The Master of Science in Information Security Management (MSISM) program is designed to help a candidate prepare for responsibilities at the highest-ranking management level with IT security responsibilities in an organization. In the government, this is often called the Designated Approving Authority, Information Assurance Manager, or Chief Information Security Officer. In the private sector, titles such as Chief Security Officer or Chief Information Security Officer are often used. Graduates of this program will be able to assess the effectiveness of information security programs, see their strengths and weaknesses, and analyze the design of specific security enhancements. They will also have strong oral presentation and writing skills, knowledge of legal issues in security, and project management skills. Graduates will be able to develop and manage an enterprise-level information security program, including the ability to sponsor adaptive security paradigms that foster rapid detection and mitigation of new and existing attacks, and to measure response strategies to threats as they emerge.
By the end of this program, you will be able to:
- Formulate and implement policies and solutions that demonstrate a thorough understanding of security foundations and practical applications of information technology.
- Demonstrate a solid foundation in information security strategies and apply their knowledge by assessing an information security situation and prescribing an appropriate security approach.
- Construct an information security approach that balances organizational needs with those of confidentiality, integrity and availability. Solutions require a comprehensive approach that aligns with policy, technology, and organizational education, training and awareness programs.
- Effectively communicate information security assessments, plans and actions for technical and nontechnical audiences/stakeholders.
- Identify emerging information security issues, utilize knowledge of information security theory to investigate causes and solutions, and delineate strategies guided by evolving information security research and theory.
- Assess and balance the relationship and inter-responsibilities between all three communities of interest in Information Security: General Business, Information Technology, and Information Security.
- Apply a standards based approach to implement the principles and applications of risk management, including business impact analyses, cost-benefit analyses, and implementation methods that map to business needs/requirements.
- Integrate the elements of information security management - Policy, Strategic and Continuity Planning, Programs and Personnel - into a coordinated operation.
- Articulate positive and socially responsible positions on ethical and legal issues associated with the protection of information and privacy.
- Devise incident response strategies, including business continuity planning/disaster recovery planning (BCP/DRP) initiatives, while focusing on cost effectiveness from both a proactive and reactive perspective.