Online
Schedule an appointment Call 877-308-9954

Online Master of Science in Cybersecurity Curriculum and Course Descriptions

Total credits: 36 credit hours

Cost per credit hour: $690

Estimated cost, plus fees: $24,840

In looking at other programs … there seemed to be an absence of cohesive curriculum design. Not with our program. While others are more a collection of disparate courses, our cyber curriculum was very intentionally put together to take a comprehensive approach.” – Bob Andersen, Director of Instructional Technology, Saint Mary’s University of Minnesota

The 36-credit online Master of Science in Cybersecurity equips you to manage information security programs in small, medium and large organizations.

This curriculum was crafted by people who understand the hiring needs for cybersecurity positions, including real working professionals, hiring managers, information security executives and government officials.

Unlike most other colleges with cybersecurity courses, ours gives you the business leadership skills to manage security information functions and teams in business, finance, retail, nonprofit, healthcare, government, education and other sectors.

Through cybersecurity courses online, you’ll learn to apply risk management frameworks, methods and strategies; enhance the protection of enterprise-wide information assets; and detect and plan for cyber-attacks on networks and computer systems.

Prerequisite Course

Students who have not taken a foundational computer networking course and/or lack previous experience in the networking technology field may be required to take CYBR 590 Computer Networking (3 cr.) as part of their program.

 

Core Courses

CYBR 600 Foundations of Cybersecurity (3 credits)

This course provides an overview and foundational understanding of concepts essential to the cybersecurity professional to evaluate best practices in implementing security systems within the enterprise. This course covers key bodies of knowledge in security, privacy, and compliance.  Topics include security planning, risk management, security technologies, basic cryptography, digital forensics, application security, intrusion detection and prevention, physical security, and privacy issues.

  1. Upon completion of the course, students are expected to be able to do the following:
  2. Apply the principles of information technology security.
  3. Analyze situations of computer and network usage from a security perspective to develop a security mindset.
  4. Explain information security’s importance in our increasingly computer-driven world.
  5. Identify appropriate strategies to ensure confidentiality, integrity, and availability of information.
  6. Express management’s role in the development, maintenance, and enforcement of an information security program.
  7. Describe the relationship among laws, regulations, and professional issues in information security.
  8. Articulate how cryptography serves as the central language of information security.
  9. Analyze how physical security fits within an information security program.
  10. Define the roles of computer forensics in information security.
  11. Apply basic software tools for assessing the security posture of a business.
  12. Explain how issues of privacy relate to business information security.

CYBR 605: Security Architecture (3 credits)

This course introduces the student to the importance of security architecture design in enterprise security.  Students are presented with a structured approach to the steps and processes involved in developing comprehensive and layered security architectures.  Students evaluate the principles, attributes, and processes used in designing and deploying architecture that supports the business objectives of the enterprise.

Upon completion of the course, students are expected to be able to do the following:

  1. Select from the dominant information security management models, including U.S. government sanctioned models, to meet an organization’s needs.
  2. Create a strategic plan to accomplish an organization’s strategic security objectives.
  3. Identify different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of a security policy framework.
  4. Apply principles of corporate governance to the information security function.
  5. Utilize information security knowledge and infrastructure efficiently to manage resources.
  6. Measure and report information security metrics to ensure that organizational objectives are achieved.
  7. Optimize information security investments in support of organizational objectives.

CYBR 610: Network Security and Intrusion Detection (3 credits)

This course provides a comprehensive overview of network security and intrusion detection. Students focus on methods for securing networks, and utilize these methods in basic architectural design. Students will apply these methods to a cohesive network security strategy. Topics include investigation of areas such as network analysis, perimeter defense strategies, network monitoring, vulnerability and intrusion detection, and security in mobile and wireless environments.

Upon completion of the course, students are expected to be able to do the following:

  1. Implement secure design principles in network architectures.
  2. Integrate secure network components through knowledge of the operation of hardware, transmission media, network access control devices, endpoint security, and content-distribution networks.
  3. Implement secure communication channels according to design that involve voice, multimedia collaboration, remote access, data communications, and virtualized networks.
  4. Specify procedures to recover from attacks on network systems.
  5. Conduct logging and monitoring activities to support intrusion detection and prevention, and event management.
  6. Identify threats and vulnerabilities in networked systems.

CYBR 615: Cybersecurity Change Management (3 credits)

This course describes the business context in which a cybersecurity professional must function within an organization. Students examine the interplay between business process and cybersecurity issues in mitigating security threats. An overview of audit, compliance, regulation and liability for business security are provided, along with how to construct effective continuity and disaster recovery plans, is provided.

