Kelley School of Business; Maurer School of Law; Luddy School of Informatics, Computing, and Engineering; University Graduate School

Departmental E-mail: cyberinq@indiana.edu

Departmental URL: https://cybersecurityprograms.indiana.edu/

(Please note that when conferring University Graduate School degrees, minors, certificates, and sub-plans, The University Graduate School’s staff use those requirements contained only in The University Graduate School Bulletin.)

Curriculum

Curriculum

Degrees Offered

The Master of Science (M.S.) in Cybersecurity Risk Management is offered in collaboration between the Kelley School of Business, Maurer School of Law, Luddy School of Informatics, Computing, and Engineering, and University Graduate School.

Master of Science in Cybersecurity Risk Management

Requirements

All students must:

1. Successfully complete 30 credit hours in graduate-level work based on the following requirements.
2. Successfully complete CSCI-A 542 Technical Foundations of Cybersecurity.
3. Successfully complete 6 credits in the Experiential Learning Component.
4. Successfully complete 6 credit hours from each partner school (Kelley School of Business; Luddy School of Informatics, Computing, and Engineering; Maurer School of Law).
5. Satisfy Cybersecurity Electives requirement. 

Luddy School of Informatics, Computing, and Engineering/Technical Cybersecurity – minimum six credits required

• CSCI-A 541 Computing and Technology Bootcamp (Students with an undergraduate computer science or computer technology minor or major may not apply CSCI-A 541 to MS in Cybersecurity Risk Management degree requirements.)
• CSCI-A 542 Technical Foundations of Cybersecurity (All students must take CSCI-A 542 Technical Foundations of Cybersecurity.)
• CSCI-B 649 Topics in Systems
  • Topic should be a security or privacy topic. Examples include Data Driven Security & Privacy, and Security & Applied Crypto, and Usable Security & Privacy
• ENGR-E 599 Topics in Intelligent Systems Engineering
  • Topic: Reverse Engineering Embedded Systems
• INFO-I 520 Security and Software Assurance (Prerequisite: CSCI-A 542 or equivalent knowledge)
• INFO-I 521 Malware Threat & Defense (Prerequisite: INFO-I 520. Same as CSCI-B 546.)
• INFO-I 525 Organizational Informatics & Economics of Security
• INFO-I 533 Systems and Protocol Security & Information Assurance (Prerequisite: INFO-I 520 or equivalent knowledge)
• INFO-I 537 Legal & Social Informatics of Security (Prerequisite: basic scripting and/or programming knowledge)
• INFO-I 538 Introduction to Cryptography (Prerequisites: strong mathematical background required along with basic programming/scripting. Same as CSCI-B 504.)
• INFO-I 539 Cryptographic Protocols (Prerequisites: strong mathematical background required along with basic programming/scripting)
• CSCI-A 590/CSCI-B 590/DSCI-D 590/INFO-I 590 Topics
  • Topic must be related to cybersecurity and chosen in consultation with the program director. May only apply to elective requirement.

Kelley School of Business/Information Technology Risk Management – minimum six credits required

• BUEX-C 533 Data Intelligence & Visualization (Prerequisite: successful completion of a college-level database course in which data model—ERD, relational model, etc.—and SQL were taught OR at least one year experience designing database models or querying data using SQL)
• BUEX-C 541 Enterprise Systems
• BUEX-T 510 Digital Enterprise Business Technologies
• BUEX-T 514 Business Capabilities for the Digital Future
• BUKD-C 522 IT Technology for Managers
• BUKD-C 548 Managing Intellectual Property in Global Business
• BUKD-S 575 Business Applications of Machine Learning
• BUKD-T 560 IT Risk Management
• BUKD-T 579 Information Systems Security
• BUKD-T 578 Cybersecurity Law & Policy OR BUS-L 578 Cybersecurity Law & Policy (1.5 cr.)
• BUKD-T 501 Big Data Technologies (Prerequisite: BUEX-C 533)
• BUKD-T 522 IT Architecture

