CLOs/PLOs KPLO 1 KPLO 2 KPLO 3 KPLO 4 KPLO 5
1 2 3 4 5 6 7 1 2 3 1 2 3 4 1 2 3 4 1 2 3 4 5 6 7 8 9
CLO1
CLO2
CLO3
CLO4
CLO5

Level of Contribution of the Course to PLOs

No Effect 1 Lowest 2 Low 3 Average 4 High 5 Highest
           
Programme Learning Outcomes Contribution Level (from 1 to 5)
1) Explains the basic, theoretical and practical information in the field of information security technology. 5
2) Know and analyze cyber assets in terms of information security. 5
3) Experience the cyber security risk management system. 5
4) Applies the theoretical knowledge learned in business life for a semester. 1
5) Acquires the competencies defined as the institutional outcomes of Beykoz University on the basic level, inline with the expectations of business world and the society. 2

SECTION IV: TEACHING-LEARNING & ASSESMENT-EVALUATION METHODS OF THE COURSE

Teaching & Learning Methods of the Course

(All teaching and learning methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)
Teaching and Learning Methods defined at the Programme Level
Teaching and Learning Methods Defined for the Course
Lectures
Discussion
Case Study
Problem Solving
Demonstration
Views
Laboratory
Reading
Homework
Project Preparation
Thesis Preparation
Peer Education
Seminar
Technical Visit
Course Conference
Brain Storming
Questions Answers
Individual and Group Work
Role Playing-Animation-Improvisation
Active Participation in Class

Assessment & Evaluation Methods of the Course

(All assessment and evaluation methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)
Aassessment and evaluation Methods defined at the Programme Level
Assessment and Evaluation Methods defined for the Course
Midterm
Presentation
Final Exam
Quiz
Report Evaluation
Homework Evaluation
Oral Exam
Thesis Defense
Jury Evaluation
Practice Exam
Evaluation of Implementation Training in the Workplace
Active Participation in Class
Participation in Discussions

Relationship Between CLOs & Teaching-Learning, Assesment-Evaluation Methods of the Course

(The matrix below shows the teaching-learning and assessment-evaluation methods designated for the course unit in relation to the course learning outcomes.)
LEARNING & TEACHING METHODS
COURSE LEARNING OUTCOMES
ASSESMENT & EVALUATION METHODS
CLO1 CLO2 CLO3 CLO4 CLO5
-Lectures -Midterm
-Discussion -Presentation
-Case Study -Final Exam
-Problem Solving -Quiz
-Demonstration -Report Evaluation
-Views -Homework Evaluation
-Laboratory -Oral Exam
-Reading -Thesis Defense
-Homework -Jury Evaluation
-Project Preparation -Practice Exam
-Thesis Preparation -Evaluation of Implementation Training in the Workplace
-Peer Education -Active Participation in Class
-Seminar - Participation in Discussions
-Technical Visit
-Course Conference
-Brain Storming
-Questions Answers
-Individual and Group Work
-Role Playing-Animation-Improvisation
-Active Participation in Class

Contribution of Assesment & Evalution Activities to Final Grade of the Course

Measurement and Evaluation Methods # of practice per semester Level of Contribution
Quizzes 2 % 20.00
Midterms 1 % 30.00
Semester Final Exam 1 % 50.00
Total % 100
PERCENTAGE OF SEMESTER WORK % 50
PERCENTAGE OF FINAL WORK % 50
Total % 100

SECTION V: WORKLOAD & ECTS CREDITS ALLOCATED FOR THE COURSE

WORKLOAD OF TEACHING & LEARNING ACTIVITIES
Teaching & Learning Activities # of Activities per semester Duration (hour) Total Workload
Course 14 2 28
Laboratory 0 0 0
Application 0 0 0
Special Course Internship (Work Placement) 0 0 0
Field Work 0 0 0
Study Hours Out of Class 0 0 0
Presentations / Seminar 0 0 0
Project 0 0 0
Homework Assignments 1 5 5
Total Workload of Teaching & Learning Activities - - 33
WORKLOAD OF ASSESMENT & EVALUATION ACTIVITIES
Assesment & Evaluation Activities # of Activities per semester Duration (hour) Total Workload
Quizzes 2 10 20
Midterms 1 10 10
Semester Final Exam 1 10 10
Total Workload of Assesment & Evaluation Activities - - 40
TOTAL WORKLOAD (Teaching & Learning + Assesment & Evaluation Activities) 73
ECTS CREDITS OF THE COURSE (Total Workload/25.5 h) 3