zulqamain ali shah, norwich graduate

I wanted to advance my career and knowledge. Having finished the CISSP certification recently, this was a natural next challenge, to attain the master's degree in information assurance.

Zulqamain Ali Shah
Norwich Graduate, Class of 2016

You are here

Master of Science in Information Security & Assurance

Help Secure Your Future with Specialized Information Security Skills

Now more than ever, organizations are looking for information security experts. Norwich University’s online Master of Science in Information Security & Assurance (MSISA) program can help you develop the business acumen and management skills needed to lead the field. Graduates of our program are armed with the skills they need to help ensure that information assets are understood, valued and protected within the complex business enterprise.


  • Master of Science
  • Computer Forensic Investigation and Incident Response Team Management
  • Critical Infrastructure Protection and Cyber Crime
  • Cyber Law and International Perspectives on Cyberspace
  • Project Management
  • Vulnerability Management

Why Norwich?

Tailor your learning experience with five concentration options.

Benefit from enhanced classroom experiences and practical learning, including a partnership with NBCUniversal.

Join a program ranked #2 for cybersecurity by the Ponemon Institute (2014) and ranked #3 for Best Cyber Security Graduate program by universities.com (2016).

Learn from one of the earliest institutions to be recognized as a Center of Academic Excellence in Information Assurance Education* by the National Security Agency and Department of Homeland Security.

Benefit from a leader in information assurance instruction for more than a decade.

Receive continuing professional education credits as a member of ISACA or (ISC)2.

Apply to one of four start dates per year.

*now referred to as a Center of Academic Excellence in Cyber Defense.

Quick Info

1 Week Residency

Visit campus for culminating experience

15 Students

Maximum number of students per class

18 Months

Average time to program completion

3 June

Next Start Date

6 May

Application Deadline

Accreditation & Recognition

logo, new england commission of higher education

Norwich University is accredited by the New England Commission of Higher Education (formerly the Commission on Institutions of Higher Education of the New England Association of Schools and Colleges, Inc.).


logo, us news best colleges regional

Recognized for academic excellence, U.S. News & World Report ranks Norwich University in the top 100 for Regional Universities in the North. Rankings are based on undergraduate programs.


logo, national security agency

The National Security Agency and Department of Homeland Security have designated Norwich University as a Center of Academic Excellence in Information Assurance Education.


We're Here to Help

Salil  Sharma
Admissions Advisor
1-800-460-5597 ext. 3241


Online Master of Science in Information Security & Assurance Curriculum

Norwich’s 36-credit online information assurance and security program is comprised of six-courses, each 11 weeks in length. Students master one course at a time, to create a strong foundation of knowledge and context for future topics.

Our graduates can:

  • Apply technical and management skills needed to pursue leadership positions in information security
  • Gain extensive knowledge in information security best practices, organizational structure and policy development, the regulatory environment, and management strategies
  • Develop a thorough foundation in the business, governance, and policy decisions that lead to effective solutions to current and emerging security threats

Core Courses

Our specialized program curriculum blends the management and technical aspects of an information security/assurance program, enabling you to develop the skills required to protect your organization and its critical information.

  • Foundations and Historical Underpinnings of Information Assurance
    GI512 6 credit hours

    This course explores the historical foundations of information assurance, from the early days of mainframes to the foundations of today’s sophisticated networks and distributed computing systems. You will explore the earliest thinking about data structures and domains, interoperability among various computing platforms, mechanisms for data transfer, and the emergence of encryption as a defense against early forms of computer crime. The course examines privacy, policies, security standards and regulatory requirements, and the underlying models that define information assurance. You will also be introduced to IA architecture.

  • Information Assurance Technology
    GI522 6 credit hours

    This course focuses on the use of technological defenses against threats and exploitations of vulnerabilities in information systems. Topics include physical security measures, access controls, security elements of operating systems, network security measures, anti-malware tools, anti-spam measures, anti-piracy systems, software development methods supporting security, and security certifications for software products.

