Curriculum

Prepare to become an effective cybersecurity professional

Indiana University’s M.S. in Cybersecurity Risk Management is a 30-credit hour program that you can customize to fit your schedule. You can complete your degree in as little as two years—or you can take up to five years. You may enroll full time on the IU Bloomington campus or online, although certain courses may be available only online or only in person.

What you’ll learn

There is no set sequence of courses, so you have the flexibility to plan each semester with ease. You must take at least 6 credit hours in each of the following areas:

  • Technical cybersecurity
  • Information technology risk management
  • Cybersecurity law and policy

If you don’t have a technical background but wish to pursue a concentration in this area, you must enroll in appropriate prerequisites before taking upper-level cybersecurity coursework. Program staff will work with you to ensure that you meet the requirements.

You’ll also get hands-on experience with a cybersecurity risk management practicum. In this 3 credit hour capstone project, you will gain real-world consulting experience and find solutions for Indiana government agencies, local governments, and schools. Your recommendations will strengthen your skills—and minimize cyber threats.

The remainder of your 9 credit hours will come from courses you’ll select based on your interests.

Sample courses

Individual course offerings may change from semester to semester. Here’s a small sample of the topics you can study as an M.S. in Cybersecurity Risk Management student.

This course is about technology and how to leverage a company’s investment in its technology to achieve its business and IT strategy. We will do this by analyzing:

  • The value that IT delivers
  • The risks that IT manages
  • The cost of providing service to the business

Today’s IT organizations are complex and under tremendous pressure to deliver new advanced capabilities while keeping existing business capabilities operational. Meeting these goals requires a well–thought out technology strategy grounded in a business strategy. Yet, delivering on the promises of a technology strategy is not easy. In this course, we will focus on how to analyze problems and situations, assess risk, communicate impact, and develop viable solutions to meet the goals of the technology strategy.

This course will help you dig deeper under the covers of a problem, use a fact-based approach based on standards, arrive at a sound conclusion, and make recommendations on how to proceed—all skills you will need regardless of field, industry, or experience level.

Enhancing cybersecurity is a critical issue affecting the competitiveness of firms and the security of governments. Increasingly policymakers are fashioning regulatory schemes around the world that promise to shape not only the day-to-day realities of operating information systems, but also cyberspace itself.

This course takes an interdisciplinary, global approach to introduce you to cybersecurity risk management. Course content includes comparative and international law related to managing cyberattacks. Connected topics such as internet governance, privacy, and cybersecurity codes of conduct will also be addressed.

The primary aim of this course is to provide you with a basic working knowledge of cybersecurity law and policy, focusing on the United States but put in a global perspective.

This course is a high-level introduction to the many technologies and concepts that underlie modern security, for nontechnical students. This course will not make you an expert in any of the subjects covered, but will make you able to be conversant, understanding the major ideas and technical requirements of many different technologies. The objective is to understand these technologies so that you can better assess current policies and make better-informed business, legal, and policy decisions. You will be able to identify and describe computing, data networking, and core cybersecurity technologies.

This course covers topics such as cryptography and public key infrastructure, authentication, malicious software, denial of service attacks, firewalls and intrusion detection, and software security.

Privacy law and policy is one of the most important and rapidly expanding (and changing) fields in the world today. Increasingly most aspects of daily life involve the (often unwitting) collection, communication, and use of personal data. As personal data are generated and collected more widely, and are far more revealing, governments are challenged to determine the proper limits and regulatory structures to enforce those limits, while businesses and other data users must determine how to comply with those emerging rules, often in the context of new technologies and unclear norms.

This course will address the jurisprudential, policy, and constitutional background to privacy; the intersection of privacy and free speech; and privacy in law enforcement and national security contexts. You will:

  • Develop substantive knowledge in the areas listed
  • Build a foundation for understanding underlying jurisprudential and policy perspectives on privacy law and privacy generally
  • Learn how to read, brief, and apply case law
  • Focus on practice pointers and pragmatic considerations raised by course materials
  • Identify and explore potential ethics and legal ethics issues raised by course materials
  • Demonstrate the ability to synthesize lessons from course materials through the final course essay(s) and other written assignments

Ready to get your Master's in Cybersecurity Risk Management?

Take the next step by requesting information about the M.S. in Cybersecurity Risk Management program or starting your application.