Master's Degree Curriculum

Master's Degree Curriculum

The Master of Science Degree in Information Security Engineering

This MSISE program will prepare students to head teams of technologists who are responsible for information security assessments, architectures, operations, monitoring, auditing, and lead information security programs. Graduates will be qualified to seek positions such as technical director for information security, senior security analyst, senior security administrator, information systems security manager, information systems security officer, information security manager, and chief information security officer. The program focuses primarily on the technical and problem-solving skills associated with security implementation, but adds instruction on project management and effective communications to help graduates prepare to take responsibility for the work of other technologists. All of the courses below except the electives include writing assignments called GIAC Gold or Written Assignment. More information about GIAC Gold can be found at

MSISE Core, mandatory courses

Previous Mandatory Course: 1.6 September 15, 2008 - February 25, 2009
Previous Mandatory Course: 1.5 May 22, 2008 - September 14, 2008
Previous Mandatory Course: 1.4 August 10, 2007 - May 21, 2008
Previous Mandatory Course: 1.3 March 1, 2007 - August 9, 2007
Previous Mandatory Course: 1.2 October 4, 2006 - February 28, 2007
Previous Mandatory Course: 1.1 March 20, 2006 - October 3, 2006
Previous Mandatory Course: 1.0 December 2005 - March 19, 2006

Course Descriptions: Conference course descriptions are available at If students wish to take some courses in other than a conference setting, they should click on the tab above called "Course Delivery Options" to see which course delivery options are acceptable for master's students.

Course Credits
SEC 401: SANS Security Essentials, GIAC GSEC Gold 4
MGT 404: Fundamentals of Info Sec Policy, GIAC STAR Gold or Written Assignment 1
MGT 438: How to Establish a Sec Awareness Program, GIAC STAR Gold or Written Assignment
(formerly the above 2 courses were called MGT 524 Sec Policy & Awareness-GSPA)
SEC 503: Intrusion Detection in Depth, GIAC GCIA Gold 4
SEC 504: Hacker Techniques, Exploits, and Incident Handling, GIAC GCIH Gold 4
MGT 525: Project Management and Effective Communications for Security Professionals and Managers, GIAC GCPM Gold or Written Assignment 4
- Project Management Institute Certification can be substituted for GCPM
- It is recommended that MGT 525 be completed before the Joint Written Project is started.
MGT 421: SANS Leadership and Management Competencies, GIAC STAR Gold or Written Assignment 1
Software Security Training 3

(A) At least "six-days" of course(s) from the following:

Example: If a student is interested in a particular three-day course below, then such student also will need to take another: three-day course OR a two-day course and a one-day course OR three one-day courses.

- DEV 422: Web Application Security Essentials
DEV 542: Web Application Penetration Testing & Ethical Hacking, GIAC GWAPT
- DEV 536: Secure Coding for PCI Compliance
- DEV 538: Web App Pentesting Hands on Immersion
DEV 545: Secure coding in PHP: Developing Defensible Applications
- DEV 534: Secure Code Review for Java Web Apps
- DEV 544: Secure coding in .Net: Developing Defensible Applications
- DEV - - -:Software Security Project (independent study). Student will develop a proposed software security project topic, ask a SANS faculty member (certified/senior/fellows faculty) if he/she is willing to act as adviser. That adviser will submit the proposed topic to STI for review and determination of how many credits will be attributed to the independent study, will provide guidance to the student, and will grade it as pass/fail.

(B) STAR/GIAC exam for each chosen course (but not for the DEV - - - Software Security Project). If STAR/GIAC exam(s) is not available, substitute exam(s)/assignment(s) will be given.

(C) Except for DEV --- Software Security Project, a Written Assignment is NOT required [unless written assignment(s) are required as "substitute assignment(s)" when STAR/GIAC exam(s) are not available.]


TWO ELECTIVES at Silver Level (no papers required):

At least one must be SEC 500/600 level, GIAC Silver (with SEC 508 System Forensics, GIAC GCFA Silver, strongly recommended).

Choose the other elective from the following:

Total Credit Hours: 31

Each exam score must be at least 80 (or 80 average if applicable) including STARs.

The final course grade will be based on the latest recert scores just before graduation requirements are met. See the tab above titled Recertification Policy that discusses whether or not recertification is required.

When a GIAC Gold Paper/Written Assignment is required, the student must also pass the GIAC Gold/Written Assignment before the grade can be assigned.

If a STAR/GIAC exam is a requirement but is not available, then the college provides a substitute exam/assignment.