|
Home » Master of Science in Information Assurance »
The MSIA program is divided into three six-month semesters, each consisting of two eleven-week, six credit seminars. The topics covered in each seminar introduce you to the most critical and relevant areas in information assurance today. The seminars are strategically sequenced to build context for future seminars, and must be taken in the order presented. The fifth seminar offers an elective to allow you to pursue your specialized area of interest. The program culminates with a one-week residency and graduation ceremony at Norwich University in June. There are four start dates per year - March, June, September and December.
View a synoptic diagram of the program
(opens in new browser)
Semester 1:
Foundations
Seminar 1 - GI510
The first seminar provides an introduction to information assurance. The topics covered include cyberspace law, computer forensics, computer crime, information warfare, penetrating computer systems and networks, malicious code, denial-of-service attacks, E-commerce vulnerabilities, and physical threats to the information infrastructure. (6 credit hours)
Seminar 1 - Weekly Schedule
- Week 1 - Introduction to Information Systems Security Assurance
- Week 2 - Computer Crime Classification & Surveys
- Week 3 - Information Warfare
- Week 4 - The Psychology of Computer Criminals
- Week 5 - Penetrating Computer Systems & Networks
- Week 6 - Malicious Code, Mobile Code & Denial-Of-Service Attacks
- Week 7 - Cyberspace Law & Computer Forensics
- Week 8 - Protecting Intellectual Property Law
- Week 9 - Fundamentals of Cryptography
- Week 10 - Public Key Infrastructure
- Week 11 - Preparation of Student Reports
Prevention: Technical Defenses
Seminar 2 - GI521
The second seminar examines the range and effectiveness of the technical tools used to protect the information infrastructure. These tools include cryptography systems, identification and authentication, operating system security, e-commerce safeguards, firewalls and proxy servers, anti-malware and anti-spyware technology, software development and quality assurance, and anti-piracy techniques. (6 credit hours)
Seminar 2 - Weekly Schedule
- Week 1 - Physical threats to the information infrastructure
- Week 2 - Protecting the information infrastructure, monitoring, controls and honeypots
- Week 3 - Identification and authentication
- Week 4 - Operating system fundamentals and security
- Week 5 - Network management LAN security, and wireless networks
- Week 6 - Firewalls, proxy servers and intrusion detection systems
- Week 7 - Anti-malware and anti-spam measures
- Week 8 - E-commerce security
- Week 9 - Software development and quality assurance - anti-piracy techniques
- Week 10 - Security standards for products
- Week 11 - Preparation of student reports
Semester 2:
Prevention: Human Factors
Seminar 3 - GI531
This seminar looks at the human factors contributing to information security. These factors include security policy guidelines, security awareness, ethical decision-making in the context of technology, employment practices and policies, operations security and production controls, e-mail and Internet use policies, working with law enforcement, use of social psychology to implement security policies, and auditing. (6 credit hours)
Seminar 3 - Weekly Schedule
- Week 1 - Security policy guidelines
- Week 2 - Security awareness
- Week 3 - Ethical decision-making and high technology
- Week 4 - Employment practices and policies
- Week 5 - Operations security and production controls
- Week 6 - E-mail and Internet use policies
- Week 7 - Working with law enforcement
- Week 8 - Using social psychology to implement security policies
- Week 9 - Auditing and assessing computer systems 1
- Week 10 - Auditing and assessing computer systems 2
- Week 11 - Preparation of student reports
Detection, Response and Hot Topics
Seminar 4 - GI541
The fourth seminar covers the tools and techniques for detecting and responding to intrusions. The topics in this seminar include vulnerability assessment, and intrusion detection systems, computer emergency/incident response teams, censorship, privacy and anonymity, standards and laws, and the future of information assurance. (6 credit hours)
Seminar 4 - Weekly Schedule
- Week 1 - Threat and vulnerability analysis
- Week 2 - Risk assessment and risk management
- Week 3 - Business continuity planning, backups
- Week 4 - Disaster recovery planning
- Week 5 - Computer emergency quick-response teams
- Week 6 - Digital investigations and incident post-mortem
- Week 7 - Censorship, privacy and anonymity
- Week 8 - Standards and laws: ISO17799, GLB, SOX and HIPAA
- Week 9 - The future of information assurance
- Week 10 - Professional development in IA
- Week 11 - Preparation of student reports
Semester 3:
To allow you to tailor your education to your own professional goals, elective choices are available for your fifth seminar. You can customize your degree with one of the following:
Emergency Management
Seminar 5 - Elective
The Emergency Management seminar prepares you to enter the emergency management field in either the private or public realm. You will learn the principles of emergency management and you will gain the real-world experience of developing an emergency management plan for your organization. The seminar will prepare you for the Certified Emergency Manager examination administered by the International Association of Emergency Managers, the most widely respected certification in the field.
