Courses

The MS in Cybersecurity Risk and Strategy program is a 30-credit one-year executive MS management degree incorporating both online courses and blended-learning modules.

Over a 12-month period, participants will attend three residential sessions consisting of five days per session. Between residential periods, students will study 10-15 hours per week in online and blended-learning formats. Semesters are divided into three phases: online introduction, in-class residency, and online implementation. Below, indicative courses are listed by semester:

Pre-
Program
Bootcamp

Coursework


Introduction
to US Law

Foundations of Cybersecurity

MayJunJulAug

Semester 1

Cybersecurity Governance and Policy
Coursework


Information
Security and
Privacy

Cybersecurity Governance and Regulatory Forces

Cybercrime

Information Privacy Law Part I

In-Class Residency
Jun. 16-21, 2019

SepOctNovDec

Semester 2

Cybersecurity
Risk
Management
Coursework


Network
Security

Cybersecurity- The Evolving
Regulatory
Landscape

Information Privacy Law Part II

In-Class Residency
Oct. 14–18, 2019

JanFebMarApr

Semester 3

Cybersecurity Leadership and Strategy
Coursework

Information Systems Security Engineering and Management

National Security Issues in Cyberspace

Innovation
Policy Colloquium

In-Class Residency
Mar. 16–20, 2020

Commencement & Capstone Presentation May 2020

Pre-Program: Introduction to Cybersecurity

Foundations of Cybersecurity

This class is designed to provide technical fundamentals to those program participants that do not have a technical background and will prepare students to take the technical courses offered during the credit-bearing portions of the degree.

Close

Introduction to US Law

The purpose of this course is to give students an overview of the US legal system, to prepare them to delve into the specific legal and regulatory regimes governing cybersecurity during the degree program. We explore the way U.S. law is created by analyzing statutory law, case law, contracts, and the activity of regulatory agencies. The course highlights the methods and background needed for success in the program.

Close
 

Semester I: Cybersecurity Governance and Policy

Information Security and Privacy

This course introduces Information Systems Security and covers cryptography, capability and access control mechanisms, authentication models, security models, operating systems security, malicious code, security-policy formation and enforcement, vulnerability analysis, evaluating secure systems.

Close

Cybersecurity – Governance and Regulatory Forces

Efforts to enhance cybersecurity fall largely on corporations because they hold the data that interests thieves and nation states. This course will explore the generally applicable governance and regulatory forces that influence how corporations respond to cybersecurity threats.

Close

Cybercrime

This course focuses on the exploding phenomenon of computer crime. We will examine how computers and the internet facilitate commission and complicate control of traditional crimes such as theft, fraud, copyright infringement, industrial espionage, child pornography, invasion of privacy, and stalking/bullying. We will study computer-specific crimes like unauthorized access, denial of service attacks, spamming, and cyber terrorism. We also examine the adequacy of investigative tools and authority and of substantive/sentencing laws for preventing and detecting cyber crime and punishing/deterring cyber criminals.

Close

Information Privacy Law Part I

The course begins by introducing conceptual perspectives on privacy and discussing the role of privacy as a policy goal. We then explore some general approaches to privacy regulation, including the privacy torts, the Fair Information Practice Principles, privacy policies, self-regulation and FTC enforcement. The first part of this course concludes with a brief introduction to European information privacy law.

Close

Integrative Cybersecurity Management

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close
 

Semester II: Cybersecurity Risk Management

Network Security

 

This course begins by covering attacks and threats in computer networks, including network mapping, port scanning, sniffing, DoS, DDoS, reflection attacks, attacks on DNS, and leveraging P2P deployments for attacks. The course continues with cryptography topics most relevant to secure networking protocols. Topics covered are block ciphers, stream ciphers, public key cryptography, RSA, Diffie Hellman, certification authorities, digital signatures, and message integrity. After surveying basic cryptographic techniques, the course examines several secure networking protocols, including PGP, SSL, IPsec, and wireless security protocols. The course examines operational security, including firewalls and intrusion-detection systems. Students read recent research papers on network security and participate in an important lab component that includes packet sniffing, network mapping, firewalls, SSL, and IPsec.

Close

Cybersecurity – The Evolving Regulatory Landscape

Building on last semester’s course on the general regulatory forces shaping cybersecurity, this semester’s course drills down into two facets of the emerging cybersecurity landscape. The first part of the course will explore the relationship between the business world and sector-specific federal and state regulators addressing cybersecurity, including the Securities and Exchange Commission, the Department of Defense and financial regulators. The second part of the course is dedicated to exploring the cybersecurity-related regulation of critical infrastructure by federal authorities, principally the Department of Homeland Security, including information sharing initiatives.

