The MS in Cybersecurity Risk and Strategy program is a 30-credit one-year MS management degree for professionals, incorporating both online courses and blended-learning modules.
Over a 12-month period, participants will attend three five-day residential sessions*. Between residential periods, students will study 10-15 hours per week in online and blended-learning formats. Semesters are divided into three phases: online introduction, in-class residency*, and online implementation.
Residency Dates for Class of 2025
- June 10-14, 2024
- October 28-Nov 1, 2024
- March 17-21, 2025
Capstone presentations and Graduation: May 2025
Final dates TBD.
*Please note that dates are subject to change at the discretion of the University.
Below, indicative courses are listed by semester:
Pre-
Program
Bootcamp (Optional)
Coursework
—
Introduction
to US Law
—
Introduction to Computer Networking
Semester 1
Cybersecurity Governance and Policy
Coursework
—
Information Systems Security Engineering and Management
—
Cybersecurity Governance and Regulatory Forces
—
Cybercrime
—
Information Privacy Law
In-Class Residency*
Jun. 10-14, 2024
Semester 2
Cybersecurity
Risk
Management
Coursework
—
Network Security
—
Cybersecurity Regulation
—
Critical Infrastructure Protection & Information Sharing
—
Information Privacy Law Part II
In-class Residency*
Oct. 28-Nov 1, 2024
Semester 3
Cybersecurity Leadership and Strategy
Coursework
—
Emerging Innovations in Cyber Security
—
National Security Issues in Cyberspace
—
Incident Response & Next Generation Threats
—
Digital Assets Through the Lens of a Cyber Intrusion & Ransomware Incident
—
Cybersecurity Innovation Law and Policy
In-class Residency*
Mar. 17-21, 2025
Commencement & Capstone Presentation May 2025
Semester I: Cybersecurity Governance and Policy
Information Systems Security Engineering and Management
This course uses the high-level control categories in the National Institute of Technology and Standards (NIST) Cybersecurity Framework (CSF) as the basis for a comprehensive introduction to the practical discipline of enterprise cyber security. Weekly topical areas are guided by the general structure of the NIST CSF, but the course lectures, background readings, required videos, and student work drill more deeply into the underlying technology, historical basis, and practical enterprise application of the relevant areas. Upon completion of the course, students will have a solid understanding of the technical foundations and practical implementation of the most important and widely applicable modern cyber security controls for enterprise threat reduction.
CloseCybersecurity – Governance and Regulatory Forces
Efforts to enhance cybersecurity fall largely on corporations because they hold the data that interests thieves and nation states. This course will explore the generally applicable governance and regulatory forces that influence how corporations respond to cybersecurity threats.
CloseCybercrime
This course focuses on the exploding phenomenon of computer crime. We will examine how computers and the internet facilitate commission and complicate control of traditional crimes such as theft, fraud, copyright infringement, industrial espionage, child pornography, invasion of privacy, and stalking/bullying. We will study computer-specific crimes like unauthorized access, denial of service attacks, spamming, and cyber terrorism. We also examine the adequacy of investigative tools and authority and of substantive/sentencing laws for preventing and detecting cyber crime and punishing/deterring cyber criminals.
CloseInformation Privacy Law Part I
The course begins by introducing conceptual perspectives on privacy and discussing the role of privacy as a policy goal. We then explore some general approaches to privacy regulation, including the privacy torts, the Fair Information Practice Principles, privacy policies, self-regulation and FTC enforcement. The first part of this course concludes with a brief introduction to European information privacy law.
CloseIntegrative Cybersecurity Management
The Integrative Cybersecurity Management course is driven by seminars and advising led by the Capstone Faculty Directors and Industry Capstone Mentors, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.
CloseSemester II: Cybersecurity Risk Management
Network Security
This course begins by covering attacks and threats in computer networks. We cover the “kill chain” and how networks are compromised whether the attack is originating from a nation state or an unskilled lone attacker. The course continues with cryptography topics which establish the foundation for techniques providing for the defense of computer networks. Topics covered are block ciphers, stream ciphers, public key cryptography, RSA, Diffie Hellman, certification authorities, digital signatures and message integrity. After surveying basic cryptographic techniques, the course examines several secure networking protocols, including TLS, IPsec and wireless security protocols. The course moves on to discuss operational security techniques, including perimeter security, intrusion-detection systems, security monitoring and security in IPv6 networks. Students will read recent research papers on network security and apply the technology and techniques discussed in a lab component which includes: network mapping, exploitation, firewalls, SSL exploitation and wireless security.
CloseCybersecurity – The Evolving Regulatory Landscape (Cybersecurity Regulation II, Critical Infrastructure Protection & Information Sharing)
- Cybersecurity Regulation II
- Critical Infrastructure Protection & Information Sharing
Building on last semester’s course on the general regulatory forces shaping cybersecurity, this semester’s course drills down into two facets of the emerging cybersecurity landscape. The first part of the course will explore the relationship between the business world and sector-specific federal and state regulators addressing cybersecurity, including the Securities and Exchange Commission, the Department of Defense and financial regulators. The second part of the course is dedicated to exploring the cybersecurity-related regulation of critical infrastructure by federal authorities, principally the Department of Homeland Security, including information sharing initiatives.
