Cybersecurity Policy and Risk Management (M.S.)

This program is offered online.

The M.S. in Cybersecurity Policy and Risk Management (CPRM) program cultivates strategic thinking, policy development, and risk-management skills for students interested in careers in business or government. The program features full-time faculty and industry experts who help blend strategy and policy with preparedness, incident response, recovery, and resilience – the heart of our security studies discipline.

Students may come from business, public administration, healthcare, finance, homeland defense and security, retail, law, insurance, and a myriad of technical and engineering disciplines. Prior experience or undergraduate degrees in technical fields are not required.

This is an online only program, taught over five 8-week e-terms per academic calendar year. In the Capstone-Track (non-thesis), students must take a minimum of 30 credits pursuant to the CPRM requirements. In the Thesis-Track, students take 33 - 36 credits to graduate, depending on the specific nature of the thesis project.

The M.S. CPRM program has two options: Capstone project (non-thesis) option, and Thesis option.1

For the Capstone project (non-thesis) option, students must complete 30 credits (10 courses), consisting of the eight core courses, plus the methodology course CPRM 880 Cybersecurity Metrics and Evaluation, and the concluding experience of CPRM 898 Capstone: Non-Thesis Option.

For the Thesis option, students complete 33 or 36 credits, starting with the eight core courses. Then, depending on the goals and requirements of the thesis topic, the student (in consultation with an advisor and approved by the program coordinator) takes one or both methodology courses CPRM 879 Research Methods2 and CPRM 880 Cybersecurity Metrics and Evaluation. The Thesis option concludes with the 6-credit CPRM 899 Capstone: Thesis Option. The thesis is expected to run at least two e-terms, allowing for the time needed to complete and defend a graduate-level thesis that could support potential candidacy for future doctoral work.

Core Courses (All Required)
CPRM 810Foundations of Cybersecurity Policy3
CPRM 820Policy Development and Communication3
CPRM 830Security Measures I3
CPRM 840Cybersecurity Standards, Regulations, and Laws3
CPRM 850Security Measures II3
CPRM 860Incident Response and Investigation3
CPRM 870Cybersecurity Risk Management3
CPRM 890Organizations, Change Management, and Leadership3
Methodology Courses (select at least one)
CPRM 880Cybersecurity Metrics and Evaluation3
CPRM 879Research Methods 23
Concluding Experience
CPRM 898Capstone: Non-Thesis Option 33
CPRM 899Capstone: Thesis Option6
  • Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity.
  • Analyze the conceptual framework of cybersecurity, and identify & integrate the standards and other resources for the professional development, implementation, and management of cybersecurity policies and methods.
  • Reflect on the organizational structures, information, and skillsets required for ongoing evaluation & revision of cybersecurity in a variety of real-world organizations.
  • Communicate professionally and effectively with upper management, regulators, partners, colleagues, clients, and other end-users regarding cybersecurity planning and incident management.
  • Explain & justify the needs for cybersecurity policy development, implementation, and management (within or across businesses, agencies, other organizations, industries, sectors, and nations).
  • Strategize & customize cybersecurity risk management policies and processes for private or public organizations, with balanced consideration of organizational goals, regulatory mandates, industry best practices, and professional ethics.