The coursework required for the Master of Professional Studies in Cybersecurity Risk Management includes two core courses, Ethics in Cybersecurity and Capstone, as well as foundation and elective coursework. Below represents a sample of course offerings. Format and content may change.
Core Courses (6 credits)
The first core course, Ethics in Cybersecurity, is taken at the beginning of the student’s studies, and the second, Capstone, is taken during the student’s final term. Course descriptions for both core courses are below.
Ethics in Cybersecurity
In the first part of this course, students are introduced to methodologies, principles, values, and frameworks to facilitate the study of ethics. In the second part of the course, students study discipline- and field-specific codes of ethics within the profession. The course explores the ethical responsibilities all cybersecurity professionals have towards themselves, corporations, the government, and the public. Students contrast the roles and responsibilities of security professionals with those of other information technology professionals. In the third part of the course, students apply an appropriate decision-making framework and gain experience navigating ethical issues in decision-making. Course discussions center on issues involving privacy, confidentiality, and sensitive information. During the final project, students codify an individual code of ethics in relation to professional codes of conduct.
This course provides an opportunity for students to apply what they have learned in the program by producing a substantial individual piece of work under the tutelage of an industry advisor and program faculty. Projects are aligned with students’ chosen areas of interest. Students have the opportunity to present their work to industry professionals for review and feedback. Each student receives assistance in devising a strategy to support the topic of interest, consistent with the course goals, by semester’s end. Classroom assignments and lectures also focus on preparing students for successful cybersecurity careers after they graduate from the program.
Foundation Courses (21 credits)
This course provides theoretical and applied foundations of information security and assurance. Students study various types of cyber-crime and vulnerabilities of government computer systems and information networks. Students learn about strategies for the protection of information and computer systems and how to mitigate and respond to breaches of those systems.
Cybersecurity Governance Frameworks
This course prepares students to develop governance frameworks for information security management. Students learn how to develop holistic and integrated frameworks that include: (1) strategic planning; (2) security architecture policy and standards; (3) cultural and organizational awareness, training, and change management principles; (4) security operations; and (5) compliance and audit support elements. Students will study existing frameworks that are recognized as best practice in the public and private sectors (federal government, critical infrastructure, ISO 27000 for commercial, etc.).
Information Assurance and Risk Management
This course provides an overview of enterprise security, privacy and information security assessment and management, and cybersecurity. This course concentrates on tangible and intangible costs and examines concepts of information assurance and security risk assessment. Students learn how to assess information security risks and develop solutions. Students also learn traditional risk treatment options (accept, avoid, remediate/reduce, transfer) and apply them to IA/cyber risk management. Topics covered include social engineering, risk assessment, recovery and response, enterprise security, and formal techniques and policies.
Security Architecture and Design
This course introduces students to fundamental logical hardware, operating system, and software security components, and how to use those components to design, architect, and evaluate secure computer systems. Understanding these fundamental issues is critical to effective information security management. The course is divided into three sections. The first section covers the hardware and software required to have a secure computer system. The second section covers the logical models required to keep the system secure. The third section covers evaluation models that quantify system security.
Information Security Laws and Regulatory Compliance
This course introduces students to privacy laws, regulations, and industry guidelines with significant security and privacy impact and requirements. The course primarily examines laws and regulations from the United States, but it also includes some coverage of international laws. The course is divided into four sections. First, students are exposed to broadly-applicable laws and regulations that address information security. Second, students receive an introduction to industry-specific guidelines and requirements. Third, students examine key state laws and regulations that impact information security management. Finally, students scrutinize other countries’ laws and regulations related to information security and privacy, and international standards such as ISO 27001 and 27032.
Communication Strategy for Information Security Professionals
This course addresses several leadership considerations, including how to navigate culture and style practices within organizations. Students learn how to deploy continual reinforcement in their communications strategy, especially when addressing the issues of risk and change. The course examines multiple communication approaches as well as tools and techniques that are appropriate for different audiences. Finally, students learn how to plan and implement a workforce cybersecurity awareness communications campaign.
Disruptive Technology and Organizational Change
This course explores the impact of disruptive technological innovation on organizations and their ability to adapt to change. More precisely, students learn how to detect and anticipate disruptive technologies and their potential impact on organizational culture, processes, and strategies. The course places an emphasis on understanding organizational values, processes, resources, and migration capabilities. Upon completion of the course, students will be able to identify and apply sustainable solutions to accommodate disruptive innovations and capabilities to cope with organizational and industry changes.
Elective Courses (6 credits)
Students must complete two courses (six credits) of electives.
Computer Emergency Response and Resilience
This course teaches students the fundamental skills needed to handle and respond to computer security incidents in an information system. This course introduces various underlying principles and techniques for detecting and responding to current and emerging computer security threats. Students learn how to manage a variety of types of incidents, and various laws and policies related to incident response are also covered. The course covers three main types of incidents: data breaches, advanced malware, and targeted attacks. Students learn how to plan for, respond to, and report these incidents.
Mobile Device and Application Security Strategy
This course prepares students to develop a mobile device security strategy by identifying the mobile threat models and creating mobile security policies that establish device enrollment procedures, define permissions on usage and control, enhance connectivity control, and specify acceptable use of mobile devices in a working environment. Students also learn how to evaluate mobile device vulnerabilities, establish mobile device management processes, and design procedures to protect specific technology such as iPhone, iPad, and Android devices (such as secure access solutions and credential safeguards). Finally, students learn how to implement mobile application security measures through the application development process.
Cloud Computing and Virtual Data Centers
This course explores the emergence of cloud computing and virtual data centers in information technology. This course provides an introduction to the following topics: cloud computing, virtualization, legacy hardware and software considerations, approaches to transitioning information technology from legacy systems to a shared managed service model, and various cloud computing models (including private, public, hybrid, and community clouds). Management of cloud computing providers using automated tools and service level agreements will be discussed, along with security and privacy considerations. Students learn how to effectively plan, implement, and manage cloud computing in virtual data centers and complete introductory coursework in VMware virtualization software.