Information Privacy Law Part II
Information Privacy Law Part II delves further into the laws regulating private sector use of personal information. U.S. privacy law is known for its “sectoral” approach and we begin by reviewing some of the laws targeted at particular sectors. We will also explore the EU’s General Data Protection Regulation, which recently took effect, considering its implications for US companies. The second part of this semester focuses on law enforcement access to personal information. We cover the basic constitutional and statutory limits on law enforcement access and then discuss some of the challenges to existing law created by the increasing extent to which everyday communications and activities create digital data trails.
Integrative Cybersecurity Management
The Integrative Cybersecurity Management course is driven by seminars and advising led by the Capstone Faculty Directors and Industry Capstone Mentors, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.
CloseSemester III: Cybersecurity Leadership and Strategy
Emerging Innovations in Cyber Security
This course provides a forward-looking introduction to emerging innovations, themes, risks, challenges, and technologies in the evolving discipline of modern cyber security. Specific topics covered include security in Dev/Ops, security versus privacy, artificial intelligence-based security controls, threat to 5G mobile infrastructure, threats to social media, zero trust architecture, security in supply chains. The course includes live virtual lectures from the instructor, as well as several live virtual guest lectures from experts in the NYU Center for Cybersecurity in their specialized areas of cyber security research.
CloseNational Security Issues in Cyberspace
The law and strategy of cybersecurity are unsettled. This course will situate cybersecurity within the framework(s) of national security law and policy. Topics will include the domestic and international legal foundations of cyber operations (defensive and offensive), strategic considerations involved in cyber conflict (including the role of deterrence in cyberspace), and the overlap and distinctions between cybersecurity and intelligence operations. This course will also engage with the national security institutions involved in the provision of cybersecurity and its oversight, as well as with potential avenues for international cooperation in the prevention and resolution of cyber conflict.
Innovation Policy Colloquium (Incident Response Practicum, Managing the Next Generation of Threats, Digital Assets Through the Lens of a Cyber Intrusion & Ransomware Incident, Cybersecurity Innovation Law & Policy)
- Incident Response Practicum
- Managing the Next Generation of Threats
- Digital Assets Through the Lens of a Cyber Intrusion & Ransomware Incident
- Cybersecurity Innovation Law & Policy
The Innovation Policy Colloquium focuses on different aspects of the law’s role in promoting creativity and invention. The Colloquium will explore issues such as privacy, equity, reliability, innovation and transparency from a variety of perspectives — societal, legal, ethical, political, and humanistic.
Integrative Cybersecurity Management
The Integrative Cybersecurity Management course is driven by seminars and advising led by the Capstone Faculty Directors and Industry Capstone Mentors, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.
CloseIntegrative Cybersecurity Management Capstone
In-Depth Description
The demand for professionals who understand technology and risk has been growing and will continue to grow as technology plays an ever more pervasive role in our lives. In response, businesses and governments will continue to invest heavily in cybersecurity, attempting to protect vital computer networks and electronic infrastructures from security vulnerabilities, including external attack. Tomorrow’s technology leaders, in both the public and private sectors, will need a comprehensive understanding of cybersecurity and a vocabulary that will enable them to make effective decisions at the intersection of technological, legal, and business risk. The MS CRS is designed to help professionals develop such an understanding, and to equip them to identify and mitigate risk in the cybersecurity environment.
The goal of the degree program is to promote a multidisciplinary approach to cybersecurity education, as distinct from the large majority of existing programs offered by engineering schools that focus purely on technology. The program aims to build a cadre of graduates with sophisticated cross training who would chart careers in government, the military, the private sector, and NGOs.
The capstone will be the embodiment of our vision for the masters program as a whole. Working in groups, students will tackle difficult challenges of technology, law, risk, and strategy. They will become fluent in the language of a wide range of disciplines bearing on the solution of difficult cybersecurity problems and will learn how to work together in interdisciplinary teams to manage both everyday situations and bet the company crises.
In architecture, the capstone is the crowning piece of an arch, the center stone that holds the arch together, giving it shape and strength. The MS CRS capstone program plays a similar role, by building on students’ previous coursework and expertise, while also enhancing student learning on policy and management issues, key process skills and research skills. Although divided into teams, the class will work as a learning community dedicated to the success of all the projects.
The capstone project is an intense activity, evolving throughout the degree program, requiring an examination of current cybersecurity matters impacting industries. Students are expected to validate proposed solutions using the core competencies taught throughout the program.
Students in the MS CRS program will be assigned to teams with students from a wide range of disciplinary backgrounds. Students will identify current event cases involving compliance and legal ramifications of large companies involved with technology. Students will create a response and/or solution to the real business case. The solution is expected to: 1) be technology and legally driven, 2) include tactics for companies to protect themselves from both perspectives, and 3) include steps that the company should implement to avoid future situations. Student groups will be assigned a Capstone Faculty Director and an Industry Capstone Mentor to provide guidance throughout the project.
The capstone project can be either the development of a technical tool that solves a legal or policy problem, or a paper solving a legal, policy, or compliance problem that demonstrates a sophisticated understanding of technical systems related to security, how they operate, and what are their limitations.
Close