ENERGY SYSTEMS ENGINEERING
Bachelor	TR-NQF-HE: Level 6	QF-EHEA: First Cycle	EQF-LLL: Level 6

Course Introduction and Application Information

Course Code	Course Name	Semester	Theoretical	Practical	Credit	ECTS
COP4456	BGA- Information Security	Spring	3	0	3	6

This catalog is for information purposes. Course status is determined by the relevant department at the beginning of semester.

Basic information

Language of instruction:	English
Type of course:	Non-Departmental Elective
Course Level:	Bachelor’s Degree (First Cycle)
Mode of Delivery:	Face to face
Course Coordinator :	Dr. Öğr. Üyesi GÖRKEM KAR
Course Objectives:	This course is designed to teach students how to engage all functional levels within the enterprise to deliver information system security. To this end, the course addresses a range of topics, each of which is vital to securing the modern enterprise. These topics include inter alia plans and policies, enterprise roles, security metrics, risk management, standards and regulations, physical security, and business continuity. Each piece of the puzzle must be in place for the enterprise to achieve its security goals; adversaries will invariably find and exploit weak links.

Learning Outcomes

The students who have succeeded in this course;
1) Assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures
2) Critique and assess the strengths and weaknesses of general cybersecurity models, including the CIA triad
3) Appraise the interrelationships among elements that comprise a modern security system, including hardware, software, policies, and people
4) Assess how all domains of security interact to achieve effective system-wide security at the enterprise level.
5) Compare the interrelationships among security roles and responsibilities in a modern information-driven enterprise—to include interrelationships across security domains (IT, physical, classification, personnel, and so on)
6) Assess the role of strategy and policy in determining the success of information security;
7) Estimate the possible consequences of misaligning enterprise strategy, security policy, and security plans,
8) Assess the role of good metrics and key performance indicators (KPIs) in security assessment and governance,
9) Create a good set of information security metrics
10) Evaluate the trends and patterns that will determine the future state of cybersecurity.

Course Content

The Security Environment ,Principles of Cybersecurity,Cybersecurity Management Concepts, Cybersecurity Management Concepts, Enterprise Roles and Structures, Strategy and Strategic Planning, Security Plans and Policies, Security Standards and Controls, Risk Management, Security Metrics and Key Performance Indicators (KPIs), Security Education Awareness, Training, Physical Security and Environmental Events, Contingency Planning , Security Education, Training, and Awarenes, The future of cybersecurity

Weekly Detailed Course Contents

Week	Subject	Related Preparation
1)	The Security Environment Threats, vulnerabilities, and consequences Advanced persistent threats The state of security today Why security matters to TSE
2)	"Principles of Cybersecurity • Cybersecurity models (the CIA triad, the star model, the Parkerian hexad) • Variations on a theme: computer security, information security, and information assurance "
3)	"Cybersecurity Management Concepts: Security governance Management models, roles, and functions
4)	" Enterprise Roles and Structures: Information security roles and positions Alternative enterprise structures and interfaces
5)	" Strategy and Strategic Planning: • Strategy • Strategic planning and security strategy • The information security lifecycle • Architecting the enterprise "
6)	" Security Plans and Policies: • Levels of planning • Planning misalignment • The System Security Plan (SSP) • Policy development and implementation
7)	"Security Standards and Controls: • Security standards and controls • Certification and accreditation (C&A)
8)	" Risk Management : • Principles of risk • Types of risk • Risk strategies • The Risk Management Framework (RMF)
9)	" Security Metrics and Key Performance Indicators (KPIs) : • The challenge of security metrics • What makes a good metric • Approaches to security metrics • Metrics and FISMA "
10)	" Security Education Awareness, Training: • Human factors in security • Developing and implementing a security training plan • Cross-domain training (IT and other security domains)
11)	" Physical Security and Environmental Events : • Physical and environmental threats • Physical and environmental controls
12)	" Contingency Planning Developing a contingency plan • Understanding the different types of contingency plan • Responding to events "
13)	"Security Education, Training, and Awarenes • Human factors in security • Developing and implementing a security training plan • Cross-domain training (IT and other security domains)
14)	"The future of cybersecurity • Key future uncertainties • Possible future scenarios • How to apply what you’ve learned

Sources

Course Notes / Textbooks:	Information Security: Principles and Practice - Jon Erickson
References:

Evaluation System

Semester Requirements	Number of Activities	Level of Contribution
Quizzes	2	% 10
Homework Assignments	3	% 15
Project	1	% 15
Midterms	1	% 20
Final	1	% 40
Total		% 100
PERCENTAGE OF SEMESTER WORK		% 45
PERCENTAGE OF FINAL WORK		% 55
Total		% 100

ECTS / Workload Table

Activities	Number of Activities	Duration (Hours)	Workload
Course Hours	14	3	42
Study Hours Out of Class	14	3	42
Homework Assignments	3	7	21
Midterms	1	15	15
Final	1	25	25
Total Workload			145

Contribution of Learning Outcomes to Programme Outcomes

No Effect	1 Lowest	2 Low	3 Average	4 High	5 Highest

	Program Outcomes	Level of Contribution
1)	Build up a body of knowledge in mathematics, science and Energy Systems Engineering subjects; use theoretical and applied information in these areas to model and solve complex engineering problems.
2)	Ability to identify, formulate, and solve complex Energy Systems Engineering problems; select and apply proper modeling and analysis methods for this purpose.
3)	Ability to design complex Energy systems, processes, devices or products under realistic constraints and conditions, in such a way as to meet the desired result; apply modern design methods for this purpose.
4)	Ability to devise, select, and use modern techniques and tools needed for solving complex problems in Energy Systems Engineering practice; employ information technologies effectively.
5)	Ability to design and conduct numerical or pysical experiments, collect data, analyze and interpret results for investigating the complex problems specific to Energy Systems Engineering.
6)	Ability to cooperate efficiently in intra-disciplinary and multi-disciplinary teams; and show self-reliance when working on Energy Systems-related problems
7)	Ability to communicate effectively in English and Turkish (if he/she is a Turkish citizen), both orally and in writing. Write and understand reports, prepare design and production reports, deliver effective presentations, give and receive clear and understandable instructions.
8)	Recognize the need for life-long learning; show ability to access information, to follow developments in science and technology, and to continuously educate oneself.
9)	Develop an awareness of professional and ethical responsibility, and behave accordingly. Be informed about the standards used in Energy Systems Engineering applications.
10)	Learn about business life practices such as project management, risk management, and change management; develop an awareness of entrepreneurship, innovation, and sustainable development.
11)	Acquire knowledge about the effects of practices of Energys Systems Engineering on health, environment, security in universal and social scope, and the contemporary problems of Energys Systems engineering; is aware of the legal consequences of Energys Systems engineering solutions.