1-800-460-5597 (US & Canada)
Bachelor's and Certificate Admissions
Today’s organizations rely on the Internet to conduct business and share information with their employees and customers in real time. With this reliance, however, comes an increased risk for information security breaches and critical business disruption. Now more than ever, organizations are looking to information security professionals who understand the complexity of today’s information technology infrastructures, the effect of technology on business objectives, and the importance of recognizing and managing risk to design and implement their information security and assurance strategies.
Norwich University’s Master of Science in Information Security & Assurance program helps working adults interested in the many aspects of information security to develop the business acumen and management skills needed to pursue leadership positions in information security and assurance.
Our rigorous curriculum explores the technical theories and methods behind information assurance, best practices in information security technology, organizational structure and policy development, the regulatory environment and compliance, and management strategies. Key skills fostered throughout the program include written communications, critical analysis, problem solving, project management, and leadership.
During their four core courses, students have the option of conducting a case study or a research paper on an approved topic of interest. Those who choose to conduct a case study will use their current workplace, or other relevant organization that they have access to, to examine current security strategies and identify recommendations for improvement. Students who select the research paper, will work closely with a faculty member to select a topic of professional interest and carry out the research. For their last two courses, students focus their studies on a selected concentration that can include computer forensics and incident response management, or project management.
Norwich is recognized by the National Security Agency and of Department of Homeland Security as a Center for Academic Excellence in Information Assurance Education. That excellence is driven in large part by our faculty members, whose vast professional and research experience ensures that students graduate with highly relevant and sought-after skills.
A master's degree in information security and assurance from Norwich University prepares you for leadership positions such as chief information security officer and chief risk manager. Our alumni help shape and administer information security for leading companies such as Cisco Systems, Fidelity Investments, General Electric, and Bank of America as well as the Department of Defense and other government organizations.
With so much to learn and do, it’s easy to lose track of how to get started. Don’t worry: Norwich works hard to make it easy for you. We can guide you through the application process, give you tips on how to get the most out of your Norwich experience, and assist you in getting the required materials for the Master of Science in Information Security & Assurance program.
Norwich’s Master of Science in Information Security & Assurance program is presented in three six-month semesters, each comprising two 11-week, six-credit courses. The course topics introduce today’s most critical and relevant areas of information assurance. Students master one course at a time, with each course building on the next to create a strong foundation of knowledge and context for future topics. The final semester offers a concentration option through which students may pursue a specialized area of interest. The program culminates in a required one-week residency and a graduation ceremony at Norwich University in June. There are four program start dates per year: March, June, September, and December. An overview of the courses required for each concentration and complete course descriptions are listed below. More information about program requirements is also available in our course catalog.
This course explores the historical foundations of information assurance, from the early days of mainframes to the foundations of today’s sophisticated networks and distributed computing systems. You will explore the earliest thinking about data structures and domains, interoperability among various computing platforms, mechanisms for data transfer, and the emergence of encryption as a defense against early forms of computer crime. The course examines privacy, policies, security standards and regulatory requirements, and the underlying models that define information assurance. You will also be introduced to IA architecture.
This course focuses on the use of technological defenses against threats and exploitations of vulnerabilities in information systems. Topics include physical security measures, access controls, security elements of operating systems, network security measures, anti-malware tools, anti-spam measures, anti-piracy systems, software development methods supporting security, and security certifications for software products.
This course focuses on the ways business objectives, user attitudes, and user activities significantly influence both the development of an information assurance program and its successful implementation. The first week focuses on operations security and why it’s the foundation of an IA program.
During the following five weeks, you will explore security awareness as a component of organizational culture; the process of crafting an information assurance message; ethical decision making as a factor in security; social psychology and how behaviors influence the effectiveness of security activities; the use of employment practices and policies to support information security; and the creation of acceptable use and email policies.
The final four weeks of the course examine elements of risk management from basic principles through application, using the NIST Special Publication 800-30 as a solid foundation for the risk management issues. You will also discuss two popular risk assessment processes and several other processes that help identify risk.
