Cybersecurity Policy and Risk Management (M.S.)
This program is offered online.
The M.S. in Cybersecurity Policy and Risk Management (CPRM) program cultivates strategic thinking, policy development, and risk-management skills for students interested in careers in business or government. The program features full-time faculty and industry experts who help blend strategy and policy with preparedness, incident response, recovery, and resilience – the heart of our security studies discipline.
Students may come from business, public administration, healthcare, finance, homeland defense and security, retail, law, insurance, and a myriad of technical and engineering disciplines. Prior experience or undergraduate degrees in technical fields are not required.
This is an online only program, taught over five 8-week e-terms per academic calendar year. In the Capstone-Track (non-thesis), students must take a minimum of 30 credits pursuant to the CPRM requirements. In the Thesis-Track, students take 33 - 36 credits to graduate, depending on the specific nature of the thesis project.
The M.S. CPRM program has two options: Capstone project (non-thesis) option, and Thesis option.1
For the Capstone project (non-thesis) option, students must complete 30 credits (10 courses), consisting of the eight core courses, plus the methodology course CPRM 880 Cybersecurity Metrics and Evaluation, and the concluding experience of CPRM 898 Capstone: Non-Thesis Option.
For the Thesis option, students complete 33 or 36 credits, starting with the eight core courses. Then, depending on the goals and requirements of the thesis topic, the student (in consultation with an advisor and approved by the program coordinator) takes one or both methodology courses CPRM 879 Research Methods2 and CPRM 880 Cybersecurity Metrics and Evaluation. The Thesis option concludes with the 6-credit CPRM 899 Capstone: Thesis Option. The thesis is expected to run at least two e-terms, allowing for the time needed to complete and defend a graduate-level thesis that could support potential candidacy for future doctoral work.
|Core Courses (All Required)|
|CPRM 810||Foundations of Cybersecurity Policy||3|
|CPRM 820||Policy Development and Communication||3|
|CPRM 830||Security Measures I||3|
|CPRM 840||Cybersecurity Standards, Regulations, and Laws||3|
|CPRM 850||Security Measures II||3|
|CPRM 860||Incident Response and Investigation||3|
|CPRM 870||Cybersecurity Risk Management||3|
|CPRM 890||Organizations, Change Management, and Leadership||3|
|Methodology Courses (select at least one)|
|CPRM 880||Cybersecurity Metrics and Evaluation||3|
|CPRM 879||Research Methods 2||3|
|CPRM 898||Capstone: Non-Thesis Option 3||3|
|CPRM 899||Capstone: Thesis Option||6|
Note that in particular circumstances, the program coordinator may approve CPRM 895 to substitute for a required course in this program. This is by approval of the program coordinator only, and is intended for those rare circumstances that may be necessary due to work or family situations. CPRM 895 may be used no more than twice (up to 6 credits).
Depending on availability and approval by the Education program and the CPRM program coordinator, the online section of EDUC 882 Introduction to Research Methods may substitute for (is an equivalent for) CPRM Research Methods.
The capstone (non-thesis) project is custom-designed by each student (in cooperation with an advisor) and requires that students synthesize, apply, and evaluate their knowledge to address real-world or work-related challenges in cybersecurity. The project also requires research into the chosen challenge / problem.
- Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity.
- Analyze the conceptual framework of cybersecurity, and identify & integrate the standards and other resources for the professional development, implementation, and management of cybersecurity policies and methods.
- Reflect on the organizational structures, information, and skillsets required for ongoing evaluation & revision of cybersecurity in a variety of real-world organizations.
- Communicate professionally and effectively with upper management, regulators, partners, colleagues, clients, and other end-users regarding cybersecurity planning and incident management.
- Explain & justify the needs for cybersecurity policy development, implementation, and management (within or across businesses, agencies, other organizations, industries, sectors, and nations).
- Strategize & customize cybersecurity risk management policies and processes for private or public organizations, with balanced consideration of organizational goals, regulatory mandates, industry best practices, and professional ethics.