Maurer School of Law/Cybersecurity Law and Policy – minimum six credits required

• LAW-B 504 Intro to Law (audit or 1 cr.) (MS students without prior introduction to American legal system, legal reasoning, and foundational subjects in American law are required to enroll in LAW-B 504.)
• LAW-B 536 Health Privacy Law (2 cr.)
• LAW-B 587 Cybersecurity Law I
• LAW-B 655 Information Privacy Practicum (Prerequisite: LAW-B 708 or LAW-B 728 or LAW-B 587 or LAW-B 738)
  • Selected topics: security, privacy, or technology
• LAW-L 664 Seminar in Information Privacy
• LAW-B 665 Public International Law: Espionage and Cybersecurity
• LAW-B 661 Law & Biomedical Advance
• LAW-B 708 Information Privacy Law I
• LAW-B 728 Information Privacy Law II
• LAW-B 738 Cybersecurity Law II
• LAW-B 764 Topics in Law & Technology
  • Examples include Space & Cyber Governance and Law & Technology Survey
• LAW-L 730 Seminar in Intellectual Property Data Law & Policy
• LAW-L 764 Seminar in Law & Technology

Experiential Learning Component – minimum six credits required. 

• BUS-L 589 Cybersecurity Capstone (Cross-listed with LAW-B 655 for MS/JD students)
• CSCI-B 649 Topic: Cyber Defense Competitions
• GRAD-C 516 Cybersecurity Clinic (Cross-listed with LAW-B 710 for MS/JD students)
• GRAD-C 540 Cybersecurity Internship
• INFO-I 590 Hacking for Defense/Innovation for Impact
• LAW-B 551 Intellectual Property Externship (Or equivalent law school externship relating to cybersecurity. Externship must be approved by CyberRiskMS faculty chair before credits can apply to degree requirements.) (JD/MS students only)

Cybersecurity Electives – minimum six credits required

6 credit hours chosen from the above courses.  Options may include other cybersecurity-related courses or complementary courses as chosen in consultation with the program director.

Concentrations

Students may earn concentrations in “Artificial Intelligence,” “Business,” “Computing,” or “Law” by selecting electives accordingly.

The Business, Computing, and Law concentrations require a total of fifteen credits from the respective course list above.

The Computing concentration requires students to satisfactorily complete CSCI-A 542, INFO-I 520, and INFO-I 533.

The Artificial Intelligence concentration requires students to satisfactorily complete an artificial intelligence project in the Cybersecurity Clinic (GRAD-C 516/LAW-B 710) in addition to twelve credits from the following course list: BUEX-T 510, BUEX-T 514, BUKD-S 575, CSCI-B 505, CSCI-B 551, CSCI-B 555, CSCI-B 561, CSCI-B 565, CSCI-B 657, CSCI-B 659, and CSCI-P 556.

Dual Master of Public Affairs and Master of Science in Cybersecurity Risk Management 

The IU-Bloomington Cybersecurity Program and the O’Neill School of Public and Environmental Affairs offer a dual-degree program that qualifies students for a M.P.A./M.S. in Cybersecurity Risk Management. Study for the dual degree can be combined for a total of 51 credit hours instead of the 78 credit hours required for the two degrees taken separately. Neither degree will be awarded until the requirements for both degrees have been met. The M.P.A. requirements may be taken residentially or online.

Admissions Requirements

Requirements are the same as for the Master of Science degree except that students must also apply to the M.P.A. program at O’Neill and meet its established M.P.A. admissions criteria. Students must be accepted for admission to both units separately in order to be admitted to the program.

Cybersecurity M.S. Course Requirements (30 credit hours):

The M.S. in Cybersecurity Risk Management requires that students take six credits in law courses, six credits in business courses, six credits in informatics or computer science courses, nine credits from a list of elective courses (offered at Maurer, the Kelley School of Business, and the Luddy School of Informatics, Computing, and Engineering), and a three-credit Cybersecurity Risk Management Capstone course. In this combined degree, the Cybersecurity M.S. component uses both required MPA concentration courses and SPEA-V 536 to satisfy the required nine credits of electives.