Upon completion of the course, students are expected to be able to do the following:

  1. Manage business decisions affected by changing and diverse external and internal security threats.
  2. Align security functions to business strategy, goals, mission, and objectives.
  3. Determine compliance requirements among contractual, legal, regulatory, privacy requirements, and industry standards.
  4. Outline legal and regulatory issues that pertain to information security in a global context in areas such as cyber-crimes and data breaches, licensing and intellectual property requirements, import/export controls, trans-border data flow, and privacy.
  5. Identify, analyze, and prioritize business continuity requirements through development of a scope and plan and business impact analysis.
  6. Implement disaster recovery processes and understand concepts of response, recovery personnel, communications methods, damage assessment, system restoration and training and security awareness.
  7. Address security concerns related to personnel safety, travel, security training and awareness, and emergency management.
  8. Develop a security awareness and training program.

CYBR 620: Operational Security Policy (3 credits)

In this course, students examine the roles of security policies, standards and procedures in addressing business and technical security risks. Students explore the types of policies that are part of an overall security strategy. Policies are discussed that drive computer security, including discretionary access control, mandatory access control, and role-based access control types of policies, and how these are used in organizations. Students develop policies and deployment plans as part of the comprehensive strategic plan for the enterprise.

Upon completion of the course, students are expected to be able to do the following:

  1. Develop high-level security policies that directly support the mission, vision, and direction of an organization.
  2. Develop issue-specific policies to control use of resources, assets, and activities to support the organization’s goals and objectives.
  3. Develop system-specific policies that express technical details for the implementation, configuration, and management of the system that includes configuration rules and access control.
  4. Develop, document, and implement security policy, standards, procedures, and guidelines.
  5. Create security procedures and administration controls for the enterprise.
  6. Evaluate physical and logical access to assets such as information, systems, devices, and facilities.
  7. Manage identification, authentication, and authorization of people, devices, and services.

CYBR 625: Risk Management (3 credits)

This course includes a study of the existing risk management frameworks, models, processes and tools to provide students with the theory and practical knowledge needed to operationalize risk management in an organization or government agency. Additionally, fundamental concepts in information technology security audit and control processes for an organization are discussed. Students learn to create a control structure and audit an information technology infrastructure.

Upon completion of the course, students are expected to be able to do the following:

  1. Perform a risk assessment to determine the extent that an organization’s technology assets are exposed to risk.
  2. Demonstrate the concepts of risk appetite and residual risk as they apply to information assets of an organization.
  3. Complete a threat assessment that identifies asset vulnerabilities and ranks threats based on likelihood and financial impact.
  4. Apply the risk control strategies of transfer, mitigation, acceptance, and termination and how a cost-benefit analysis is utilized in determining which strategy to implement.
  5. Employ risk assessment and analysis techniques that include risk response and countermeasure selection and implementation.
  6. Apply risk-based management concepts to the supply chain with an understanding of risks associated with hardware, software, and services.
  7. Conduct a security control testing plan that involves a vulnerability assessment, penetration testing, log reviews, synthetic transactions, code review, and interface testing.
  8. Verify controls are applied consistently.
  9. Define how business alignment, risk appetite, and risk aversion affect the security program implementation.

CYBR 630: Communication for Cybersecurity Professionals (3 credits)

This course introduces students to the foundations of communication in a business setting as a critical component for success in the workplace. Students develop a foundation for designing effective messages, both written and oral, from concept to delivery. This course emphasizes elements of persuasive communication:  how to design messages for diverse and possibly resistant audiences and how to present that information in a credible and convincing way.

Upon completion of the course, students are expected to be able to do the following:

  1. Develop a persuasive argument to promote change.
  2. Apply the principles of communication theory as it applies to interpersonal and group communication.
  3. Deliver a message that is both transformational and motivational to an audience.
  4. Demonstrate a professional manner and style in all communications.
  5. Communicate priorities facing leaders in response to changing conditions in computer security.
  6. Establish and maintain a security awareness, education, and training program.
  7. Address conflict strategically to advance organizational security.
  8. Present data in a visual format.

CYBR 635: Data Privacy (3 credits)

This course introduces techniques for information distribution in such a way that data privacy is protected. It discusses models and frameworks for privacy protection that support privacy enhancements from economic, legal and policy perspectives. Fundamentals of cryptographic theory and practice along with its applications are introduced in topics such as classical and contemporary ciphers, encryption and decryption, breaking ciphers, cryptographic protocols, and analysis tools.

Upon completion of the course, students are expected to be able to do the following:

  1. Protect privacy and understand concepts such as data owners, processors, collection limitations, and ensure proper asset retention.
  2. Analyze key laws designed to protect privacy.
  3. Determine data security controls through an understanding of data states, standards selection, and data protection methods, and establish information and asset handling requirements.
  4. Develop data standards related to the data life cycle, control, specification, storage, archiving, and responsible personnel.
  5. Explain the basic principles of cryptography, including various cipher methods, hash functions, and cryptographic algorithms.
  6. Identify the major protocols used for secure communications for both wired and wireless networks.