This course covers four general areas of information assurance management and analytics – from the strategic to the tactical level: compliance; management, leadership, and policy development; relationships and adding value; and project management. You will explore the aspects, methods, and alternatives in information assurance management and compare and utilize them with respect to non-IT-related management approaches and styles. The course covers alternatives in building support and consensus for projects and activities and focuses heavily on adding value to the organization. You will examine the development of an information assurance marketing plan and use it to help identify techniques of improving information assurance awareness. Topics also include analytics in terms of both metrics and measuring business impact, and problem solving and project management techniques and alternatives.
In this course, you will analyze and apply the key points in creating and managing a computer security incident response team (CSIRT), also known as a computer incident response team (CIRT) or a computer emergency response team (CERT). Topics include establishing CSIRTs; responding to computer emergencies; securing the CSIRT; managing the CSIRT with respect to professionalism, setting priorities for triage, and protecting personnel against burnout; and learning from emergencies using the incident postmortem and establishing continuous process improvement within the organization. Students will use their case study to apply their knowledge to real-world situations and will prepare recommendations for the establishment of a new CSIRT or improvement of their existing CSIRT.
This course focuses on the spectrum of tools and techniques used to investigate digital incidents, whether in a civil or criminal environment. The course provides the broad understanding that information assurance professionals must have of the management, investigation, and analysis of digital incidents. It also places that understanding in the context of other information assurance domains. Discussions of digital investigation and forensics cover topics from both technical and management perspectives to increase the information assurance professional’s understanding and application of domain-specific knowledge.
This course focuses on the fundamentals of project management and practices. The course explores project management framework, the project life cycle, project process, and key project management knowledge. You will study project integration, scope, time, cost, quality, and resource and schedule management, as well as project management procurement and overall project communications requirements.
This course focuses on the important aspects of project management leadership, effective communications, and the management of project teams. You will explore the fundamental principles of good project management including leadership skills, winning stakeholder cooperation, writing the rules to manage expectations, project risk management, creating realistic schedules, achieving accurate project estimates, trade-offs between project cost, schedule and quality, building strong project teams, clear communications, measuring progress, problem solving, defining clear requirements, and applying lean principles. This course will incorporate these important project leadership, communication, and team management skills with key concepts and ideas coming from the GB544 Project Management Techniques, Tools and Practices seminar, resulting in the integration of fundamental principles of project management with leadership, communications, and team-building practices and challenges. Prerequisites: GB544.
The final academic requirement for the information security and assurance program is a week-long residency at the beautiful and historic Norwich University campus in Vermont. Students have the opportunity to meet with fellow students, faculty, and program staff in both formal classroom and informal settings. Norwich covers the cost of all meals and accommodation on campus. Academic recognition ceremonies and commencement cap off the week, and family and friends are encouraged to attend.
Chrisan Herrod comes to the information security and assurance program from University of Maryland University College (UMUC), where she was associate vice president for enterprise risk and compliance, chief information security officer, and associate professor of cyber security. She has done consulting in the defense arena, and was chief security officer of the Securities & Exchange Commission. She has directed global IT Risk Management for a large pharmaceutical firm, and served in the Air Force and Army as an Intelligence Officer. She has taught graduate-level courses at George Washington University, and the National Defense University, among others. She received her MS in business management from National Defense University and is completing the Doctor of Management program at University of Maryland University College.
Elizabeth Templeton is the interim program director for the Master of Science in Information Security & Assurance program. She received a BA in English and secondary education from Northwestern University and had a 35-year career as an IT professional. She joined Norwich University in 2004, earned the Master of Science in Information Assurance degree in 2007, and became associate program director for the program in 2008.
Andrew Liptak holds his BA in history and a MA in military history, both from Norwich University. First joining Norwich as a student in 2003, he joined College of Graduate and Continuing Studies in 2007, where he has worked as a student services advisor. In addition to his duties at Norwich, he works as a freelance historian and writer.
Michael Miora has designed and assessed secure, survivable, and highly robust systems for industry and government for 35 years. He has worked extensively in the financial, health care, and communications industries and developed business continuity and disaster recovery plans for companies and government agencies in the US and internationally.
