The Place of Information Security in Information Technologies Standards

Information security is an issue at the center of digitalization processes in organizations. With the increase in internet access on many devices in daily life, the precautions to be taken started to differ. According to TOBB data, last year, 55279 enterprises in our country were affected by cyber-attacks.

Compliance with international standards, which directly or indirectly affects information security, directly affects the cyber security competencies of institutions. In our webinar, IT Standards ISO 27001, COBIT, PDPL Technical Conditions,and ITIL, which cover each other in most areas but stand out with their divergent aspects, CMMI and PCI/DSS replace information security at our Webinar on May 10 at Kaspersky and Heraklet’ we will be talking to the participants.


How are Information Security Practices Made in Information Standards?

Gartner According to the 2021 report, institutions should build their infrastructure under 4 main headings in order to be competent in terms of cyber security, “Prediction, Prevention, Detection and Respond “Prediction, Prevention, Detection and Response“. As soon as the cyber intelligence reaches the institution, the operations should be done in the order in the predetermined plan. If an attack occurs, defense mechanisms should be made to prevent it. If the attacker somehow managed to infiltrate, the attacker should be identified.

There are many standards that determine competence in information technologies. The standards in the webinar; ISO 27001 on the quality side of information security, COBIT on information management and governance, PDPL for the protection of personal data, ITIL within the scope of service management, CMMI for software development maturity level, and PCI/DSS for payment systems. One of the common points of all these standards is “Information Security“.

kaspersky bilgi güvenliği ürünler ve standartlar

Personal Data Protection Law (PDPL) Technical Measures

There is a list of technical measures to be taken according to PDPL.
Companies need to review their IT infrastructures and train their personnel in this direction.
Otherwise, there is a risk of being subject to sanctions within the framework of the law.

Personal data processing inventory should be prepared in accordance with the “Regulation on the Deletion, Destruction or Anonymization of Personal Data” contained in the PDPL.

Law No. 5651 on Combating Cybercrime

The law enacted in 2007 by the Republic of Turkey to regulate broadcasts on the Internet and combat crimes committed through these publications. Within the scope of difficulties, technical measures must be implemented in every corporate structure with internet access by law.

ISO 27001 Information Security Standard

ISO 27001 Information Security Standard aims to make institutions competent in many subjects in order to become competent in information security.

Performing Penetration Tests at the Risk Analysis stage for the Information Security Management System is indispensable to analyzing the risks in the existing system infrastructure.

Access Security restrictions should be placed so that users can only access the authorized data and software. In-house internet usage authorization should be made, and the access logs of the employees on the internet should be kept for at least three years as specified in law no. 5651.

PCI/DSS (Payment Card Industry Data Security Standard)

PCI/DSS (Payment Card Industry Data Security Standard); Data security standard aimed at minimizing the security risks that may arise in the online use of card payment systems developed by Mastercard, Visa, American Express, Discover, JCB.

ITIL - Information Technology Infrastructure Library

A service management system consisting of 5 stages, which is constantly updated by the United Kingdom Government for service management, which aims to include IT departments for businesses from being an expense item, and to include them in the service process.< /p>

ITIL is used around the world by companies that manage large-scale operations, such as NASA, Sony, Bank of America, Walmart, Visa, and Microsoft.

COBIT - Control Objectives for Information and Related Technology

COBIT 5 can be easily implemented in all organizations, regardless of the size of the organization and the sector in which it is applied. It would be right to say that COBIT 5 is directly related to information management.

Information Security is included in the DS5 control target within the COBIT standard. The COBIT DS5 Ensuring System Security control objective aims to provide full protection at all stages, including the enterprise’s processing, use, and transport of information. DS5, which is one of the 35 items of COBIT, is divided into ten items.

CMMI - Capability Maturity Model Integration

Monitoring CMMI-based software processes is envisaged by the public and many financial institutions. The Undersecretariat for Defense Industries has requested CMMI level 3 certification from companies as a prerequisite for all software tenders since 2007. There is a great need for training and consultancy in the adaptation of software processes to the CMMI model in both the public and private sectors

Quality and Comfortable Working Environment


  • 300 m2 Gym

    It is known that office workers cause neck pain, low back pain, and knee pain due to excessive inactivity and cause weight gain that disrupts the body mass-height index. Heraklet employees receive a free lunch when they exercise for 90 minutes weekly.

  • Open Office

    You can work in any part of the office, on a pear, or an L armchair. We know the effects of sitting work on the body, and we offer a healthy work area to our employees.

  • Terrace with Sea View

    On the 16th floor of our office building, you will encounter the unique view of the Marmara Sea. You can enjoy the sunset in the vast comfort of the sea and sip your coffee with pleasure.

  • Project Development in Different Fields

    Heraklet employees, operating systems, web & offers the opportunity to be involved in projects in mobile applications, embedded software, and computer networks, according to their abilities. Young professionals, at the beginning of their careers, can gain different experiences.

  • Starbucks Coffee

    Within 20 meters of the company building, you can distract your colleagues at Starbucks Coffee and order an extra creamy caramel machiato from the baristas. You can shop as you wish and relieve your work stress at the Airport AVM, which is 50 meters away.

  • Long Term Internship Opportunity

    Many of our friends, who took part in internship programs in the past, continue to create value at Heraklet, first as long-term interns and then as engineers and technicians. Heraklet provides long-term internship opportunities to its interns for up to 6 months.




• Taking part in the 3rd or 4th year of the 4-year programs of the universities.


• Computer Engineering, Information Systems, Software Engineering, Forensic Engineering

• Application of technical skills outside of the classroom (examples: laboratory, research, extracurricular project teams, volunteering, personal projects, or previous internship/work experience)

• Strong social skills (examples: leading a student organization or working successfully in teams)


April 9 – May 9 Application Process

May 10 – Internship Exam

May 11 – May 20 Candidate Announcement

May 20 – June 15 Candidate Preparation Program

June 15 – August 15 Summer Internship

August 16 – October 16 Fall Term Internship

Internship Registration Form

    Do you take part in the following Student Clubs? IEEEAIESECComputer EngineeringRobotics ClubModel Satellite ClubCyber Security Club