Courses

The MS in Cybersecurity Risk and Strategy program is a 30-credit one-year executive MS management degree incorporating both online courses and blended-learning modules.

Over a 12-month period, participants will attend three residential sessions consisting of five days per session. Between residential periods, students will study 10-15 hours per week in online and blended-learning formats. Semesters are divided into three phases: online introduction, in-class residency, and online implementation. Below, indicative courses are listed by semester:

Pre-
Program
Bootcamp

Coursework


Introduction
to US Law

Foundations of
Cybersecurity

Begins February 2018

MayJunJulAug

Semester 1

Cybersecurity Governance and Policy
Coursework


Information
Security and
Privacy

Information
Privacy Law

Cybersecurity
Law and
Technology

In-Class Residency
Jun. 18–22, 2018

SepOctNovDec

Semester 2

Cybersecurity
Risk
Management
Coursework


Network
Security

Cyber
Crime

Evolving
Regulatory
Landscape

In-Class Residency
Oct. 15–19, 2018

JanFebMarApr

Semester 3

Cybersecurity Leadership and Strategy
Coursework


Systems Security
Engineering and
Regulation

Innovation
Policy

National Security
Law and Policy

In-Class Residency
Mar. 18–22, 2019

Commencement & Capstone Presentation May 2019

 

Pre-Program: Introduction to Cybersecurity

Foundations of Cybersecurity

This class is designed to provide technical fundamentals to those program participants that do not have a technical background and will prepare students to take the technical courses offered during the credit-bearing portions of the degree.

Close

Introduction to US Law

The purpose of this course is to give students an overview of the US legal system, to prepare them to delve into the specific legal and regulatory regimes governing cybersecurity during the degree program. We explore the way U.S. law is created by analyzing statutory law, case law, contracts, and the activity of regulatory agencies. The course highlights the methods and background needed for success in the program.

Close
 

Semester I: Cybersecurity Governance and Policy

Information Security and Privacy

3 credits

This course introduces Information Systems Security and covers cryptography, capability and access control mechanisms, authentication models, security models, operating systems security, malicious code, security-policy formation and enforcement, vulnerability analysis, evaluating secure systems.

Close

Information Privacy Law

3 credits

Concerns about privacy – and the legal regulations that seek to address those concerns —
are increasingly prevalent in many aspects of social life. Privacy dilemmas are everywhere – in
the home, the workplace, the marketplace, and in political life. Increasingly, privacy must be on
the practicing lawyer’s standard menu of issues to spot. Privacy also frequently appears to be in
tension with other important social values, such as national security, freedom of speech, and
crime prevention. This course introduces and surveys the legal framework pertaining to
information privacy (primarily) in the United States, including constitutional, statutory and
common law, as it applies to various sectors of society. Topics include the concept of privacy,
privacy and the media, health privacy, privacy of electronic communications, identification and
anonymization, privacy and national security, and privacy as related to targeted advertising.

Close

Cybersecurity Law and Technology

2 credits

The course aims to educate students on how the law and technology are used to manage cybersecurity problems. Students from all backgrounds will learn central principles of the legal and policy frameworks and engineering approaches to cybersecurity.

Close

Integrative Cybersecurity Management

2 credits

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close
 

Semester II: Cybersecurity Risk Management

Network Security

3 credits

This course begins by covering attacks and threats in computer networks, including network mapping, port scanning, sniffing, DoS, DDoS, reflection attacks, attacks on DNS, and leveraging P2P deployments for attacks. The course continues with cryptography topics most relevant to secure networking protocols. Topics covered are block ciphers, stream ciphers, public key cryptography, RSA, Diffie Hellman, certification authorities, digital signatures, and message integrity. After surveying basic cryptographic techniques, the course examines several secure networking protocols, including PGP, SSL, IPsec, and wireless security protocols. The course examines operational security, including firewalls and intrusion-detection systems. Students read recent research papers on network security and participate in an important lab component that includes packet sniffing, network mapping, firewalls, SSL, and IPsec.

Close

Cyber Crime

2 credits

This course focuses on the exploding phenomenon of computer crime. We will examine how computers and the internet facilitate commission and complicate control of traditional crimes such as theft, fraud, copyright infringement,industrial espionage, child pornography, invasion of privacy, and stalking/bullying. We will study computer-specific crimes like unauthorized access, denial of service attacks, spamming, and cyber terrorism. We also examine the adequacy of investigative tools and authority and of substantive/sentencing laws for preventing and detecting cyber crime and punishing/deterring cyber criminals.

