Lead Instructor: Roberto Tamassia

This course covers selected advanced topics in computer security, and expands on some of the topics introduced in previous courses. Advanced security topics are introduced through real-life examples that are relevant to today’s organizations, from small business to global enterprises. The teaching style puts emphasis on independent learning activities for groups and individuals that are relevant to the students’ background.

Topics explored by the students upon completion of the course include: multifactor authentication frameworks and systems; mobile operating systems and apps security; malware detection and intrusion detection; security and privacy in cloud computing and storage; security, privacy, and fairness in machine learning; blockchain technologies and cryptocurrencies; certification, auditing, penetration testing, and stress testing; and physical security and internet-of-things.

Lead Instructor: Anna Lysyanskaya
Instructor: Roberto Tamassia

This course teaches the fundamentals of cryptography. In particular, we will go over the concepts of provable security and study basic cryptographic topics such as encryption, digital signature schemes, zero-knowledge proofs and differential privacy. We will explore a broad range of cryptographic applications, such as protecting the privacy of data, securing communications, cryptographic access control, cryptographic currencies and privacy-preserving technologies. After taking this class, students will be well-versed in past and present cryptography (that is, technologies and tools that are used today) as well as the future of cryptography (that is, technologies and tools that are possible today and likely to enter the marketplace in the future). The teaching style emphasizes the use of the right cryptographic tools to solve security and privacy challenges, and pitfalls that may arise in deploying cryptographic methods in real-life systems. Projects address applications of cryptography to application domains familiar to the students.

Lead Instructor: Tim Edgar

This course covers a variety of cybersecurity law and policy issues. Topics range from private sector information sharing and critical infrastructure protection to cyber crime, internet governance, and international law as it might apply in a cyber conflict. How can we address problems of network and computer insecurity effectively across organizational, national and international boundaries while upholding civil liberties and other fundamental values? The course serves as a case study in how governance structures affect cybersecurity decision making. Students will participate in scenarios in which they will consider cybersecurity policy issues from a variety of perspectives. From the corporate boardroom to the White House Situation Room, students will learn to bridge the law, policy and technology divide.

Lead Instructor: Shriram Krishnamurthi
Instructor: Ernesto Zaldivar
Instructor: Tim Nelson

Security is not solely, or sometimes even primarily, a technical problem; rather, the human aspects are at least as important, especially the ways they interact with the technologies. This course will communicate this point from many perspectives, ranging from behavioral issues to software construction topics to user interfaces and more. Students will emerge with a richer understanding of the strengths and weaknesses of human agents and their interaction with software systems, and thus how they are central to both the occurrence of and of solutions to cybersecurity problems. Projects include case studies on security as it relates to: business workflows, trade-offs with usability, system configuration, and the detection of insider threats.

Lead Instructor: Bernardo Palazzi
Instructor: Patrick Laverty

This course provides a broad introduction to privacy and security issues for computers, mobile devices, and networks. The course also covers principles and skills useful for making informed security decisions and for understanding how security interacts with the world around it. Topics include cryptography, access control, operating systems security, and web and network security. The course aims to balance theory and practice, and focuses on providing live demos and hands-on experience in dealing with current security threats and available countermeasures.

On completion of this course, students will understand security threats to organizations and individuals. Further, they will acquire the right mindset to manage the cybersecurity tradeoffs required to improve the security in their companies and in their digital lives in a sustainable way. Throughout this course, students collaborate on assignments and on peer review as they explore practical applications.

Lead Instructor: Bernardo Palazzi

This course analyzes the practical challenges facing executives of business organizations in managing information technology systems and cyber risks. It focuses on the costs and tradeoffs that are involved in all security and privacy decisions. The teaching style is based on role modeling and students are coached on how to develop operational skills and apply their security background to strategic planning and day-to-day decision making. Projects aim at increasing the students’ confidence about the security decisions they make and at deepening their understanding of globally-accepted security best practices and heuristics.

Lead Instructors: Deborah Hurley, Linn Freedman

Students will learn about and gain practical experience with: the development of modern privacy law around the world; the current US legal and regulatory framework, including protection of personal health, financial, educational, workplace, and other personal data; protection of personal data and privacy around the world, including the European Union General Data Protection Regulation; the relevant institutions, such as the Federal Trade Commission and the Data Protection Authorities; personal data breaches; the privacy and autonomy of the individual in relation to the state, as well as corporations; standards; Privacy by Design; and emerging privacy and data protection issues arising from technological developments, such as drones and driver-less cars.

Upon completion of this course, students will be able: to identify privacy and data protection issues; to apply an analytical framework, based on thorough training, to assess and resolve privacy issues; to communicate effectively about privacy and data protection issues, measures, and solutions to all relevant constituencies, including customers, end users, suppliers, vendors, administrative and regulatory authorities, colleagues, and superiors; and to protect personal data and privacy in a global, robust, sustainable manner.

Lead Instructor: Alan Usas
Critical Challenge Project Advisors: All EMCS Faculty

The Critical Challenge Project (CCP) is central to the Executive Master in Cybersecurity. The project identifies a critical cybersecurity challenge for an organization, drawing from the student’s own work experience. Under the direction of a faculty member, the student analyzes this critical challenge from multiple perspectives and develops a comprehensive plan for addressing it. The CCP draws upon the knowledge and skills gained by the student from each of the EMCS courses, with particular emphasis on integrating technology, policy, and human factor aspects, considering ethical implications, and developing innovative, transformative, and viable solutions. The CCP is expected to be relevant to the student in terms of background, interests, current job, and future aspirations. Also, it should have practical applicability to the field of cybersecurity and take into account multiple stakeholders, such as consumers, developers, policymakers, and government and industry executives.