M.S. in Information Security Management

M.S. in Information Security Management

The Master of Science Degree in Information Security Management

The MSISM (Management) Program is designed to help a candidate become the highest-ranking management employee in an IT Security organization. In the government this is often called the Designated Approving Authority, or Information Assurance Manager (IAM). In the industry, titles such as Chief Security Officer or Chief Information Security Officer are often used. In addition to the strong writing skills the program produces through the GIAC Gold program or the Writing Assignments for all courses, the community project requirements training includes teamwork and oral presentation practice. More information about GIAC Gold can be found at http://www.giac.org/gold

MSISM Core, mandatory courses

Version 1.8 November 20, 2009

Previous Mandatory Course: 1.7 May 1, 2009 - Nov. 19, 2009
Previous Mandatory Course: 1.6 September 15, 2008 - February 25, 2009
Previous Mandatory Course: 1.5 May 22, 2008 - September 14, 2008
Previous Mandatory Course: 1.4 August 10, 2007 - May 21, 2008
Previous Mandatory Course: 1.3 February 29, 2007 - August 9, 2007
Previous Mandatory Course: 1.2 October 4, 2006 - February 28, 2007
Previous Mandatory Course: 1.1 March 20, 2006 - October 3, 2006
Previous Mandatory Course: 1.0 December 2005 - March 19, 2006

Course Descriptions: Conference course descriptions are available at https://www.sans.org/training/courses.php. If students wish to take some courses in other than a conference setting, they should click on the tab above called "Course Delivery Options" to see which course delivery options are acceptable for master's students.

Course Credits
MGT 512: SANS Security Leadership Essentials For Managers with Knowledge Compression™, GIAC GSLC Gold 3
SEC 504: Hacker Techniques, Exploits, and Incident Handling, GIAC GCIH Gold 4
MGT 404: Fundamentals of Info Sec Policy, Exam/Substitute
MGT 438: How to Establish a Sec Awareness Program, Exam/Substitute
(formerly the above 2 courses were called MGT 524 Sec Policy & Awareness-GSPA)
MGT 421: SANS Leadership and Management Competencies, Exam/Substitute 1
MGT 525: Project Management and Effective Communications for Security Professionals and Managers, GIAC GCPM Gold 4
- Project Management Institute Certification can be substituted for GCPM
- It is recommended that MGT 525 be completed before the Joint Written Project is started.
LEG 523: Legal Issues in Information Technology & Information Security, Exam/Substitute 3
MGT 411: SANS 27000 Implementation & Management, GIAC G7799 Gold 4
AUDIT REQUIREMENT: one of Audit 507 Auditing Networks, Perimeters, & Systems, GIAC GSNA Gold; or successful completion of CISA exam and the Written Assignment 4
* This rapidly evolving field affects course development. Before starting, check with college for latest requirement.

(A) At least "six-days" of course(s) from the following:

Example: If a student is interested in a particular three-day course below, then such student also will need to take another: three-day course OR a two-day course and a one-day course OR three one-day courses.

- DEV 422: Web Application Security Essentials
- DEV 542: Web Application Penetration Testing & Ethical Hacking, GIAC GWAPT
- DEV 536: Secure Coding for PCI Compliance
- DEV 538: Web App Pentesting Hands on Immersion
- DEV 545: Secure coding in PHP: Developing Defensible Applications
- DEV 534: Secure Code Review for Java Web Apps
- DEV 544: Secure coding in .Net: Developing Defensible Applications
- DEV 320: Intro to Microsoft Security Development Lifecycle
- DEV - - -: Software Security Project (independent study). Student will develop a proposed software security project topic, ask a SANS faculty member (certified/senior/fellows faculty) if he/she is willing to act as adviser. That adviser will submit the proposed topic to STI for review and determination of how many credits will be attributed to the independent study, will provide guidance to the student, and will grade it as pass/fail.

(B) Exams for each chosen course (but not for the DEV - - - Software Security Project). If GIAC exam(s) is not available, substitute exam(s) / assignment(s) will be given.

(C) Except for DEV --- Software Security Project, a Written Assignment is NOT required [unless written assignment(s) are required as "substitute assignment(s)" when GIAC exam(s) are not available.]

COMMUNITY PROJECT REQUIREMENTS must be completed. See www.sans.edu/programs/community.php 3
Total: 31 credit hours

Each exam score must be at least 80 (or 80 average if applicable).

The final course grade will be based on the latest recert scores just before graduation requirements are met. See the tab above titled Recertification Policy that discusses whether or not recertification is required.

When a GIAC Gold Paper/Written Assignment is required, the student must also pass the GIAC Gold/Written Assignment before the grade can be assigned.

If a GIAC exam is a requirement but is not available, then the college provides a substitute exam/assignment.