Strategy is the Best Security.
The Executive Master in Cybersecurity offers a comprehensive, rigorous, and timely curriculum that prepares students with the conceptual framework and readiness to respond to challenges in cybersecurity. Outstanding faculty from the Department of Computer Science, the Watson Institute for International and Public Affairs, and other university departments, and highly accomplished practitioners bring diverse perspectives and expertise to the program.
With this program, students:
- Broaden their understanding of cybersecurity and privacy through comprehensive consideration of technology and policy, including economic, human, legal, organizational, and socio-political factors
- Address privacy and personal data protection concerns
- Discuss issues such as cyber intelligence and internet governance
- Develop a principled, forward-looking framework to protect organizations against cyber threats
- Understand the security and privacy implications of emerging technologies, such as big data, cloud computing, mobile computing, social networks, and the internet of things
- Gain proficiency in identifying vulnerabilities, anticipating attacks, using monitoring tools, and developing defensive strategies
- Build organizational resilience, and crisis management and response capabilities
- Develop a viable, actionable solution to an individual, work-related critical challenge
- Experience hands-on demonstrations of cyber vulnerabilities, attacks, and defenses for a concrete and direct understanding of the technological, human, and policy challenges in this field
Lead Instructor: Roberto Tamassia
This course covers selected advanced topics in computer security, and expands on some of the topics introduced in previous courses. Advanced security topics are introduced through real-life examples that are relevant to today’s organizations, from small business to global enterprises. The teaching style puts emphasis on independent learning activities for groups and individuals that are relevant to the students’ background.
Topics explored by the students upon completion of the course include: multifactor authentication frameworks and systems; mobile operating systems and apps security; malware detection and intrusion detection; security and privacy in cloud computing and storage; security, privacy, and fairness in machine learning; blockchain technologies and cryptocurrencies; certification, auditing, penetration testing, and stress testing; and physical security and internet-of-things.
This course teaches the fundamentals of cryptography. In particular, we will go over the concepts of provable security and study basic cryptographic topics such as encryption, digital signature schemes, zero-knowledge proofs and differential privacy. We will explore a broad range of cryptographic applications, such as protecting the privacy of data, securing communications, cryptographic access control, cryptographic currencies and privacy-preserving technologies. After taking this class, students will be well-versed in past and present cryptography (that is, technologies and tools that are used today) as well as the future of cryptography (that is, technologies and tools that are possible today and likely to enter the marketplace in the future). The teaching style emphasizes the use of the right cryptographic tools to solve security and privacy challenges, and pitfalls that may arise in deploying cryptographic methods in real-life systems. Projects address applications of cryptography to application domains familiar to the students.
Lead Instructor: Robert Allio
This course will prepare students to assume greater leadership roles in their organizations by developing and reinforcing critical skills such as persuasive communication, management of change, negotiation, conflict resolution, and ethics.
Lead Instructor: John Savage
This course examines advanced and emerging cybersecurity technology and policy issues. We explore operational security, product development and acquisition, securing enterprise computing, and human factors. We also examine corporate issues that are likely to arise at the national and international levels. These include regulation, breach reporting requirements, and loss of critical services. We also examine Internet governance regimes and norms for states and global ICT companies. Finally, we discuss emerging issues such as moving targets defense, national encryption policies, secure computation, Internet sovereignty, and unusual types of threat. Students are encouraged to reflect on the interactions between policy and technology.
Lead Instructor: Tim Edgar
This course covers a variety of cybersecurity law and policy issues. Topics range from private sector information sharing and critical infrastructure protection to cyber crime, internet governance, and international law as it might apply in a cyber conflict. How can we address problems of network and computer insecurity effectively across organizational, national and international boundaries while upholding civil liberties and other fundamental values? The course serves as a case study in how governance structures affect cybersecurity decision making. Students will participate in scenarios in which they will consider cybersecurity policy issues from a variety of perspectives. From the corporate boardroom to the White House Situation Room, students will learn to bridge the law, policy and technology divide.
Security is not solely, or sometimes even primarily, a technical problem; rather, the human aspects are at least as important, especially the ways they interact with the technologies. This course will communicate this point from many perspectives, ranging from behavioral issues to software construction topics to user interfaces and more. Students will emerge with a richer understanding of the strengths and weaknesses of human agents and their interaction with software systems, and thus how they are central to both the occurrence of and of solutions to cybersecurity problems. Projects include case studies on security as it relates to: business workflows, trade-offs with usability, system configuration, and the detection of insider threats.
This course provides a broad introduction to privacy and security issues for computers, mobile devices, and networks. The course also covers principles and skills useful for making informed security decisions and for understanding how security interacts with the world around it. Topics include cryptography, access control, operating systems security, and web and network security. The course aims to balance theory and practice, and focuses on providing live demos and hands-on experience in dealing with current security threats and available countermeasures.
On completion of this course, students will understand security threats to organizations and individuals. Further, they will acquire the right mindset to manage the cybersecurity tradeoffs required to improve the security in their companies and in their digital lives in a sustainable way. Throughout this course, students collaborate on assignments and on peer review as they explore practical applications.
Lead Instructor: Ravi Pendse
This course analyzes the practical challenges facing executives of business organizations in managing information technology systems and cyber risks. It focuses on the costs and tradeoffs that are involved in all security and privacy decisions. The teaching style is based on role modeling and students are coached on how to develop operational skills and apply their security background to strategic planning and day-to-day decision making. Projects aim at increasing the students’ confidence about the security decisions they make and at deepening their understanding of globally-accepted security best practices and heuristics.
Students will learn about and gain practical experience with: the development of modern privacy law around the world; the current US legal and regulatory framework, including protection of personal health, financial, educational, workplace, and other personal data; protection of personal data and privacy around the world, including the European Union General Data Protection Regulation; the relevant institutions, such as the Federal Trade Commission and the Data Protection Authorities; personal data breaches; the privacy and autonomy of the individual in relation to the state, as well as corporations; standards; Privacy by Design; and emerging privacy and data protection issues arising from technological developments, such as drones and driver-less cars.
Upon completion of this course, students will be able: to identify privacy and data protection issues; to apply an analytical framework, based on thorough training, to assess and resolve privacy issues; to communicate effectively about privacy and data protection issues, measures, and solutions to all relevant constituencies, including customers, end users, suppliers, vendors, administrative and regulatory authorities, colleagues, and superiors; and to protect personal data and privacy in a global, robust, sustainable manner.
Critical Challenge Project
Instructors: All EMCS faculty
The Critical Challenge Project (CCP) is central to the Executive Master in Cybersecurity. The project identifies a critical cybersecurity challenge for an organization, drawing from the student’s own work experience. Under the direction of a faculty member, the student analyzes this critical challenge from multiple perspectives and develops a comprehensive plan for addressing it. The CCP draws upon the knowledge and skills gained by the student from each of the EMCS courses, with particular emphasis on integrating technology, policy, and human factor aspects, considering ethical implications, and developing innovative, transformative, and viable solutions. The CCP is expected to be relevant to the student in terms of background, interests, current job, and future aspirations. Also, it should have practical applicability to the field of cybersecurity and take into account multiple stakeholders, such as consumers, developers, policymakers, and government and industry executives.