Course Content

Basics of scientific and engineering ethics. Responsible and ethical conduct of research, evaluation and testing in cybersecurity. Ethical considerations in publication. Protection of personal privacy, and responsible data management.

Course Content

This course will cover fundamentals of cyber systems and information security. The course provides a strong foundation in cyber systems and information security. The focus of the course is security and risk management, asset security, identity and access management, security assessment and testing, cryptography, penetration testing, mobile security, social engineering, legal and ethical issues.

Course Content

This course will cover fundamentals of network security. The course provides a strong foundation in network security. The following topics are covered: encryption techniques, key management and authentication, hashing, public key cryptography, web security, TCP/IP, DDoS attacks, DNS security.

Course Content

Introduction to penetration testing. Penetration testing planning; determining scope and rules of engagement documentation. Penetration testing tools: setting up virtual up and toolset. Reconnaissance phase: open source intelligence, information gathering, correlation, verification, and priorization. Scanning phase: enumeration, port scanning, and vulnerability analysis. Exploitation phase: manual exploitation, password cracking and Metasploit framework. Post-exploitation phase: Data gathering, network analysis, maintaining access, pivoting. Reporting phase: penetration test report structure and components. Bypassing security controls and avoiding detection.

Course Content

State, in sequential order and without resorting to structured sentences,the main topics, issues, concerns etc. covered in the course, separate individual items with a semi-colon or a full stop; only proper names and words beginning after a full stop should be capitalized.
Introduction to web application security: web application insecurity, core defense mechanisms, web application technologies. Mapping the application and bypassing client-side controls. Attacking authentication. Attacking session management and access controls. Attacking data stores: SQL, NoSQL, XPATH and LDAP injection. Attacking back-end components: OS command, XML, HTTP and SMTP injection. Attacking application logic. Attacking users: cross-site scripting and other techniques.Automating customized attacks and exploiting information disclosure. Attacking application architecture and application server. Web application security testing tools: setting up virtual lab and toolset. Live web application security assessment.

Course Content

In todays high technology environment, organizations of all kinds rely on information systems to perform most of their business processes. The protection of the information assets underpins the commercial viability of all enterprises and the effectiveness of public sector organizations. Ensuring the secure operation of the business critical IT processes, therefore, gets more important from day to day and enterprises feel obliged to put information security higher on the board agenda as part of the enterprise governance rather than leaving it solely to technical people as in the past. The course covers the principles of applied information security management and is suitable for those who are looking for an in-depth understanding of security management in medium to large organizations. The course comprises the following topics: governance and security policy, threat and vulnerability management, incident management, risk management, information leakege, crisis management and business continuity, legal and compliance, security awareness and security implementation considerations. The topics are mostly based on ISO 27000 standards. The areas to be covered generally are: ISO 27000 series and the Plan Do Check Act model, assessment of threats and vulnerabilities, incident response, forensics and investigations, risk assessment and risk management, frameworks, dealing with classified sensitive data, contingency planning, legal and regulatory drivers and issues, certification, common criteria, security awareness, education and training, and practical considerations when implementing the frameworks to address current and future threats.Students will be introduced to the complexity of real security issues facing todays networked organizations. Through the assignments and case studies on information security management, this course will present best practices and standards, and will enable students to assess and plan for security risks and also develop and maintain security

Course Content

Historical introduction to cryptography. Block ciphers: Descriptions of internationally standardized ciphers. Modes of Operation. Block cipher cryptaanalysis. Cryptographic Hash Functions. Password cracking. Stream Ciphers. Public-key cryptography: Discrete logarithm and factorization problems. Descriptions of Diffle-Hellman key exchange, RSA, DSA algorithms. TLS/SSL protocol.

Course Content

Time complexity. Random variables. Cryptanalysis of historical ciphers. Frequency analysis. Differential cryptanalysis and its variants. Success probability and data complexity estimations. Linear cryptanalysis and its variants. Birthday paradox. Password cracking. Attacks on discrete logarithm and factorization problems.

Course Content

State,in sequential order and without resorting to structured sentences, the main topics, issues, concerns etc. covered in the course, separate individual items with a semi-colon or a full stop; only proper names and words beginning after a full stop should be capitalized.
Introduction to Digital Forensics, Forensic Procedures, Incident Response Management, Seizing Digital Evidence, Forensic Investigation, Forensic Equipment, Disk Duplicators, Write Blockers, Forensic Software, Network Traffic Capturing, Chain of Custody, Computer Forensics, Mobile Forensics, Network Forensics, Forensic Analysis.

Course Content

Introduction to operating systems, Process and thread, Concurrency, Memory management, File management, Security kernel, Linux security, Windows security, OS-X security, Verifiable security goals, Common criteria.

Course Content

Introduction to cloud computing, Virtualization, Multi-tenancy, Scalability, On-demand access, Elasticity, Cloud stack, Service models, Deployment models, Software-as-a-Service, Platform-as-a- service, Infrastructure-as-a-service, Security-as-a-Service, Cloud security challenges, Encryption, Data security, Identity and Access Management.

Course Content

Lightweight block ciphers. Lightweight hash functions. Lightweight message authentication codes. Lightweight stream ciphers. Lightweight cryptography standards. Lightweight devices and performance metrics. Cryptanalysis of lightweight designs. Side-channel analysis. Internet of things.