He originated the Generalized Cost Consequence (GCC) model for performing business impact analysis, now an industry standard methodology. He has consulted to the National Computer Security Center and is certified as a CISSP-ISSMP professional. He has served as the director of the security consulting organization for the National Computer Security Association (now a part of Verizon).
A frequent speaker and prolific author, he is a contributor to Computer Security Handbook, 5th Edition, and the Handbook of Information Security. His undergraduate and master’s degrees, both in mathematics, were earned at UCLA and UC Berkeley.
John Mason has more than 20 years of experience in internal audit, regulatory compliance, information security, SSAE 16s/SAS 70s, enterprise risk management, investigations/loss prevention, and process reengineering. He is director at SSAE 16 Professionals, a leading PCAOB-registered CPA firm.
He has held senior positions in a variety of companies where he has helped establish information risk management programs and designed risk-based audit programs. He has written, reviewed, and researched finance control policies and procedures; performed audits for governmental agencies; and managed a full spectrum of financial, operational, SOX compliance, and data processing audits. He is a co-author of Computer Security Handbook, 5th Edition.
He holds an MBA degree and several certificates including a CISM, CISA, CGEIT, CFE, CBA, CFSA, and CFSSP. He lives in Manhattan Beach, California.
Admissions Department Hours
Mon - Thurs: 9 a.m. to 9 p.m. EST
Friday: 9 a.m. to 3:30 p.m. EST
Extended hours available by appointment
Norwich provides a top-notch educational experience; we also work hard to help make it affordable. There are many ways to get financial aid and several strategies to help you finance your education. Norwich is committed to making this often-difficult process easier for you.
Our admissions advisors are ready to help you plan your education at Norwich University.
Mon - Thurs: 9 a.m. to 9 p.m. EST
Friday: 9 a.m. to 3:30 p.m. EST
Extended hours available by appointment
Bill Gates, founder of Microsoft, put it best when he said, "Information technology and business are becoming inextricably woven. I don't think anyone can talk meaningfully about one without talking about the other." Indeed, at the micro level, information technology impacts nearly every aspect of an organization's business processes, product development and delivery. And, at a macro level, many would argue that it is reshaping the global economy. Given the growing importance of information technology to the individual enterprise and the economy, it is hardly surprising that the career outlook for technology professionals continues to remain bright.
Moreover, a 2012 Gartner report offers a startling projection for the spending on security, as a part of the overall IT budget, in 2016. Based on an international survey of CIOs, security will remain a top priority, according to Gartner, and the projected security spending will reach $86 billion in 2016. Survey respondents noted an increased prioritization for security over the previous year, and this is expected to continue despite the turbulence of domestic and international markets. Simply put, today's evolving and perpetual threat landscape and the increased sophistication of attacks make information security too important to ignore.
Budgets are only part of the battle when it comes to changing the way an organization does business, particularly its internal business processes. Securing a larger budget for information security is no guarantee that the human factors inside the enterprise - which greatly affect its risks and vulnerabilities - will change. This is exactly why a technology skillset will get an organization only so far, and why Norwich created the Master of Science in Information Security & Assurance. Our graduates know that those responsible for information technology and information assurance need effective communication skills, leadership qualities, and influence to drive organizational change and business value. Not only do they know it, but they deliver on it each day.
The Norwich Master of Science in Information Security & Assurance program helps equip IT professionals with the technical and management skills needed to pursue leadership positions in information security. Graduates leave the program with extensive knowledge in information security best practices, organizational structure and policy development, the regulatory environment, and management strategies, as well as focused experience in concentration areas such as computer forensics and incident response management, or project management.
Recent information assurance alumna Sharon Wilder offers her perspective:
"I’ve always had a job and often a good job—that is, well paid, challenging and flexible—but now with my master’s degree I am going to start my career!”
Examples of positions held by our graduates include:
Our graduates work for organizations in financial services, health care, communications, technology, government, and military sectors. Examples of employers include: