YTE Home   /   KAMİS   /   Usability Principles   /   Information Security


Information Security

Privacy of Personal Information


When requesting identity and contact information from users, this information should not be shared with other individuals or institutions without the user's permission, and users should be informed about this.


The protection of personal information and its use for purposes other than intended is the responsibility of all institutions that collect and use this information. When designing websites, precautions should be taken with this in mind. If users are not guaranteed that their personal information is not shared or if they have doubts about it, they may refrain from using the site or avoid providing accurate and complete information.


  • When requesting users' personal information on websites, the purpose of collecting this information and where it will be used should be clearly specified.
  • Personal information should not be used for purposes other than intended, and if there is a possibility of using the information for different purposes, this information should be presented to users in a way that they can fully understand and read comfortably.
  • When user information is stored or used, user consent should be obtained, and users should also be provided with the opportunity to make preferences regarding the use of their information.
  • Ensure that entered information is filled out completely without errors.
  • If applications such as cookies, plugins, etc., used on websites perform operations such as data storage on users' computers or running other processes, this should also be shared with users. Users should be able to disable cookies or plugins on the website when they wish.
  • Excessive emphasis on the collection of personal data can create a negative perception, so it is necessary to provide information within tolerances and not repeatedly emphasize generally accepted principles.


  • ISO 9241-151 / – User control of personal information
  • ISO 9241-151 / – Storing information on the user’s machine

Useful Resources

Significance Level



In the sample website, the site's privacy policy details are provided, and users are thoroughly informed about the privacy of their personal information.
Credit Card Information


Websites should take measures to ensure user data security when users are required to make transactions with credit card information.


In some cases, users may need to make transactions with credit cards to benefit from certain services. In such cases, necessary precautions should be taken to protect credit card information against any adverse situations.


  • Explanations indicating that the site is secure for performing the relevant transaction should be clearly stated in a way that users can understand.
  • Encryption systems like 128-bit SSL and 256-bit SSL can be used to enhance website security. Support can be obtained from institutions that provide services in this regard (e.g., KamuSM, Globalsign, Godaddy, RapidSSL, Verisign, etc.) to have an SSL encryption system. To obtain an SSL certificate, an application can be made.
  • Information should be provided that credit card numbers are not stored in the system.
  • Credit card numbers should be grouped with commonly accepted segmentation.
  • If expiry dates are to be selected from the menu, the date ranges must be up to date.
  • The "3D Secure" application should be used for credit card transactions on websites.


  • ISO 9241-151 / – Providing a business policy statement

Useful Resources

Significance Level



In the sample website, the site's security certificate is shared on the user login screen.
Privacy Policies of Organizations


Corporate privacy policies and privacy agreements should be included on websites.


When information entered by users and transactions performed are stored, used, or shared, corporate privacy policies should be presented in a clear, understandable, and easily accessible manner. Components prepared by legal units can be quite extensive, and reading and comprehending them at once can be challenging. These documents should be segmented, made digestible, and organized in a manner that conforms to the terminology used by the user.


  • When users are asked to enter personal information, the purpose of requesting this information, how the information will be used, and whether the information will be shared should be disclosed, and, if applicable, it should be explained based on relevant laws, regulations, or standards.
  • When incorporating corporate privacy policies, consider the P3P (Platform for Privacy Preferences Project) standards established by the World Wide Web Consortium (W3C).
  • Instead of creating extensive privacy policy texts with checkboxes in the same section like "I have read and understood," a detailed text link with a brief description should be provided to facilitate both access and usage.
  • The text explaining the privacy policy should be written in a simple language that can be understood by site users, the font size should be readable, and line spacing should be reasonable.


  • ISO 9241-151 / – Providing privacy policy statements
  • ISO 9241-151 / – Providing a business policy statement

Useful Resources

Significance Level



In the sample website, the institution's privacy policy is shared with users, based on relevant legal regulations.

(SGE) Cyber Security Institute

The Cyber Security Institute, which was established to carry out studies to increase the national cyber security capacity, carries out research and development activities in the field of cyber security; carries out solutions-oriented projects for military institutions, public institutions and organizations and the private sector.

The main fields of activity of our institute, which has made a significant contribution to the creation of cyber security knowledge and tactical infrastructure in our country with many successful projects to date, are secure software development, penetration tests and vulnerability analysis.

6-yze card logo

(IZE) Artificial Intelligence Institute

Artificial Intelligence Institute is the first institute established within the scope of TUBITAK centers and institutes, which cuts the sectors and research fields horizontally and focuses directly on the emerging technology field. For this reason, it constitutes an innovative model in terms of both the open innovation and co-development approach of the institute and its focus on emerging technology.

Artificial Intelligence Institute aims to develop core technologies in the field of artificial intelligence and bring these innovations from the forefront of science to the use of the industry as soon as possible. Focusing on the transformative potential of artificial intelligence, it will continue to play its part in pioneering efforts to create and sustain artificial intelligence-based innovation, growth and productivity in Turkey. Working with industry and public institutions in Turkey, together with other organizations within the artificial intelligence ecosystem, spreading the use of artificial intelligence and increasing the workforce specialized in this field are among its primary goals.


Competence Centers

Discover institutes laboratories technologies products projects of BİLGEM.


TÜBİTAK BİLGEM builds its basic strategy for the future on qualified knowledge and qualified people focused on national targets in the research, technology development and innovation ecosystem.

Starting from the understanding that "the most important resource of a country is generally people, specifically scientists," TÜBİTAK encourages and supports our youth from an early age. In this context, providing young minds with early exposure to technology production is crucial for the success of our National Technology Move. Accordingly, TÜBİTAK BİLGEM offers internship opportunities to undergraduate students from universities every year.