The Emergency Management seminar will take you through the emergency management planning life cycle. You will examine planning and preparedness methodologies, risk assessment at organization-wide or community-wide levels, and vulnerability assessments, which identify the specific functions that could be disrupted by a disaster. The seminar then explores the mitigation strategies to reduce exposure to disasters. The final topics are response to, and recovery from, disasters.
Business Continuity Planning
Seminar 5 - Elective
Business continuity planning is similar to emergency management in its focus on prevention of and recovery from disruptions in an organization's processes. The difference lies in BCP's focus on organizational survival: developing strategies that allow critical business processes to continue despite the crisis until normal business functions can be resumed.
Business continuity planners must also account for threats beyond traditional disasters such as fire, storm, or terrorism to include technology-based threats such as virus attacks, data loss, and corporate espionage. The goal is to develop methods to continue operations in the face of both localized and large-scale incidents. These methods must also address issues specific to organizations, such as public relations during an incident, working with authorities on an investigation, and replacing workers.
Business continuity planning begins with a risk assessment and mitigation plan. Threats are examined in terms of impact on an organization's bottom line. Prioritizing threats and allocating mitigation resources will only be effective if the financial consequences of threat and mitigation are understood. Business continuity planning includes data backup and recovery techniques, employee training, and how to orchestrate shifting operations to offsite facilities. The overarching goal is to develop cost-effective systems which limit operational disruptions and quickly return an organization to normal functioning in a cost-effective manner.
Computer Security Incident Response Teams
Seminar 5 - Elective
This seminar summarizes the key points in creating and managing a computer incident response team (CSIRT), also sometimes known as a computer emergency response team (CERT). Time spent evaluating and planning emergency response so that it is shortened by a few seconds may save a life or prevent a business disaster. Organizing people to respond to computer security incidents is worth the effort not only when an incident occurs but also because the analysis and interactions leading to establishment of the CSIRT bring benefits even without an emergency. This seminar will explore the following topics:
- Creating the CSIRT:
functions, service levels, policies, staffing
- Responding to computer emergencies:
triage, expertise, tracking, hotlines
- Managing the CSIRT:
triage, expertise, tracking, hotlines
- Continuous process improvement:
the post-mortem, sharing knowledge within the organization, sharing knowledge in the security community
Computer Forensics Investigations
Seminar 5 - Elective
The Computer Forensics Investigation seminar is an eleven-week survey of the investigation of digital incidents such as electronic fraud, cyber crime and cyber terror. Survey topics include types and characteristics of digital incidents, management of digital evidence, investigative techniques, the difference between digital and traditional investigation, investigative and forensic tools and techniques, computer, network and software forensics, human factors in digital crime, and presenting conclusions. The seminar applies the framework suggested by the Digital Forensics Research Workshop comprising Identification, Preservation, Collection, Examination, Analysis, and Presentation.
These seminars combine students from different cohorts as well as being open to alumni. Electives are subject to change, and may not be offered every term. (6 credit hours)
Management Tools
Seminar 6 - GI561
The sixth seminar provides an understanding of the management concepts needed to develop and implement an enterprise-wide information assurance program. Topics include management principles, vendor relations, quality control, organizational psychology, decision-making and leadership, project management and problem solving. (6 credit hours)
Seminar 6 - Weekly Schedule
- Week 1 - The Environment-Internal Factors: Management Principles
- Week 2 - The Environment-External Factors: Vendors and Contracts
- Week 3 - The Environment-Strategy: Knowledge Creation and the Value Chain
- Week 4 - Metrics-Accounting
- Week 5 - Metrics-Finance
- Week 6 - Metrics-Quality and Statistical Control
- Week 7 - Decision-Making and Leadership
- Week 8 - Project Management and Project-Management Tools
- Week 9 - Leadership and Management Skills
- Week 10 - Solving Problems & Working with Technical Support
- Week 11 - Preparation of student reports
Unique Consultancy Project
Meld theory with practice through our unique case study program. In each seminar you will analyze the impact of security requirements and practices on your organization, and provide an extensive report on your organization's security environment including recommendations for improvements and increased security effectiveness. These six reports will provide invaluable analysis and recommendations to your organization's management, build important relationships, and establish yourself as a security leader. Visit the Consultancy Project page for more information.
|
|
|