At least 6 credit hours from Technical Cybersecurity courses offered at Luddy:

At least 6 credit hours from Information Technology Risk Management offered at Kelley:

At least 6 credit hours from Cybersecurity Law and Policy offered at Maurer (with BUKD-T 578 offered at Kelley):

Three credit hours in a Cybersecurity Risk Management Capstone:

Note: Although a Cybersecurity course, this course may count towards an elective course for the specialized concentration for the MPA and will fulfill the experiential requirement. If a student wishes to pursue this route, this course will not count towards the M.S. part of the dual degree.

The MPA Component of the Dual M.P.A./Cybersecurity M.S. Degree (30 credit hours)

O'Neill School M.P.A. Core Requirements (21 credit hours):

*Note: Extremely well-prepared applicants may petition the program director to waive one or more of the core requirements on the basis of advanced course work done elsewhere. Students may be exempted on the basis of satisfactory equivalent course work or by examination. Credit hours waived from the core add to the electives a student may use. Students requesting course waivers should contact the appropriate graduate program director for requirements and guidelines. 

Specialized Concentration (9 credit hours):

MPA Experiential Component (0 credit hours):

Each candidate for the MPA degree must obtain professionally relevant experience through one of the following options.

• Internship – Students who wish to complete an internship must seek counsel in the Career Hub
  (SPEA 200 or oneillcareerhub.indiana.edu) before it begins. The Career Hub will provide details concerning eligibility, procedures, and required paperwork.
  • Internship with course credit (0-3 credit hours) - The MPA experiential component is commonly fulfilled by completing an internship, which must be registered through the O’Neill Career Hub for 0 credit hours (SPEA-V 585). However, MPA-MS Cybersecurity Risk Management students may choose take GRAD-C 516 IU Cybersecurity Clinic (3 credit hours, online) instead. Although a Cybersecurity course, this course may count as an elective course for the MPA specialized concentration and will fulfill the experiential requirement. If a student wishes to pursue this route, this course will not count towards the MS requirements for the dual degree. 

PhD Minor in Cybersecurity

The PhD Minor in Cybersecurity Risk Management should be undertaken with a faculty director and in consultation with the Cybersecurity Program Director. In total, the minor requires the completion of 12 credits. For doctoral students not majoring in a subject housed at the Luddy School of Informatics, Computing, and Engineering (SICE), the Maurer School of Law, or the Kelley School of Business, interested students would take one course from each unit along with an elective.  Students who are majoring in a doctoral subject housed at SICE, Maurer, or Kelley, should take two courses from each of the other partner schools. Detailed below are sample minor programs:

1. PhD Minor in Cybersecurity Risk Management for doctoral students not majoring in SICE, Kelley, or Maurer: at least one course from Kelley, Maurer, and SICE, along with one elective chosen from one of these schools.
   1. Select at least one Maurer course from the following offerings:
      1. LAW-B 708 Information Privacy Law I
      2. LAW-B 728 Information Privacy Law II
      3. LAW-B 587 Cybersecurity Law I
      4. LAW-B 738 Cybersecurity Law II
   2. Select at least one Kelley course from the following offerings:
      1. BUKD-C 522 IT Technology for Managers
      2. BUKD-T 560 IT Risk Management
      3. BUKD-T 578 Cybersecurity Law & Policy
   3. Select at least one SICE course from the following offerings:
      1. For students without a technical background:
         1. CSCI-A 541 Computing and Technology Bootcamp
      2. For students with a technical background:
         1. INFO-I 520 Security and Software Assurance
2. PhD Minor in Cybersecurity Risk Management for doctoral students majoring in SICE, Kelley, or Maurer: two courses the other two partner schools. For example, a SICE doctoral student should pick two Kelley, and two Maurer courses as follows:
   1. Select two Kelley courses from the following offerings:
      1. BUKD-C 522 IT Technology for Managers
      2. BUKD-T 560 IT Risk Management
      3. BUKD-T 578 Cybersecurity Law & Policy
      4. BUKD-T 579 Information Systems Security
   2. Select two Maurer courses from the following offerings:
      1. LAW-B 708 Information Privacy Law I
      2. LAW-B 728 Information Privacy Law II
      3. LAW-B 587 Cybersecurity Law I
      4. LAW-B 738 Cybersecurity Law II