Curriculum

The MSISPM Curriculum at a Glance

MSISPM is a full-time Masters program completed in four semesters

An effective mix of core and elective classes
Capstone Experience Information Security project or Masters Thesis with an expert faculty advisor
The ability to exempt core classes based on experience
An excellent mix of instructors from industry and research
The ability to craft independent study courses with faculty

Carnegie Mellon's Masters of Science Degree in Information Security Policy and Management (MSISPM) equips students with the analytical methods, technical know-how and management practices to be leaders in the Information Assurance field.

MSISPM is a professionally oriented degree with an emphasis on industry relevant training to further your career goals.

Sample Curriculum

Fall

Introduction to Information Security Management
Telecommunications Management
Economic Analysis
Statistics for IT Managers
Privacy in the Digital Age
Hacking Exposed

Spring

Decision Making Under Uncertainty
Organizational Management
Financial Accounting
Principles of Finance
Applied Cryptography
Negotiations

Summer

Summer Internship
Or
Master Thesis
Or
Information Security Project

Fall

Security Policy Seminars: Healthcare, Finance, and/or Government
Introduction to Computer & Communications Security
Security Architecture & Analysis

Spring

Project Management
Incident Response
Power & Influence
Information Security Risk Analysis
Information Security Risk Policy & Management

Featured Course: Introduction to Information Security Management

This course introduces students to material that is essential for effectively managing all aspects of an organization's approach to computer and network security. Course topics include a survey of computer system vulnerabilities. Effective cryptographic techniques and protocols, access control policies and mechanisms, also the implications of security technology in the realm of risk management. Students learn how to design and implement computer security policies and standards, how to formulate disaster recovery plans, and how to analyze system security architectures and physical security controls. Additional material covers the legal aspects of computer system auditing in a secure environment, and how to structure the management of a site's computer security on a day-to-day basis. Class projects focus on critical thinking of security managers in mainframe, midrange and network environments as well as research assignments and basic policy creation.