  • Human Factors and Managing Risk
    GI532 6 credit hours

    This course focuses on the ways business objectives, user attitudes, and user activities significantly influence both the development of an information assurance program and its successful implementation. The first week focuses on operations security and why it’s the foundation of an IA program.

    During the following five weeks, you will explore security awareness as a component of organizational culture; the process of crafting an information assurance message; ethical decision making as a factor in security; social psychology and how behaviors influence the effectiveness of security activities; the use of employment practices and policies to support information security; and the creation of acceptable use and email policies.

    The final four weeks of the course examine elements of risk management from basic principles through application, using the NIST Special Publication 800-30 as a solid foundation for the risk management issues. You will also discuss two popular risk assessment processes and several other processes that help identify risk.

  • Information Assurance Management & Analytics
    GI542 6 credit hours

    This course covers four general areas of information assurance management and analytics – from the strategic to the tactical level: compliance; management, leadership, and policy development; relationships and adding value; and project management. You will explore the aspects, methods, and alternatives in information assurance management and compare and utilize them with respect to non-IT-related management approaches and styles. The course covers alternatives in building support and consensus for projects and activities and focuses heavily on adding value to the organization. You will examine the development of an information assurance marketing plan and use it to help identify techniques of improving information assurance awareness. Topics also include analytics in terms of both metrics and measuring business impact, and problem solving and project management techniques and alternatives.

Tailor Your Information Security & Assurance Degree

After completing the core curriculum, you choose a concentration that suits your career and professional goals.

Computer Forensic Investigation and Incident Response Team Management

Through this concentration, you can learn to create, train, and manage a computer security incident response team (CSIRT) and examine the protocols for conducting computer forensic investigations.

  • Computer Security Incident Response Team Management
    GI554 6 credit hours

    In this course, you will analyze and apply the key points in creating and managing a computer security incident response team (CSIRT), also known as a computer incident response team (CIRT) or a computer emergency response team (CERT). Topics include establishing CSIRTs; responding to computer emergencies; securing the CSIRT; managing the CSIRT with respect to professionalism, setting priorities for triage, and protecting personnel against burnout; and learning from emergencies using the incident postmortem and establishing continuous process improvement within the organization. Students will use their case study to apply their knowledge to real-world situations and will prepare recommendations for the establishment of a new CSIRT or improvement of their existing CSIRT.

  • Computer Forensic Investigation
    GI551 6 credit hours

    This course focuses on the spectrum of tools and techniques used to investigate digital incidents, whether in a civil or criminal environment. The course provides the broad understanding that information assurance professionals must have of the management, investigation, and analysis of digital incidents. It also places that understanding in the context of other information assurance domains. Discussions of digital investigation and forensics cover topics from both technical and management perspectives to increase the information assurance professional’s understanding and application of domain-specific knowledge.

Critical Infrastructure Protection & Cyber Crime

Our coursework examines the security of information critical to national security and the nature of conflict in cyberspace. This course will also strengthen your knowledge of supervisory control and data acquisition systems (SCADA) in the flow of resources such as electricity, water, and fuel.

  • Cyber Crime
    GI556 6 credit hours

    This course explores the nature of conflict in cyber space focusing on two major Internet-based threats to the U.S. national security: cyber terrorism and cyber crime. The course addresses questions such as: who is undertaking these cyber activities, what techniques do they use, and what countermeasures can be adopted to mitigate their impact. The course is built around a risk management framework to help information leaders leverage the benefits of Internet technologies while minimizing the risks that such technologies pose to their organizations.