Course Content

This course aims at introducing the students theoretical frameworks and applications of various aspectsof human factors within the context of cyber physical systems. The topics involve but are not limited to the concept of cyber-physical systems, its fundamentals, security, privacy, domain-specific solutions for security and privacy in cyber-physical systems; human in the loop in cyber-physical systems and its applications, cyberpsychology and its applications, cyberemotions, cyberdeception, aspects of human factors in cyber security, in particular social engineering, situational awareness, human augmentation and research methods in cyber security.

Course Content

Learn how to analyze malware, including computer viruses, trojans and rootkits using disassemblers, debuggers, static and dynamic analysis, using disassemblers, binary analysis debuggers and other tools.

Course Content

The concept of cybersecurity is critical in terms of national security, and as such has implications in both domestic and international law. Cybercrime poses a threat to cybersecurity, and has been made punishable by domestic and comparative law alike. Accordingly, the starting point of the course shall be to cover what constitutes cybercrime under the Turkish Criminal Code No. 5237. Secondly, we shall look at criminal activities defined under various laws, such as the Intellectual Property Act No.5846 and the Electronic Signature Act No. 5070. We shall elaborate on the legal aspect of cybercrime mitigation within the context of Turkish domestic law, and shall focus on the application process leading to legal internet access restriction. We shall go over the procedures of investigation and prosecution in light of related legislation. Finally, we will look at the legal process starting with the acquisition of digital evidence from the crime scene leading up to it being used to prove the existence of criminal elements at a court law, under the provisions of the Turkish Criminal Procedure Act No. 5271. The course aims to provide students who are expected to work in the field of cybersecurity with the necessary legal background by covering judicial decisions and various case studies.

Course Content

This course introduces the cryptographic foundations of blockchain and cryptocurrency technologies that are used for the security, integrity, and anonymity: digital signatures, cryptographic hash functions, multi signatures, and zero-knowledge protocols. Cryptocurrency mining algorithms and their security will be analyzed with an emphasis on popular cryptocurrencies. Consensus models, smart contracts, non-fungible tokens (NFTs), and emerging topics will be presented.

Course Content

This course teaches the fundamentals of embedded security with real-life implementations. In the first half of the course, students learn how to efficiently implement cryptography on embedded devices, using a microcontroller or an FPGA depending on the student s background. This first half includes security module implementations, which is solved during the lab time. In the second half of the course, threats against and techniques to attack embedded systems (e.g., side-channel analysis) are presented. The implementations from the first half part one are practically attacked with the introduced methods. At the end of the course, countermeasures against the types of attacks introduced in the second half will be briefly discussed and demonstrated. During the course, students will learn to use oscilloscopes and other tools used for security analyses.

Course Content

Secure software development considers security as part of the development process and aims to achieve more secure software systems. This course introduces the state-of-art and industrys best practices for security requirements engineering, security analysis and modeling, security patterns and testing as integrated into the software development life cycle models.

Course Content

Objective of the course is to teach essential methods, tools, standards and principles of cyber security and cyber warfare, cyber defense and offense capabilities, policies of leading countries, fundamental tenets and aspects of cyber defense and offense.

Course topics include basic principles of cyber war, cyber capabilities and strategies of prominent countries, legislative dimension of cyber war, means and methods of cyber attacks, significant cyber attack incidents, methods of cyber defense, cyber security standards, critical controls for cyber security, cyber intelligence and espionage, cyber terrorism, cyber deterrence, reaction to cyber attacks, cyber security exercises, cyber security roles, responsibilities and actions at national level.

Course Content

This course will provide students a legal approach about information privacy, communication privacy and individual privacy. Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy. In addition, students will be provided with a basic knowledge about contracts and Intellecual Property issues for cybersecurity experts.

Course Content

This course aims to familiarize the cyber security and information systems students with data mining techniques and machine learning methods, with hands-on demonstrations on different cyber security use cases. The course will be conducted by first discussing the related concepts in theoretical formal lectures then applying sample codes in practical laboratory sessions.



In the formal lectures, the concepts of artificial intelligence and data mining, such as data splitting & standardization, decision trees, linear & logistic regression, perceptron, support vector machines, naïve bayes, k-nearest neighbors, k-means, neural networks, self-organizing maps will be analyzed.



During the hands-on lab sessions, the discussed concepts & algorithms will be utilized in Python for different cyber security use cases. Several different Python libraries, code editing tools, and different datasets about phishing, virus signatures and network logs will be used. Using these datasets and discussed algorithms, sample tasks such as classification of anomalies, filtering spams, detecting malwares will be presented. The functions and methods in the employed libraries will also be discussed in the lab sessions.

Course Content

The course will review research and applications on applied topics in cybersecurity, for the purpose of teaching methodologies for a systematic analysis of cyber security incidences in multiple domains, including methods for statistical analysis, the analysis of common cyber security attacks, malware analysis, and network packet analysis. The lectures in the course will introduce basic statistical methods, classical machine learning methods, deep learning methods, as well as the task analysis methods and Natural Language Processing (NLP) methods, together with their implementations.

Course Content

M.S. students working on a common area choose a research topic to study and present to a group under the guidance of a faculty member.

Course Content

This course is designed to provide students with a chance to prepare and present a professional seminar on subjects of their own chocie.

Course Content

Course Content

An introduction to the basic subjects underlying cybersecurity. Applied statistics, basic research methodology, ethics, IT governance, systems thinking, data mining, basics of cryptography, public-key cryptography.

Course Content

Program of research leading to M.S. degree arranged between student and faculty member. Students register to this course in all semesters starting from the beginning of their second semester while the research program or white-up thesis is in progress (F&S).