Master of Science in Information Security
REQUIRED CREDITS: 48
LOCATIONS and START DATES: Online: Fall, Winter, Spring, Summer
Program DetailsThe Master of Science in Information Security degree program at City University of Seattle offers technology professionals an opportunity to earn a graduate degree in the always changing world of information security. You'll develop a broad understanding of the technical, business, management and policy aspects of information security so you can make business-critical decisions for your organization when it counts. CityU of Seattle's master's in information security program is certified to meet the National Training Standard for Information Systems Security (INFOSEC) by the Committee on National Security Systems (CNSS) and the Information Assurance Directorate at the United States National Security Agency (NSA). All students study a core of basic information security standards and practices and will complete two of the following four specialties:
Flexible, Online Learning OptionsThe Master of Science in Information Security program is a highly focused, 16-course program that you complete online at a pace that you determine with the help of a CityU Technology Institute advisor. Please advisor the department to learn more about how our online master's in information security program can fit into your life.
Where CityU Can Take YouWhen you graduate, you'll be qualified to work as a systems security expert who can ensure the security of complex data and hardware networks in industries as varied as healthcare, ecommerce, IT, international business and government. Potential career paths include security engineers, security consultants and information security managers.
Get Started Today!If you have a bachelor's degree from an accredited university, you can apply for CityU's Master of Science in Information Security program. Get ready to lead, innovate, and learn how to work in a diverse information security environment by pinging an advisor today.
Center for Information Assurance EducationCity University of Seattle operates a special center whose mission is to conduct programs, courses, research and consulting in Information Assurance. Learn more about the Center.
The Information Assurance Courseware Evaluation (IACE) Program of the Committee on National Security Systems (CNSS) has certified that City University of Seattle Information Security course of study meets the National Training Standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 and Senior System Managers, CNSSI No.4012 (valid through June 2017). Students completing the program will receive a certificate documenting their completion of the CNSS recognized program.
Core Courses (48)
This course will cover changes in information security management and understanding. The age of information security as technology alone has passed, people currently involved with information security need to understand the entire information security landscape, from rules, laws, corporate laws and rules, decision making, working in teams, leadership, and other ways that information security is changing people and the work place.
This course looks at the day-to-day systems administration role, and how information security plays a role in patching, updates, configuration, penetration testing and other skills that enhance and provide an important counterpoint to information security and the normal operations of a company. Particular attention will be made in meeting compliance roles such as PCI, HIPAA, and other federal laws, as well as state laws for breech reporting such as HB 1386.
This course studies the responsibilities of senior managers for ensuring the security of processes and information systems used in their organizations. Given a request for an approval to operate an information system at a specified level of trust, the senior manager will analyze and judge the information provided for validity and reliability to ensure the system will operate at the proposed level of trust. This judgment will be predicated on an understanding of system architecture, system security measures, systems operations policy, system security management plan, legal and ethical considerations, and provisions for system operator and end user training. Students taking this course will learn to integrate their knowledge in these areas to make effective security decisions.
Cloud Computing, Web 2.0, open systems, federated identity, and other systems present both an opportunity and a source of potential misuse of data and systems. This course looks at the risks and rewards of using information systems, federated identity, encryption, and other resources, and the particular issues which will impact upon information security and privacy, so that risk in these systems can be managed.
This course is a study of the ethical issues that arise in information security. The course explores ethical frameworks and their application to particular areas influencing and affecting information security. Topics explored include privacy, anonymity, confidentiality, intellectual property and other areas impacted by information and communications technology. Students completing the course will be aware of the many issues they can expect to confront, understand how others have addressed similar issues, and possess a toolkit to aid them as they confront those issues.
Cyber Crime (3)
Cyber crime has become a pervasive reality in society. Students in this course investigate the forms that cyber crimes can take, and examine the factors that make victims vulnerable to cyber crimes. The course also looks at theories of criminology and how they are impacted by trends in the cyber environment. Understanding cyber crime allows students to avoid and detect it, as well as minimize the impact of cyber crime on its victims and contribute to the investigation of cyber crimes.
Cyber Warfare (3)
Cyber Space has joined air, land, sea and space as the latest domain of warfare. This course examines warfare in the cyber domain beginning with an understanding of how it fits within the context of traditional theory of war. The course examines how countries prepare and apply capabilities and strategies, the impacts of non-state actors, and the future development of cyber warfare. Students participate in a Cyber Warfare Strategic Exercise (CWSX). Students are prepared to understand the impact of the extension of warfare into the cyber domain.
E-government is difficult to manage and enforce security standards. All governments face an ever-decreasing budget process complicated by political pressures, cyber warfare, cyber crime, and users who will stumble across security issues with an e-government web site. The lessons learned in implementing, managing, comparing multiple types of e-government is a primer for learning about the systems that empower e-government, and how they will be attacked. Students will take away from this course an ability to understand the complex relationship between people, budget, implementation, and standards when building or analyzing an e-government initiative.
Intellectual property is the core currency of the digital economy. Patents, copyrights, trademarks and trade secrets represent the formal designation and protection of many intellectual properties. Other information is protected through classification and encryption. In this course students study how intellectual property is protected as well as how those protections are circumvented. The course will also study the role of espionage in obtaining trade secrets, classified data, and other valuable information.
This course goes into the details on how to abuse and otherwise get good C# code to go bad via Fuzzing, Black/White box testing, and other testing methods to work out exactly where code flaws lie in a system.
Java is a commonly used programming language that extends the functionality of a web site to make it more interactive, customizable, and share information resources between various information providers. This course reviews the public API's that are available to programmers and teaches students how to evaluate those public API's for information security concerns. Students will review a number of public Java based API's throughout this course and learn to analyze them for common security vulnerabilities. Students will gain an understanding of Java security, how to test security, and how to recommend changes to the public API's to make them safer for consumption. Prerequisites: ISEC 570.
This course reviews the security implications around Adobe AIR applications. Adobe AIR provides a Rich Internet Application (RIA) environment that can be used to deliver data to any device. Adobe AIR has many uses for delivering data to clients that must be secured against eavesdropping or modification while that data is in transit. The students will download and work with multiple Adobe AIR applications, and learn how these applications can secure or expose information to hackers. The students will learn how to use Adobe AIR and secure the communications paths that these applications use between the client software on any device and the servers that provide data to those clients. Prerequisites: ISEC 570.
This course is an advanced course in breaking web based services, how services are exposed, consumed, and how to get them to misbehave. Standard methods such as XSS, CRSF, trust models, exposed API's, manifests, are all ways that a web site can be taken over or used for other purposes.
This course covers standards and methods for reverse engineering code, dot net, ASP, C#, obfuscated Java, obfuscated PHP, and other ways that hackers hide malware within links, pages, and other places on a computer. This course covers the basics of reverse engineering code.
This course covers the reverse engineering of malware, using live examples of malware from the internet, the student will work out what the code is supposed to do, how it works, who it communicates with, how it was built, and any 'coder fingerprints' as possible.
The Master's Thesis allows the student to synthesize the information gained in this program and write a formal master's thesis about a subject or topic in information security that interests them.