Master of Science in Information Security
REQUIRED CREDITS: 48
LOCATIONS and START DATES: Online: Fall, Winter, Spring, Summer
Is the master's in Information Security program for me?If you're already a technology professional, and you're ready to lead, innovate, and learn how to work in a diverse information security environment, our M.S.I.S. program can help. You'll pick up the knowledge and skills you need to take on a managerial role in the information security field.
What will I learn in the master's in Information Security program?You'll develop a broad understanding of the technical, business, management and policy aspects of information security. Courses will cover infrastructure acquisition, development and evolution; network and software systems risk-assessment and maintenance; secure systems design and implementation; and much more. Overall, you'll have a keen eye for what is and isn't working in an IS environment, and be prepared to make business-critical decisions. Read through the course descriptions below for more details.
What can I do with my master's degree in Information Security?You'll be qualified to work as a systems security expert who can manage complex data and hardware networks.
How to get started:Do you have at least a bachelor's degree? If so, you're eligible to apply. Here's how:
The Information Assurance Courseware Evaluation (IACE) Program of the Committee on National Security Systems (CNSS) has certified that City University of Seattle Information Security course of study meets the National Training Standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 and Senior System Managers, CNSSI No.4012 (valid through June 2017). Students completing the program will receive a certificate documenting their completion of the CNSS recognized program.
Core Courses (48)
This course will cover changes in information security management and understanding. The age of information security as technology alone has passed, people currently involved with information security need to understand the entire information security landscape, from rules, laws, corporate laws and rules, decision making, working in teams, leadership, and other ways that information security is changing people and the work place.
This course looks at the day-to-day systems administration role, and how information security plays a role in patching, updates, configuration, penetration testing and other skills that enhance and provide an important counterpoint to information security and the normal operations of a company. Particular attention will be made in meeting compliance roles such as PCI, HIPAA, and other federal laws, as well as state laws for breech reporting such as HB 1386.
This course studies the responsibilities of senior managers for ensuring the security of processes and information systems used in their organizations. Given a request for an approval to operate an information system at a specified level of trust, the senior manager will analyze and judge the information provided for validity and reliability to ensure the system will operate at the proposed level of trust. This judgment will be predicated on an understanding of system architecture, system security measures, systems operations policy, system security management plan, legal and ethical considerations, and provisions for system operator and end user training. Students taking this course will learn to integrate their knowledge in these areas to make effective security decisions.
Cloud Computing, Web 2.0, open systems, federated identity, and other systems present both an opportunity and a source of potential misuse of data and systems. This course looks at the risks and rewards of using information systems, federated identity, encryption, and other resources, and the particular issues which will impact upon information security and privacy, so that risk in these systems can be managed.
This course is a study of the ethical issues that arise in information security. The course explores ethical frameworks and their application to particular areas influencing and affecting information security. Topics explored include privacy, anonymity, confidentiality, intellectual property and other areas impacted by information and communications technology. Students completing the course will be aware of the many issues they can expect to confront, understand how others have addressed similar issues, and possess a toolkit to aid them as they confront those issues.
Cyber Crime (3)
Cyber Crime has risen from the average script kiddy, to an elaborate collaborative black market system where data is constantly bought and sold. New malware, new methods of compromised are often built and used by cyber criminals, and companies are not prepared to deal with cyber crime. Every company can become an unwilling participant in cyber crime, this course builds fundamental knowledge of cyber crime, who to involve, and how the police work in the digital environment.
Cyber Warfare (3)
Companies are ill prepared to understand the role that they play in cyber warfare. Companies can become victims of or unwilling participants in cyber warfare. This course covers the concepts of asymmetrical warfare, the ability to respond, working with government entities and police, and how the nation is working on a national cyber warfare policy/program.
E-government is difficult to manage and enforce security standards. All governments face an ever-decreasing budget process complicated by political pressures, cyber warfare, cyber crime, and users who will stumble across security issues with an e-government web site. The lessons learned in implementing, managing, comparing multiple types of e-government is a primer for learning about the systems that empower e-government, and how they will be attacked. Students will take away from this course an ability to understand the complex relationship between people, budget, implementation, and standards when building or analyzing an e-government initiative.
Intellectual Property Protection, industrial espionage is very common. This course provides a fundamental groundwork in methods, tactics like 'spear phishing' and other ways that governments, nation states, criminals, and hackers are all trying to get data from your company.
This course goes into the details on how to abuse and otherwise get good C# code to go bad via Fuzzing, Black/White box testing, and other testing methods to work out exactly where code flaws lie in a system.
Java is a commonly used programming language that extends the functionality of a web site to make it more interactive, customizable, and share information resources between various information providers. This course reviews the public API's that are available to programmers and teaches students how to evaluate those public API's for information security concerns. Students will review a number of public Java based API's throughout this course and learn to analyze them for common security vulnerabilities. Students will gain an understanding of Java security, how to test security, and how to recommend changes to the public API's to make them safer for consumption. Prerequisites: ISEC 570.
This course reviews the security implications around Adobe AIR applications. Adobe AIR provides a Rich Internet Application (RIA) environment that can be used to deliver data to any device. Adobe AIR has many uses for delivering data to clients that must be secured against eavesdropping or modification while that data is in transit. The students will download and work with multiple Adobe AIR applications, and learn how these applications can secure or expose information to hackers. The students will learn how to use Adobe AIR and secure the communications paths that these applications use between the client software on any device and the servers that provide data to those clients. Prerequisites: ISEC 570.
This course is an advanced course in breaking web based services, how services are exposed, consumed, and how to get them to misbehave. Standard methods such as XSS, CRSF, trust models, exposed API's, manifests, are all ways that a web site can be taken over or used for other purposes.
This course covers standards and methods for reverse engineering code, dot net, ASP, C#, obfuscated Java, obfuscated PHP, and other ways that hackers hide malware within links, pages, and other places on a computer. This course covers the basics of reverse engineering code.
This course covers the reverse engineering of malware, using live examples of malware from the internet, the student will work out what the code is supposed to do, how it works, who it communicates with, how it was built, and any 'coder fingerprints' as possible.
The Master's Thesis allows the student to synthesize the information gained in this program and write a formal master's thesis about a subject or topic in information security that interests them.