M.S. Business Cybersecurity Management
Students will complete ten courses (30 credit hours). Courses will include the following subject matter:
BUDA 510. Foundations of Business Intelligence. 3 Hours.
This course provides the foundations for an understanding of Business Data Analytics, giving an overview of the field by covering key concepts including: foundations and technologies of business decision making, data mining, data warehousing, visual analytics, predictive modeling, text analytics, text mining, sentiment analysis, web analytics, business intelligence decision modeling techniques and solutions, expert systems, knowledge management and future technologies.
CYBR PURPOSE: Asset security, asset valuation, security of operations, systems architectures, Identification and framing of questions and problems, using results for decision making, plans of action, business overview of information systems and technologies
BUDA 520. Data Management. 3 Hours.
This course provides an understanding of database design concepts and logic, including data modeling, database design, and the logic of database queries. In order to analyze data, one must be able to access, organize and query databases. The course focuses on relational databases and queries, but also includes object-oriented databases, large volume databases, database performance, scalability and live streaming considerations.
CYBR PURPOSE: Software development security, security models and architecture, computer system architecture, processes and applications, application and system development, user authorization, data queries, logic, algorithms, continuous audit, real time monitoring, process mapping
CYBR 525. Information Security Assurance Management. 3 Hours.
This course will prepare students to learn effective leadership solutions related to the management of security risks and cyber threats in private and public sector organizations including the topics of risk analysis, security controls, risk exposure, risk transfer, quantification of risk such as annualized loss expectancy, attention to insider threat risk identification and reduction, the security auditing role, IT security governance, and security policy management. Computer assisted audit tools will be introduced, and aspects of robust electronic commerce funds transfer mechanisms and security will be learned in the class.
CYBR PURPOSE: Security Management Practices, Risk Analysis, Valuation of Assets, Qualitative vs. Quantitative Risk Methods, Total Risk vs. Residual Risk, Private Industry vs. Military and Government Organizations, Governance, Policy Management, Financial Industry considerations, Budgeting for the Information Security function, Data Center Design, evaluation of Cloud Services security, ROI
CYBR 530. Business Data Communications. 3 Hours.
Provides an overview of corporate data communications networks, the TCP/IP model and related technologies of the data communications corporate infrastructure as well as a survey of the essential tools and strategies for the management of secure, effective business networks. Students will understand key concepts related to optimal, cost effective network architectures, network hardware, and network applications deployment. Requests for Proposal, Service Level Agreements, vendor contracts, issues of web hosting management will be covered. Students will be encouraged to take and pass the Network+ Certification.
CYBR PURPOSE: Telecommunications and network security, OSI model, TCP, IP, Topologies, Protocols, devices, Remote Access, Cryptography introduction, Operations Security, TCP/IP Model and technologies of corporate communications architecture.
CYBR 535. Network Security Management. 3 Hours.
This course focuses on the managerial and technical aspects of information security in corporate and organizational networks. The course covers security issues in information systems, software development, data center design, disaster recovery planning, business impact analysis, business continuity planning, security technologies, implementation, and security strategy. Malware, attack vectors, threats and vulnerabilities will be discussed, along with coverage of the tools required to deliver confidentiality, integrity, authentication, non-repudiation and availability. A variety of cryptographic techniques are included here, along with coverage of effective administration of business security operations. Students will be encouraged to take and pass either the Security +, ISC2 SSCP, or the GIAC certifications (Security Leadership, Systems and Network Auditor or Information Security Professional certifications).
CYBR PURPOSE: Cryptography, BCP, DRP, Data Center design, Physical Security, Malware, Access Controls, Networking Security, Segregation, Isolation, Hardening, Directory, Single points of failure, PKI, Key Management, Attacks and Attack Prevention, Recovery, Testing and Drills, Security Strategies and Management
CYBR 540. Information Ethics and Legal Procedures. 3 Hours.
