Is the master's in Information Security program for me?

If you're already a technology professional, and you're ready to lead, innovate, and learn how to work in a diverse information security environment, our M.S.I.S. program can help. You'll pick up the knowledge and skills you need to take on a managerial role in the information security field.

What will I learn in the master's in Information Security program?

You'll develop a broad understanding of the technical, business, management and policy aspects of information security. Courses will cover infrastructure acquisition, development and evolution; network and software systems risk-assessment and maintenance; secure systems design and implementation; and much more. Overall, you'll have a keen eye for what is and isn't working in an IS environment, and be prepared to make business-critical decisions. Read through the course descriptions below for more details.

What can I do with my master's degree in Information Security?

You'll be qualified to work as a systems security expert who can manage complex data and hardware networks.

Why CityU?

• Because you want an education that's relevant to what's happening in the real world, right now.
• Our faculty instructors are current industry experts and have been in the industry for many years. They're smart, successful people who can help you get there, too.
• CityU is one of the few universities in the Seattle area offering an Information Security degree.
• You can get an education without sacrificing your lifestyle. Complete your coursework on a schedule that works best for you.

How to get started:

Do you have at least a bachelor's degree? If so, you're eligible to apply. Here's how:

1. Chat with an admissions advisor or call 888.42.CityU
2. Apply online
3. Order your official transcripts from other schools you attended
4. Submit application with application fee

The Information Assurance Courseware Evaluation (IACE) Program of the Committee on National Security Systems (CNSS) has certified that City University of Seattle Information Security course of study meets the National Training Standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 (valid through June 2017). Students completing the program will receive a certificate documenting their completion of the CNSS recognized program.

Total Required Credits:		48
Core Courses:		48
ISEC 500	Information Security Overview	3
This course will cover changes in information security management and understanding. The age of information security as technology alone has passed, people currently involved with information security need to understand the entire information security landscape, from rules, laws, corporate laws and rules, decision making, working in teams, leadership, and other ways that information security is changing people and the work place.
ISEC 505	System Administration for Information Security	3
This course looks at the day-to-day systems administration role, and how information security plays a role in patching, updates, configuration, penetration testing and other skills that enhance and provide an important counterpoint to information security and the normal operations of a company. Particular attention will be made in meeting compliance roles such as PCI, HIPAA, and other federal laws, as well as state laws for breech reporting such as HB 1386.
ISEC 510	The Senior Manager and Information Security	3
Senior Managers are responsible for their companies, and this includes information security. This course takes an in-depth look at the role that the Senior Manager has in developing, supporting, running an information security and influencing an information security program in a corporation. This is everything that a Senior Manager needs to know about the information security department that they ultimately are responsible for.
ISEC 515	Privacy and Open Systems	3
Cloud Computing, Web 2.0, open systems, federated identity, and other systems present both an opportunity and a source of potential misuse of data and systems. This course looks at the risks and rewards of using information systems, federated identity, encryption, and other resources, and the particular issues which will impact upon information security and privacy, so that risk in these systems can be managed.
ISEC 520	Ethical Obligations in Information Security	3
This course covers the ethical obligations that information security practitioners face on a day to day level. Using the case studies presented in the books, students will be asked to evaluate the ethical and moral implications of decisions for security and privacy that companies make on a daily basis.
ISEC 530	Cyber Crime	3
Cyber Crime has risen from the average script kiddy, to an elaborate collaborative black market system where data is constantly bought and sold. New malware, new methods of compromised are often built and used by cyber criminals, and companies are not prepared to deal with cyber crime. Every company can become an unwilling participant in cyber crime, this course builds fundamental knowledge of cyber crime, who to involve, and how the police work in the digital environment.
ISEC 540	Cyber Warfare	3
Companies are ill prepared to understand the role that they play in cyber warfare. Companies can become victims of or unwilling participants in cyber warfare. This course covers the concepts of asymmetrical warfare, the ability to respond, working with government entities and police, and how the nation is working on a national cyber warfare policy/program.
ISEC 550	E-Government	3
E-government is difficult to manage and enforce security standards. All governments face an ever-decreasing budget process complicated by political pressures, cyber warfare, cyber crime, and users who will stumble across security issues with an e-government web site. The lessons learned in implementing, managing, comparing multiple types of e-government is a primer for learning about the systems that empower e-government, and how they will be attacked. Students will take away from this course an ability to understand the complex relationship between people, budget, implementation, and standards when building or analyzing an e-government initiative.
ISEC 560	Intellectual Property and Espionage	3
Intellectual Property Protection, industrial espionage is very common. This course provides a fundamental groundwork in methods, tactics like 'spear phishing' and other ways that governments, nation states, criminals, and hackers are all trying to get data from your company.
ISEC 570	Breaking and Securing C#	3
This course goes into the details on how to abuse and otherwise get good C# code to go bad via Fuzzing, Black/White box testing, and other testing methods to work out exactly where code flaws lie in a system.
ISEC 580	Breaking and Securing Java	3
Java is a commonly used programming language that extends the functionality of a web site to make it more interactive, customizable, and share information resources between various information providers. This course reviews the public API's that are available to programmers and teaches students how to evaluate those public API's for information security concerns. Students will review a number of public Java based API's throughout this course and learn to analyze them for common security vulnerabilities. Students will gain an understanding of Java security, how to test security, and how to recommend changes to the public API's to make them safer for consumption. Prerequisite: ISEC 570.
ISEC 590	Breaking and Securing Hybrid Applications	3
This course reviews the security implications around Adobe AIR applications. Adobe AIR provides a Rich Internet Application (RIA) environment that can be used to deliver data to any device. Adobe AIR has many uses for delivering data to clients that must be secured against eavesdropping or modification while that data is in transit. The students will download and work with multiple Adobe AIR applications, and learn how these applications can secure or expose information to hackers. The students will learn how to use Adobe AIR and secure the communications paths that these applications use between the client software on any device and the servers that provide data to those clients. Prerequisite: ISEC 570.
ISEC 600	Elements of Web Site/Application Breaking	3
This course is an advanced course in breaking web based services, how services are exposed, consumed, and how to get them to misbehave. Standard methods such as XSS, CRSF, trust models, exposed API's, manifests, are all ways that a web site can be taken over or used for other purposes.
ISEC 610	Reverse Engineering Code	3
This course covers standards and methods for reverse engineering code, dot net, ASP, C#, obfuscated Java, obfuscated PHP, and other ways that hackers hide malware within links, pages, and other places on a computer. This course covers the basics of reverse engineering code.
ISEC 620	Reverse Engineering Malware	3
This course covers the reverse engineering of malware, using live examples of malware from the internet, the student will work out what the code is supposed to do, how it works, who it communicates with, how it was built, and any 'coder fingerprints' as possible.
ISEC 630	Masters Thesis Capstone	3
The Master's Thesis allows the student to synthesize the information gained in this program and write a formal master's thesis about a subject or topic in information security that interests them.