M.S. in Cybersecurity Program Information

This course covers the fundamentals of security in the enterprise environment. Included are coverage of risks and vulnerabilities, threat modeling, policy formation, controls and protection methods, encryption and authentication technologies, network security, cryptography, personnel and physical security issues, as well as ethical and legal issues. This foundational course serves as an introduction to many of the subsequent topics discussed in depth in later security courses.

Today, software is at the heart of nearly every business from finance to manufacturing. Software pervades everyday life in expected places like phones and computers but also in places that you may not consider such as toasters, thermostats, automobiles, and even light bulbs. Security flaws in software can have impacts ranging from inconvenient to damaging and even catastrophic when it involves life-critical systems. How can software be designed and built to minimize the presence of flaws or mitigate their impacts' This course focuses on software development processes that identify, model, and mitigate threats to all kinds of software. Topics include threat modeling frameworks, attack trees, attack libraries, defensive tactics, secure software development lifecycle, web, cloud, and human factors.

When audits, technology, or compliance become the driver for security initiatives the resulting program is strategically fragmented, reactive, and rigid. Moreover, there are few, if any, assurances that the biggest threats are being addressed. On the other hand, risk assessment places values on assets, evaluates the current controls, and provides data to improve the protection in a controlled, proactive, and flexible manner. This course teaches an approach to security that combines operational security, risk assessment, test and review and mitigation such that value can be demonstrated. A project-based approach to risk assessment is followed including, project definition and preparation, data gathering, technical information, physical data gathering, analysis, mitigation, recommendations, and reporting.

The cryptographic primitives of enciphering/deciphering and hashing are the two main methods of preserving confidentiality and integrity of data at rest and in transit. As such, the study of cryptographic techniques is of primary interest to security practitioners. This course will cover the important principles in historical and modern cryptography including the underlying information theory, mathematics, and randomness. Important technologies such as stream and block ciphers, symmetric and asymmetric cryptography, public key infrastructure, and key exchange will be explored. Finally, hashing and message authentication codes will examined as a way of preserving data integrity.

Networks connecting disparate devices, services, and users have been among the most ubiquitous technologies that have led to the spectacular economic and technical success of the Internet. Today, networks seem to disappear, only to receive attention when they fail or are breached by attackers. While firewalls and virtual private networks are mainstays of network security, a strategy built on these alone is insufficient. This course covers a more comprehensive and systematic approach to network security including monitoring, incident response, forensics, virtualization and cloud, secure protocols, cryptography, and web services

The prevalence of data breaches, identity theft, and the dark net today makes the study of digital cybercrime, ethics, and compliance highly relevant to information security. Laws related to intellectual property, privacy, and criminal and civil proceedings will be discussed. Ethical behavior and frameworks for navigating between customer and business concerns in the workplace are also emphasized.

When most people think of information security the images that come to mind are those of hackers: secretive people who, for political or profit motives, illegally break into computer systems to steal data or cause mayhem. While that kind of criminal element does exist, ethical hackers provide a needed service to organizations seeking to test and refine their security plans and technologies. This course takes an in-depth approach to ethical hacking including reconnaissance, scanning, vulnerability analysis, exploitation, and reporting. Students will employ current tools and methods in a hands-on approach that also prepares them for the Certified Ethical Hacker (CEH) exam.

As organizations have fallen victim to the proliferation of cyberattacks in recent years, many have responded reactively, thereby developing a posture that "wins the previous war." However, regulations and laws are now necessitating a more proactive stance. Organizations that can develop an effective security strategy stand to gain as they balance business with security. This course is about leading organizations in developing an effective information security program via policies, frameworks, architecture, standards, organizational hierarchies, controls and metrics with the end goal being a proactive security posture tailored to the specific business needs.

This course, the final one in the program, challenges students to research a current topic of interest in information security and produce an original paper and presentation on the topic. Alternately, students may complete a capstone project in which they engage a real-world client for the purpose of security assessment, governance, audit, testing, risk analysis, or remediation. The course will also cover current and emerging issues in information security and privacy. Complete course in final term of program.