Information Security Technology
Course Details

KTO KARATAY UNIVERSITY
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details

| Course Code | Course Name | Year | Period | Semester | T+A+L | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| 08131113 | Identity and Access Management | 2025 | Autumn | 3 | 2+2+0 | 5 | 5 |
| Course Type | Elective |
| Course Cycle | Associate (Short Cycle) (TQF-HE: Level 5 / QF-EHEA: Short Cycle / EQF-LLL: Level 5) |
| Course Language | Turkish |
| Methods and Techniques | - |
| Mode of Delivery | Face to Face |
| Prerequisites | - |
| Coordinator | - |
| Instructor(s) | Lect. Merve AKIN |
| Instructor Assistant(s) | - |
Course Instructor(s)
| Name and Surname | Room | E-Mail Address | Internal | Meeting Hours |
|---|---|---|---|---|
| Lect. Merve AKIN | C-129 | [email protected] | 7869 | Wednesday 14.00-16.00 |
Course Content
The course content focuses on the core components of Identity and Access Management (IAM). Key topics include Identity Lifecycle Management (user account provisioning and deprovisioning), Single Sign-On (SSO) mechanisms, and Multi-Factor Authentication (MFA) implementations. Furthermore, identity infrastructure technologies such as access control models (RBAC - Role-Based Access Control), Privileged Access Management (PAM), and directory services (Active Directory, LDAP) are examined in detail. The content is rounded out with the application of authorization policies and access auditing processes.
Objectives of the Course
The primary goal of the "Identity and Access Management (IAM)" course is to teach students the principles of managing digital identities and granting users the minimum access rights necessary for the resources they require, which is key to securing modern enterprise IT systems. This course aims to equip students with the skills to establish, manage, and audit the centralized authentication and authorization mechanisms needed to prevent security breaches and maintain regulatory compliance (such as KVKK/GDPR).
Contribution of the Course to Field Teaching
| Basic Vocational Courses | |
| Specialization / Field Courses | X |
| Support Courses | |
| Transferable Skills Courses | |
| Humanities, Communication and Management Skills Courses |
Relationships between Course Learning Outcomes and Program Outcomes
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Program Learning Outcomes | Level |
|---|---|---|
| P1 | He/she has basic, current and practical knowledge about his/her profession. | 5 |
| P4 | Uses professionally relevant information technologies (software, programs, animations, etc.) effectively. | 3 |
| P11 | Explains and applies data security and encryption methods. | 4 |
| P12 | Explains and applies techniques for network and internet security and protection against cyber threats. | 4 |
| P13 | Identifies and fixes security vulnerabilities in computer and software systems. | 3 |
Course Learning Outcomes
| Upon the successful completion of this course, students will be able to: | |||
|---|---|---|---|
| No | Learning Outcomes | Outcome Relationship | Measurement Method ** |
| O1 | Defines the fundamental concepts of information security. | P.1.1 | 1 |
| O2 | Defines the fundamental principles and purpose of data security. | P.11.1 | 1 |
| O3 | Explains the working principles of encryption algorithms. | P.11.2 | 1 |
| O4 | Comprehends the critical importance of encryption key management and protection in data security. | P.11.5 | 1 |
| O5 | Distinguishes current and common types of cyber threats and explains how these threats harm systems. | P.12.2 | 1 |
| O6 | Applies the basic protection techniques required for internet use and network access at individual and institutional levels. | P.12.5 | 1 |
| O7 | Explains common security vulnerabilities in software and systems, and the causes of these vulnerabilities. | P.13.1 | 1 |