  • Critical Infrastructure Protection
    GI566 6 credit hours

    This course examines the security of information in computer and communications networks within infrastructure sectors critical to national security. These include the sectors of banking, securities and commodities markets, industrial supply chain, electrical/smart grid, energy, transportation, communications, water supply and health. Special attention is paid to the risk management of information in critical infrastructure environments through an analysis and synthesis of assets, threats, vulnerabilities, impacts, and countermeasures. Critical consideration is paid to the role of Supervisory Control and Data Acquisition (SCADA) systems in the flow of resources such as electricity, water, and fuel.

Cyber Law & International Perspectives on Cyberspace

Focus on the legal and policy measures related to cyber breaches and learn to implement international cyberspace policies. Strengthen your knowledge of key topics including privacy and intellectual property, electronic contracting, non-repudiation, and fair information practices.

  • Cyber Law
    GI557 6 credit hours

    This course explores a broad variety of federal statutory, common, and international laws that may impact the information technology professional. Because the overwhelming majority of cyber infrastructure is owned and operated by the private sector, the course focus is on those laws that affect the interaction between government and the private sector information technology industry, including the privacy rights so often implicated in modern data storage systems. The course starts with a look at “cyber law” and whether it is really a distinct legal discipline at all. It then moves into criminal, civil, regulatory, international and common laws with which today’s information technology professional may come in contact. Throughout the course we discuss how public policy and other factors impact the development, implementation, and interpretation of the law. Students read, interpret and apply legal authorities and theories, a valuable skill for future information technology leaders if they are to stay in compliance with the ever-growing “cyber” legal framework.

  • International Perspectives on Cyberspace
    GI567 6 credit hours

    This course provides an overview of the issues surrounding transnational cyberspace policies, international investment strategies, and implementation of communication and information technologies that affect the global economy and transforms the flow of information across cultural and geographic boundaries. The course will examine various global governance frameworks, and organizations that shape and transform cyberspace such as the International Telecommunications Union, the World Bank Information and Communications Technology Sector and the U.S. Federal Communications Commission.

Project Management

Learn the key elements of project management, including the project process, scope, time, cost, quality, and schedule management.

Courses are cross-listed with the Master of Business Administration Program.

Accredited by the PMI Global Accreditation Center for Project Management Education Programs (GAC)
PMI accreditation of Norwich’s MSISA project management concentration signifies that the courses meet the comprehensive academic quality and excellence standards necessary in the industry. Completion of Norwich’s MSISA project management courses only fulfills the education requirement for students interested in seeking certification through PMI. To obtain PMI certifications, such as the Project Management Professional (PMP) or the Certified Associate in Project Management (CAPM) designations, students will need to separately pursue the certification process administered through PMI, which includes submitting an application to PMI, acceptance by PMI of your application, and passing a certification exam administered by PMI.

  • Project Management Techniques, Tools and Practices
    GB544 6 credit hours

    This seminar focuses on the fundamentals of project management and practices. The key elements of project management from the project management framework, the project life cycle, project process and key project management knowledge areas are discussed. Additionally, the project integration, scope, time, cost, quality, resource and schedule management are studied. Other areas of focus are project management procurement and overall project communications.



  • Project Management Leadership, Communications, and Teams
    GB554 6 credit hours

    This seminar focuses on project management leadership, effective communications and the management of project teams. Students explore the fundamental principles of good project management, including: leadership skills, winning stakeholder cooperation, writing the rules to manage expectations, project risk management, creating realistic schedules, achieving accurate project estimates, trade-offs between project cost, schedule and quality, building strong project teams, clear communications, measuring progress, problem solving, defining clear requirements and applying lean principles in project management. This seminar discusses project leadership, communication and team management skills integrating them with  concepts from previous seminars, resulting in fundamental principles of project management being integrated with leadership, communications and team building practices and challenges.

  • Strategic Management in Project Management
    GB564 6 credit hours

    Applications from the GB 544 and GB 554 are applied in this seminar using the fundamental principles of project management from the project management framework, the project life cycle, project integration, scope, time, cost, quality, and schedule management. Students synthesize leadership skills, winning stakeholder cooperation, project risk management, building strong project teams, clear communications, measuring progress and problem solving in a proposed project. Prereqs: GB 544 and GB 554, or permission of the Program Director.