CYBR 640: Leadership and Ethics (3 credits)

This course focuses on the development of leadership skills used in managing a successful security program. Students analyze the role of a leader in business focusing on decision-making, management of group dynamics, workplace stress and conflict, motivation of employees, and planning. Ethics and social responsibility will be emphasized throughout the course.

Upon completion of the course, students are expected to be able to do the following:

  1. Apply and integrate business ethics related to information technology and security.
  2. Apply analytical principles and skills to make complex strategic decisions.
  3. Examine the role of the manager as a leader, and understand how one’s own influences and culture shape interpersonal relationships.
  4. Develop and participate in networking opportunities with cybersecurity professionals in other industries and organizations.
  5. Analyze ethical dilemmas in which human beings, information objects, and social computing technologies interact.
  6. Identify and understand the cultural influences that shape behavior and work views.
  7. Utilize effective motivational techniques to collaborate in complex work teams.
  8. Define, adhere to, and promote professional ethics and organizational code of ethics.

CYBR 645: Incident Response and Investigation (3 credits)

This course introduces the principles and best practices for incident response, along with an overview of digital forensics. Students understand the goals of incident response and learn how to prepare and respond to information security incidents and understand how the incident occurred. Students understand the process of collecting and analyzing data, and the process of remediation. The course outlines the investigative and analysis process, tools, digital evidence and applicable law with a focus on computer, mobile, network and database forensics.

Upon completion of the course, students are expected to be able to do the following:

  1. Implement the basics of evidence collection and documentation, reporting, investigative techniques, digital forensics tools, and procedures.
  2. Interpret requirements for investigation types of administrative, criminal, civil, regulatory, and industry standards and the associated costs.
  3. Identify the implications of data location in responding to security incidents.
  4. Conduct incident management through all stages of a breach with knowledge of detection, response, mitigation, reporting, recovery, and remediation.
  5. Adjust preventative measures in response to security incidents.
  6. Implement recovery strategies such as backup, recovery sites, multiple processing sites, and system resilience via high availability, Quality of Service (QoS), and fault tolerance.
  7. Develop incident reports and analysis presentations.

CYBR 650: Ethical Hacking and Defense (3 credits)

This course includes a study of theoretical and practical aspects of network and web application penetration testing. Students are able to evaluate the security of a network or system's infrastructure and outline how hackers find and attempt to exploit any vulnerabilities. Included in the course are in-depth details on ethical hacking, including reconnaissance, vulnerability assessment, exploitation, maintaining access and covering tracks. Current tools and methodologies are stressed.

Upon completion of the course, students are expected to be able to do the following:

  1. Explain the regulatory/legal requirements and rationale for penetration testing.
  2. Interpret and differentiate cyber threats and exploits in a penetration testing context.
  3. Distinguish key phases of ethical hacking: reconnaissance, scanning, gaining access, maintaining access, and covering the tracks.
  4. Perform protocol analysis using packet captures and analysis data using a network sniffer.
  5. Investigate and uncover network devices, operating systems, and services.
  6. Discover network security issues using an intrusion detection tool.
  7. Leverage penetration testing applications to recognize information targets across operating systems and services.
  8. Implement scripts and tools to assist in penetration testing.
  9. Deploy and test exploits targeting operating systems and services.
  10. Identify and exploit various vulnerabilities in web applications.

CYBR 690: Security Operations and Leadership Capstone (3 credits)

Prerequisites: All required coursework completed or co-requisite.
This course provides an opportunity for students to integrate their learning across the program into a case study project. Students complete a risk analysis, vulnerability and threat analysis, security infrastructure requirements, logical design, physical design, management design, pricing, and implementation planning.

Upon completion of this course, students are expected to be able to do the following:

  1. Evaluate the information security needs of an organization.
  2. Use secure design principles through an understanding of the fundamental concepts of security models.
  3. Complete the risk management process that adequately protects an organization’s critical information and assets.
  4. Provide recommendations for logical, physical, and management design.
  5. Develop an implementation plan.
  6. Prepare complete documentation and executive summary of the case study analysis.
  7. Present case analysis with narrative and visual aids.

Find out more about how the Master of Science in Cybersecurity from Saint Mary’s can benefit your career: call 877-308-9954 to speak with an enrollment counselor or request more information.

 

Current Degree Requirements

For current degree requirements, visit the Saint Mary's University of Minnesota Course. Catalog at https://catalog.smumn.edu