Close

Information Privacy Law Part II

Information Privacy Law Part II delves further into the laws regulating private sector use of personal information. U.S. privacy law is known for its “sectoral” approach and we begin by reviewing some of the laws targeted at particular sectors. We will also explore the EU’s General Data Protection Regulation, which recently took effect, considering its implications for US companies. The second part of this semester focuses on law enforcement access to personal information. We cover the basic constitutional and statutory limits on law enforcement access and then discuss some of the challenges to existing law created by the increasing extent to which everyday communications and activities create digital data trails.

Close

Integrative Cybersecurity Management

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close

 

Semester III: Cybersecurity Leadership and Strategy

Information Systems Security Engineering and Management

This course presents a system and management view of information security: what it is, what drives the requirements for information security, how to integrate it into the systems-design process and life-cycle security management of information systems. A second goal is to cover basic federal policies on government information security and methodologies. Topics include information-security risk management, security policies, security in the systems-engineering process, laws related to information security and management of operational systems.

Close

National Security Issues in Cyberspace

The law and strategy of cybersecurity are unsettled. This course will situate cybersecurity within the framework(s) of national security law and policy. Topics will include the domestic and international legal foundations of cyber operations (defensive and offensive), strategic considerations involved in cyber conflict (including the role of deterrence in cyberspace), and the overlap and distinctions between cybersecurity and intelligence operations. This course will also engage with the national security institutions involved in the provision of cybersecurity and its oversight, as well as with potential avenues for international cooperation in the prevention and resolution of cyber conflict.

Close

Innovation Policy Colloquium

The Innovation Policy Colloquium focuses on different aspects of the law’s role in promoting creativity and invention. The Colloquium will explore issues such as privacy, equity, reliability, innovation and transparency from a variety of perspectives — societal, legal, ethical, political, and humanistic.

Close

Integrative Cybersecurity Management

The Integrative Cybersecurity Management course is driven by faculty-led seminars and advising, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

Close
 

 

Integrative Cybersecurity Management Capstone

In-Depth Description

The demand for professionals who understand technology and risk has been growing and will continue to grow as technology plays an ever more pervasive role in our lives. In response, businesses and governments will continue to invest heavily in cybersecurity, attempting to protect vital computer networks and electronic infrastructures from security vulnerabilities, including external attack. Tomorrow’s technology leaders, in both the public and private sectors, will need a comprehensive understanding of cybersecurity and a vocabulary that will enable them to make effective decisions at the intersection of technological, legal, and business risk. The MS CRS is designed to help professionals develop such an understanding, and to equip them to identify and mitigate risk in the cybersecurity environment.

The goal of the degree program is to promote a multidisciplinary approach to cybersecurity education, as distinct from the large majority of existing programs offered by engineering schools that focus purely on technology. The program aims to build a cadre of graduates with sophisticated cross training who would chart careers in government, the military, the private sector, and NGOs.

The capstone will be the embodiment of our vision for the masters program as a whole. Working in groups, students will tackle difficult challenges of technology, law, risk, and strategy. They will become fluent in the language of a wide range of disciplines bearing on the solution of difficult cybersecurity problems and will learn how to work together in interdisciplinary teams to manage both everyday situations and bet the company crises.

In architecture, the capstone is the crowning piece of an arch, the center stone that holds the arch together, giving it shape and strength. The MS CRS capstone program plays a similar role, by building on students’ previous coursework and expertise, while also enhancing student learning on policy and management issues, key process skills and research skills. Although divided into teams, the class will work as a learning community dedicated to the success of all the projects.

The capstone project is an intense activity, evolving throughout the degree program, requiring an examination of current cybersecurity matters impacting industries. Students are expected to validate proposed solutions using the core competencies taught throughout the program.

Students in the MS CRS program will be assigned to teams with students from a wide range of disciplinary backgrounds. Students will identify current event cases involving compliance and legal ramifications of large companies involved with technology. Students will create a response and/or solution to the real business case. The solution is expected to: 1) be technology and legally driven, 2) include tactics for companies to protect themselves from both perspectives, and 3) include steps that the company should implement to avoid future situations. Student groups will be assigned an industry mentor to provide guidance throughout the project and faculty mentors as appropriate.

The capstone project can be either the development of a technical tool that solves a legal or policy problem, or a paper solving a legal, policy, or compliance problem that demonstrates a sophisticated understanding of technical systems related to security, how they operate, and what are their limitations.

Close