This course introduces the student to the field of information ethics, including such topics as privacy protection and control, surveillance, link analysis, personally identifiable data, sensitive data, data anonymity, data privacy, data accessibility, data sharing, censorship, intellectual property, accuracy, virtual reality and artificial intelligence. Includes legal procedures and US and foreign laws of data collection and storage, security and law enforcement investigations, as well as compliance management for government, publicly held corporations and the healthcare industry sectors (laws of e-Discovery, compliance for SOX, HIPAA, Gramm-Leach-Bliley Act, CIPA, etc.). Students may wish to take the GIAC certification for Law of Data Security & Investigations or CISA following this course. (3 Hours)
CYBR PURPOSE: Law, investigation and ethics, cyberlaw, identification, protection and prosecution, IP law, discarding equipment and software issues, computer crime investigations, incident handling, what is admissible in court, surveillance, search and seizure, transborder information flows, GDPR, privacy, HIPAA, GLB, Espionage Act, Export Control, SOX, Sovereignty, libel, patents, antipiracy law, rights in the workplace, employee monitoring.
CYBR 545: Business Cybercrime Management
Learn the managerial skills to manage, protect, defend, and audit the security of information systems through hands-on vulnerability assessments, statistical analysis, and risk-based decision making. Students will learn to explain Blue Team / Red Team test plans and will work in the virtual lab space to perform independent testing of safety and mission-critical software systems to ensure that systems will not malfunction and will respond in the desired way under adverse circumstances. Be able to plan, execute, upgrade, and monitor various security controls such as ACLs for the protection of computer networks and information. Upon completion of the course, students should be able to ensure that appropriate, cost-effective business security controls are in place to safeguard digital files and critical electronic infrastructure. Students will learn Incident Response techniques to technological security breaches/viruses as well as to compile required documents for internal and external IT security audits. Students may wish to take the CISA (ISACA Certified Information Systems Auditor) certification
CYBR PURPOSE: Respond to problems and incidents, minimize operational impact, investigate incidents, track systems performance, analyze user behavior, identify risks and attacks and execute necessary actions to avoid and reduce the threats from these risks and attacks, maintain CIA, managerial and technical aspects of complex cybersecurity topics, porn and spam filters, tracing and information gathering, file integrity, injection attacks, pen testing
ACCT 582 Fraud Data Analysis. 3 Hours.
Digital prevention and deterrence, digital evidence, digital detection and investigation including data mining, digital presentation and reporting tools, cyber-crime and electronic case management tools.
CYBR PURPOSE: Security Management Practices, Security Administration and Controls, CIA, Security Intrusion and Detection, Computer Crime Investigations
BUDA 550. Business Data Visualization. 3 Hours.
This course introduces students to data and information visualization, including both theoretical and practical aspects. In addition to basic visualization techniques, the course covers the application of multivariate techniques in an environment that includes large data sets. Students are involved in both the creation of visualizations, as well as their interpretation.
CYBR PURPOSE: Managerial level analysis of security operations and trend management and observation, managerial presentation, analytical tools via data visualization toolkit, graphics, charts, interactive visuals, pattern determination, building custom dashboards for CYBR management
CYBR 555. Cybersecurity Management Practicum. 3 Hours.
This course provides students the opportunity to engage in a full scale cybersecurity experiential learning program, to be planned, supervised, and evaluated for credit by faculty and field supervisors. The intent of the course is to provide experiential learning opportunities through which students can sharpen their Business Cybersecurity skills through teamwork, professional communication, problem solving, and engagement with a real world business cyber problem. Project work will include working with a client organization to provide an analysis, data collection and recommended solution to a cybersecurity business problem. Involves temporary placement with public or private enterprise for professional competence development.
CYBR PURPOSE: This capstone class will pull together the student’s curriculum into a holistic summary, enabling the development of a full scale cybersecurity business analysis report and project summary, with formal presentation to a client sponsor. Communication of results to top management.