The coursework required for the Graduate Certificate in Cybersecurity Risk Management includes four courses, selected from the following:
Ethics in Cybersecurity
In the first part of this course, students are introduced to methodologies, principles, values, and frameworks to facilitate the study of ethics. In the second part of the course, students study discipline- and field-specific codes of ethics within the profession. The course explores the ethical responsibilities all cybersecurity professionals have towards themselves, corporations, the government, and the public. Students contrast the roles and responsibilities of security professionals with those of other information technology professionals. In the third part of the course, students apply an appropriate decision-making framework and gain experience navigating ethical issues in decision-making. Course discussions center on issues involving privacy, confidentiality, and sensitive information. During the final project, students codify an individual code of ethics in relation to professional codes of conduct.
This course provides theoretical and applied foundations of information security and assurance. Students study various types of cyber-crime and vulnerabilities of government computer systems and information networks. Students learn about strategies for the protection of information and computer systems and how to mitigate and respond to breaches of those systems.
Cybersecurity Governance Frameworks
This course prepares students to develop governance frameworks for information security management. Students learn how to develop holistic and integrated frameworks that include: (1) strategic planning; (2) security architecture policy and standards; (3) cultural and organizational awareness, training, and change management principles; (4) security operations; and (5) compliance and audit support elements. Students will study existing frameworks that are recognized as best practice in the public and private sectors (federal government, critical infrastructure, ISO 27000 for commercial, etc.).
Information Assurance and Risk Management
This course provides an overview of enterprise security, privacy and information security assessment and management, and cybersecurity. This course concentrates on tangible and intangible costs and examines concepts of information assurance and security risk assessment. Students learn how to assess information security risks and develop solutions. Students also learn traditional risk treatment options (accept, avoid, remediate/reduce, transfer) and apply them to IA/cyber risk management. Topics covered include social engineering, risk assessment, recovery and response, enterprise security, and formal techniques and policies.
Security Architecture and Design
This course introduces students to fundamental logical hardware, operating system, and software security components, and how to use those components to design, architect, and evaluate secure computer systems. Understanding these fundamental issues is critical to effective information security management. The course is divided into three sections. The first section covers the hardware and software required to have a secure computer system. The second section covers the logical models required to keep the system secure. The third section covers evaluation models that quantify system security.
Information Security Laws and Regulatory Compliance
This course introduces students to privacy laws, regulations, and industry guidelines with significant security and privacy impact and requirements. The course primarily examines laws and regulations from the United States, but it also includes some coverage of international laws. The course is divided into four sections. First, students are exposed to broadly-applicable laws and regulations that address information security. Second, students receive an introduction to industry-specific guidelines and requirements. Third, students examine key state laws and regulations that impact information security management. Finally, students scrutinize other countries’ laws and regulations related to information security and privacy, and international standards such as ISO 27001 and 27032.
Communication Strategy for Information Security Professionals
This course addresses several leadership considerations, including how to navigate culture and style practices within organizations. Students learn how to deploy continual reinforcement in their communications strategy, especially when addressing the issues of risk and change. The course examines multiple communication approaches as well as tools and techniques that are appropriate for different audiences. Finally, students learn how to plan and implement a workforce cybersecurity awareness communications campaign.
Disruptive Technology and Organizational Change
This course explores the impact of disruptive technological innovation on organizations and their ability to adapt to change. More precisely, students learn how to detect and anticipate disruptive technologies and their potential impact on organizational culture, processes, and strategies. The course places an emphasis on understanding organizational values, processes, resources, and migration capabilities. Upon completion of the course, students will be able to identify and apply sustainable solutions to accommodate disruptive innovations and capabilities to cope with organizational and industry changes.