Close

Cybersecurity – The Evolving Regulatory Landscape

3 credits

This course will review the cybersecurity obligations imposed on companies by federal, state, and local regulatory agencies in the United States. The course will outline the tremendous diversity in regulatory agencies involved in cybersecurity governance, including discussion of their different missions, authorities, and jurisdictional limitations. The course will focus specifically on the cybersecurity obligations established by some of the main regulatory agencies focused on cybersecurity such as the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), and the Department of Defense (DOD), as well as some of the federal banking regulators (e.g. the Federal Reserve and the Office of the Comptroller of the Currency). The course also will discuss some of the critiques of the fragmented approach to cybersecurity regulation that has evolved in the United States and will touch on the ways in which foreign regulation, particularly from the European Union, affects the cybersecurity obligations of companies headquartered in the US. Finally, the course will describe the ways in which the cybersecurity activities of regulatory agencies interact with those of other government agencies in the law enforcement and critical infrastructure protection functions.

Close

Integrative Cybersecurity Management

2 credits

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close

 

Semester III: Cybersecurity Leadership and Strategy

Systems Security Engineering and Regulation

3 credits

This course presents a system and management view of information security: what it is, what drives the requirements for information security, how to integrate it into the systems-design process and life-cycle security management of information systems. A second goal is to cover basic federal policies on government information security and methodologies. Topics include information-security risk management, security policies, security in the systems-engineering process, laws related to information security and management of operational systems.

Close

Innovation Policy Colloquium

3 credits

The Innovation Policy Colloquium focuses on different aspects of the law’s role in promoting creativity and invention. The Colloquium will explore issues such as privacy, equity, reliability, innovation and transparency from a variety of perspectives — societal, legal, ethical, political, and humanistic.

Close

National Security Law and Policy Seminar

2 credits

Issues of intelligence oversight and cybersecurity dominate contemporary national security law and policy. This seminar will explore the ways in which the two areas overlap and diverge, paying attention to topics such as cyber-espionage and electronic surveillance. Our focus throughout will be on the changing legal architectures (domestic, international, transnational) and strategic frameworks that govern these dynamic areas.

Close

Integrative Cybersecurity Management

2 credits

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close
 

 

Integrative Cybersecurity Management Capstone

In-Depth Description

The demand for professionals who understand technology and risk has been growing and will continue to grow as technology plays an ever more pervasive role in our lives. In response, businesses and governments will continue to invest heavily in cybersecurity, attempting to protect vital computer networks and electronic infrastructures from security vulnerabilities, including external attack. Tomorrow’s technology leaders, in both the public and private sectors, will need a comprehensive understanding of cybersecurity and a vocabulary that will enable them to make effective decisions at the intersection of technological, legal, and business risk. The MS CRS is designed to help professionals develop such an understanding, and to equip them to identify and mitigate risk in the cybersecurity environment.

The goal of the degree program is to promote a multidisciplinary approach to cybersecurity education, as distinct from the large majority of existing programs offered by engineering schools that focus purely on technology. The program aims to build a cadre of graduates with sophisticated cross training who would chart careers in government, the military, the private sector, and NGOs.

The capstone will be the embodiment of our vision for the masters program as a whole. Working in groups, students will tackle difficult challenges of technology, law, risk, and strategy. They will become fluent in the language of a wide range of disciplines bearing on the solution of difficult cybersecurity problems and will learn how to work together in interdisciplinary teams to manage both everyday situations and bet the company crises.

In architecture, the capstone is the crowning piece of an arch, the center stone that holds the arch together, giving it shape and strength. The MS CRS capstone program plays a similar role, by building on students’ previous coursework and expertise, while also enhancing student learning on policy and management issues, key process skills and research skills. Although divided into teams, the class will work as a learning community dedicated to the success of all the projects.

The capstone project is an intense activity, evolving throughout the degree program, requiring an examination of current cybersecurity matters impacting industries. Students are expected to validate proposed solutions using the core competencies taught throughout the program.

Students in the MS CRS program will be assigned to teams with students from a wide range of disciplinary backgrounds. Students will identify current event cases involving compliance and legal ramifications of large companies involved with technology. Students will create a response and/or solution to the real business case. The solution is expected to: 1) be technology and legally driven, 2) include tactics for companies to protect themselves from both perspectives, and 3) include steps that the company should implement to avoid future situations. Student groups will be assigned an industry mentor to provide guidance throughout the project and faculty mentors as appropriate.

The capstone project can be either the development of a technical tool that solves a legal or policy problem, or a paper solving a legal, policy, or compliance problem that demonstrates a sophisticated understanding of technical systems related to security, how they operate, and what are their limitations.

Close