Cybersecurity Risk Management Certificate
The rapid introduction of new technologies into the enterprise has helped companies enter new markets, connect with customers in more meaningful ways and seize new opportunities. But these advantages have also introduced new risks and vulnerabilities, with interconnected networks offering multiple points of entry for dedicated attackers searching for valuable data. The management of cybersecurity risk has become a core operational concern, requiring an effective partnership of both business and technical leaders within the organization, as well as effective collaboration with external parties — including interconnected business partners and customers.
Stevens brings an established tradition of leadership in cybersecurity to its interdisciplinary graduate certificate in Cybersecurity Risk Management. This program is designed to demonstrate methods to analyze cybersecurity risks in organizations using a multidisciplinary approach, including the examination of fundamentals; prevailing legal and regulatory frameworks; and risk analysis techniques to provide a basis for understanding the nature and technical complexities of interconnected, and therefore interdependent, systems, organizations, and markets. The curriculum's mix of business and computer science classes positions students to become leaders capable of shaping cyber strategy across the enterprise.
Upon completion of this certificate, students will be able to:
Apply concepts of risk management to the organizational cybersecurity context.
Analyze enterprise cybersecurity requirements.
Understand the impact of cybersecurity laws and industry-specific regulations on organizational planning.
Evaluate complexities created by the network interconnection of firms and markets.
Continuously monitor the threat landscape and adjust the enterprise cybersecurity strategy accordingly.
MIS 645 Cybersecurity Principles for Managers
This course explores cybersecurity topics from a business context in alignment with prevailing standards and guidance. The major domains of security are explored from organizational management, risk and technical perspectives. Critical security goals of confidentiality, integrity and availability are discussed. Security challenges are presented from the enterprise perspective, with attention to the intersection of individual, organizational and technical cybersecurity concerns.
CS 506 Introduction to IT Security
This course provides an introduction to key concepts in security. It covers basic concepts such as authentication, confidentiality, integrity and nonrepudiation, as well as important techniques and applications. Topics include access control, security economics, ethics, privacy, software and operating system security, and security policies.
CS 594 Enterprise and Cloud Security
This course considers security and privacy from the perspective of enterprise and cloud applications. An underlying theme of the course is risk analysis for managing information security. The OCTAVE Allegro approach is considered as an example risk management process. All security concepts are covered from first principles. Assignments involve building secure enterprise applications, including secure Web services and PKI.
Students also choose any three of the following to complete the certificate.
CS 595 Information Security and the Law
This course provides an in-depth coverage of the state and federal laws that concern information security and various areas of application. Topics include the U.S. legal system; federal privacy regulations; information security in education, healthcare and corporate environments; breach notification laws; intellectual property law; security governance; legal aspects of risk analysis, incident response and contingency planning; as well as regulations in the global context.
CS 578 Privacy in a Networked World
Increasing use of computers and networks in business, government, recreation and almost all aspects of daily life has led to a proliferation of online sensitive data. Concern about the ownership, control, privacy and accuracy of these data has become a top priority. This course focuses on both the technical challenges of handling sensitive data, as well as the policy and legal issues facing data subjects, data owners and data users. Course readings draw on a variety of sources, including both technical materials and the popular press.
FIN 545 Risk Management for Financial Cybersecurity
This course examines topics related to efforts to maintain security over financial systems within the organization. Students examine recent financial systems breaches, and consider common threats and vulnerabilities related to financial systems. Several methods of risk assessment are explored, as well as the creation of risk treatment strategies, including the design of internal technical and process controls. Students analyze relevant financial services industry regulation and discuss organizational compliance requirements. Response planning is examined for information and cybersecurity breaches.
TM 510 Business Information Networks
This comprehensive course examines LANs; TCP/IP; routing protocols; congestion control techniques; internetwork operation and internet applications, including VoIP. Emphasis is placed on protocol and network architecture, protocol operation, advantages and disadvantages of each approach, and applications. Specific topics include LAN architecture and protocols, IP protocol architecture and addressing, TCP protocol operation, internet routing, flow and congestion control, multicasting, mobile IP, DHCP, and an introduction to SDN. This course also includes a virtual network simulator that provides valuable and practical examples to support and extend the concepts examined in the lectures.