| O8 | Researches, selects, and appropriately integrates the required information technologies. | P.4.5 | 1 |
| O9 | Proposes and applies appropriate patches or code fixes to remediate detected security vulnerabilities. | P.13.5 | 1 |
| ** Written Exam: 1, Oral Exam: 2, Homework: 3, Lab./Exam: 4, Seminar/Presentation: 5, Term Paper: 6, Application: 7 | |||
Weekly Detailed Course Contents
| Week | Topics |
|---|---|
| 1 | Introduction to IAM: Definition, Purpose, and Role in Enterprise Security |
| 2 | Core Components: Identity, Authentication, and Authorization |
| 3 | Authentication Methods: Password, Biometrics, One-Time Passwords (OTP) |
| 4 | Multi-Factor Authentication (MFA) and Adaptive/Conditional Access Mechanisms |
| 5 | Access Control Models: RBAC, DAC, and ABAC |
| 6 | Centralized Directory Services: Active Directory (AD) and LDAP (Lab Exercises) |
| 7 | Identity Lifecycle Management (ILM): Provisioning and De-Provisioning |
| 8 | Midterm Exam |
| 9 | Privileged Access Management (PAM): Concepts, Tools, and Securing Superuser Accounts |
| 10 | Single Sign-On (SSO) and Identity Federation Technologies |
| 11 | Federation Protocols: SAML, OAuth 2.0, and OpenID Connect (OIDC) |
| 12 | Cloud Identity Management: Azure AD / Microsoft Entra ID and AWS IAM Fundamentals |
| 13 | Enterprise Digital Rights Management (DRM) and Zero Trust Architecture |
| 14 | Access Auditing and Compliance: Logging, Reporting, and Regulatory Requirements (GDPR/KVKK) |
| 15 | Current Trends in IAM: Biometric Authentication and AI Applications |
| 16 | Final Exam |
Textbook or Material
| Resources | Mike Chapple, "Access Control and Identity Management" |
| Chris Dotson, "Practical Cloud Security" |
Evaluation Method and Passing Criteria
| In-Term Studies | Quantity | Percentage |
|---|---|---|
| Attendance | - | - |
| Laboratory | - | - |
| Practice | - | - |
| Field Study | - | - |
| Course Specific Internship (If Any) | - | - |
| Homework | - | - |
| Presentation | - | - |
| Projects | - | - |
| Seminar | - | - |
| Quiz | 2 | 20 (%) |
| Listening | - | - |
| Midterms | 1 | 35 (%) |
| Final Exam | 1 | 45 (%) |
| Total | 100 (%) | |
ECTS / Working Load Table
| Quantity | Duration | Total Work Load | |
|---|---|---|---|
| Course Week Number and Time | 16 | 4 | 64 |
| Out-of-Class Study Time (Pre-study, Library, Reinforcement) | 14 | 5 | 70 |
| Midterms | 1 | 6 | 6 |
| Quiz | 0 | 0 | 0 |
| Homework | 0 | 0 | 0 |
| Practice | 0 | 0 | 0 |
| Laboratory | 0 | 0 | 0 |
| Project | 0 | 0 | 0 |
| Workshop | 0 | 0 | 0 |
| Presentation/Seminar Preparation | 0 | 0 | 0 |
| Fieldwork | 0 | 0 | 0 |
| Final Exam | 1 | 10 | 10 |
| Other | 0 | 0 | 0 |
| Total Work Load: | 150 | ||
| Total Work Load / 30 | 5 | ||
| Course ECTS Credits: | 5 | ||
Course - Learning Outcomes Matrix
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Learning Outcomes | P1 | P4 | P11 | P12 | P13 |
|---|---|---|---|---|---|---|
| O1 | Defines the fundamental concepts of information security. | 5 | 3 | 4 | 3 | 3 |
| O2 | Researches, selects, and appropriately integrates the required information technologies. | 3 | 5 | 4 | 4 | 4 |
| O3 | Defines the fundamental principles and purpose of data security. | 5 | 3 | 4 | 4 | 3 |
| O4 | Explains the working principles of encryption algorithms. | 4 | 3 | 5 | 3 | 4 |
| O5 | Comprehends the critical importance of encryption key management and protection in data security. | 4 | 3 | 5 | 4 | 5 |
| O6 | Distinguishes current and common types of cyber threats and explains how these threats harm systems. | 4 | 4 | 3 | 5 | 4 |
| O7 | Applies the basic protection techniques required for internet use and network access at individual and institutional levels. | 3 | 4 | 4 | 4 | 5 |
| O8 | Explains common security vulnerabilities in software and systems, and the causes of these vulnerabilities. | 4 | 4 | 3 | 5 | 3 |
| O9 | Proposes and applies appropriate patches or code fixes to remediate detected security vulnerabilities. | 3 | 4 | 3 | 5 | 5 |