You can follow internship announcements and submit your applications through the Career Gateway at

You can access frequently asked questions about internships at TÜBİTAK BİLGEM from here. 

Application Conditions
  • Students enrolled in undergraduate (2nd year and above) and associate degree programs in departments offering education in universities and conducting insurance procedures through the higher education institution to which they are affiliated can benefit from the internship opportunity.
  • For undergraduate and associate degree students, a minimum Weighted Grade Point Average (GPA) of 2.50 out of 4 is required. The GPA of candidates with a 100-point system is converted to a 4-point system based on the "Conversion Table of Grades from the 4-Point System to the 100-Point System" published by the Higher Education Council.
  • There is no requirement for a foreign language certificate during the internship application process.
  • Students enrolled in departments such as Forensic Computing Engineering, Computer Sciences, Computer Science and Engineering, Computer Engineering, Computer and Informatics, Computer and Software Engineering, Information Systems Engineering, Electrical and Electronics Engineering, Control Engineering, Control and Computer Engineering, Control and Automation Engineering, Mechanical Engineering, Mechatronics Engineering, Telecommunication Engineering, or Software Engineering in universities can apply for internships.

Internship applications are accepted between December and January, and the internship period covers June, July, and August.



Scholar assignments are made for research and development activities for undergraduate, master's, doctoral students, and post-doctoral researchers. In our center, scholars are appointed for practical purposes in externally funded, TARAL, or European Union projects.

You can contact us via the email address to apply to be a scholar.
Application Conditions

(1) The conditions for undergraduate scholars in externally funded projects conducted by the institution are specified below:

  •  Being a student continuing undergraduate education at higher education institutions established in Turkey (excluding foreign language preparatory students).
  • Having a weighted cumulative GPA for previous years, excluding preparatory years, based on the university's grading system, which satisfies the formula score and foreign language requirements in the recruitment criteria.
  • Completing at least the first semester of the first year of undergraduate education.
  • Having a GPA of "+3.00" and a University Placement Exam Ranking of "10,000 ≥" for undergraduate general average.
  • For foreign students placed in Turkish universities without taking the ÖSYM exam or for those who completed undergraduate education through exams such as Vertical Transfer Exam, the lowest university placement ranking of the department from the year the candidate started the undergraduate program is considered in the ranking formula.

(2) The conditions for master's degree scholars in externally funded projects conducted by the institution are specified below:

  • Being a student continuing master's degree education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a master's degree in the project's field of responsibility.

(3) The conditions for doctoral students in externally funded projects conducted by the institution are specified below:

  • Being a student continuing doctoral education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a doctorate in the project's field of responsibility or conducting a doctorate in areas determined within the framework of the YÖK-TÜBİTAK Doctoral Program Project Collaboration Protocol. (Students in medical specialization and artistic proficiency are accepted as doctoral students.)

Candidate Researcher

Students in the 3rd and 4th years of relevant engineering departments at universities can apply to our Part-Time Candidate Researcher positions through our Job Application System at By doing so, they can gain work experience at TÜBİTAK BİLGEM during their university years.

This program does not have an end date. Candidate Researcher personnel working part-time during their university period can seamlessly transition to full-time employment as Researcher personnel at TÜBİTAK BİLGEM without interrupting their career journey after graduating from the undergraduate program.

Application Conditions

Conditions for the Candidate Researcher Program:

  • Being a 3rd or 4th-year student in the relevant departments specified in the announcements at universities.
  • Foreign language proficiency: Achieving appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Satisfying the formula score:

Weighted Graduation Average + (10,000/University Placement Exam Ranking) + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.



By joining TÜBİTAK BİLGEM as a Researcher, you can contribute to developments in the fields of information technology, information security, and advanced electronics. You'll have the opportunity to make your mark on innovations, closely follow advancements, enhance your skills, and shape your future by advancing in your career.

You can apply to our currently open positions through the TÜBİTAK Job Application System .

Application Conditions

Conditions for Job Application:

  • Foreign language proficiency: Attaining appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Fulfilling specific requirements stated in the announcement (such as undergraduate department, years of experience, expertise, etc.).
  • Satisfying the formula score:

For Candidates with Less than 3 Years of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + Additional Score* >= 3.20


For Candidates with 3 Years and More of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + 5*[1 / (1 + e^(5 - years of experience) ) ] + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.


MILSEC 4 - Secure IP Terminal


While the MİLSEC-4 terminal offers an up-to-date solution for next-generation secure communication (voice, data and video) in IP networks, it provides an uninterrupted communication service by maintaining the compatibility of secure voice communication in PSTN networks with PSTN secure phones in use.

Configuration, surveillance and software update processes of MILSEC-4 terminals are carried out securely remotely using the Security Management Center (GYM). MİLSEC-4 terminal is capable of IP Network Key Loading (IPAAY) through secure communication with GYM without the need for an additional device.

MİLSEC-4 terminals are interoperable with MİLSEC-1A and MİLSEC-2 phones and offer the opportunity to replace MİLSEC-1A and MİLSEC-2 phones without interruption in the gradual transformation of PSTN networks to next generation IP networks.


  • End-to-end secure voice communication in PSTN networks
  • End-to-end secure voice, image and data transmission in IP networks
  • NATO SCIP compliance on IP networks
  • Compatibility with commercial SIP products
  • Interoperability with MILSEC1A and MILSEC2 secure phones
  • National and AES crypto algorithms
  • Remote software update
  • Easy operation with touch screen

It is subject to the sales license to be given by the Ministry of National Defense.