Vulnerability Management

Explore how to conduct legal and ethical security tests and vulnerability assessments and learn to use key open source tools such as the Metasploit Framework.

  • Vulnerability Management and Penetration Testing I
    GI562 6 credit hours

    This course introduces students to the penetration testing of computer networks. Students will utilize a virtual lab to gain experience through hands‐on lab exercises, and learn to use the well‐known open‐source Metasploit computer security project to understand security vulnerabilities. Students will apply this tool for penetration testing, testing the control tools, and learn how to conduct monitoring of an enterprise. Topics explored in this course include system security and vulnerability analysis, the most common system exploits and vulnerabilities, along with system “pivoting” and client‐side exploits. This course also introduces open‐source tools, in particular, the Metasploit Framework (MSF). Students will learn how to assess enterprise security controls and system vulnerability, and learn to document their findings. The course is designed for penetration testers, system security, and network administrators.

  • Vulnerability Management and Penetration Testing II
    GI563 6 credit hours

    This course introduces students to advanced open-source tools used to conduct penetration testing of computer networks. Students will learn the rules of engagement, and how to conduct legal and ethical security tests and vulnerability assessments. Students will utilize a virtual lab to gain experience through hands-on lab exercises. Students will learn to use the well-known open-source tools (Metasploit , John the Ripper, Wireshark) to understand security vulnerabilities and how to use this tool for penetration testing, testing the control tools, and how to conduct monitoring of an enterprise.


Our online Master of Science in Information Security & Assurance program ends in a residency at the historic Norwich University campus in Vermont. During this time you will have the opportunity to meet with fellow students, faculty, and program staff in both formal classroom and informal settings. Academic recognition ceremonies and commencement cap off the week, and family and friends are encouraged to attend.

Norwich covers the cost of all meals and accommodations on campus.


At a Glance

  • No GRE/GMAT required
  • Undergraduate GPA of 2.75 or higher

Admissions Requirements »

Next Start Date

Monday, June 3, 2019

Application Deadline

Monday, May 6, 2019

Contact Admissions

Mon - Thurs: 9 a.m. to 9 p.m. EST
Friday: 9 a.m. to 3:30 p.m. EST
Extended hours available by appointment


Call: 1-800-460-5597 ext. 3363 (US and Canada)
Call: +1-647-722-6642 ext. 3363 (International)
Email: msisa@online.norwich.edu

  • student writing in notebook
    Transfer Credits
    You may receive the equivalent of up to 12 semester credits for study conducted elsewhere. Norwich complies with VA regulations and guidelines as it pertains to transfer credits.
  • international student at graduation
    International Admissions
    Norwich University welcomes students from all countries who want to study through our online programs. You must complete all steps in the admissions process.
  • benjamin bragdon on norwich campus, graduate
    Norwich Alumni Benefits
    Reconnect with Norwich to complete your master's degree. As apart of our alumni community, you are eligible for a $2,500 scholarship and other benefits.

Non-Discrimination Statement

Norwich University, in compliance with Title IV of the Civil Rights Act of 1964, Title IX of the Education Amendment of 1972, and Section 504 of the Rehabilitation Act of 1973, does not discriminate on the basis of race, religion, color, national origin, age, sex, or physical handicap in any of its policies, practices, or procedures.

Tuition & Fees


Norwich provides a top-notch educational experience; we also work hard to help make it affordable. There are many ways to get financial aid and several strategies to help you finance your education. Norwich is committed to making this often-difficult process easier for you.

Tuition at a Glance

  • Credit Hours: 36
  • Cost Per Credit Hour: $825

2018-19 Tuition and Fee Schedule - Master's Programs

Rate Per Credit Term Tuition Additional Expenses Total
$825 $4,950

Technology - $300/term
Library - $75/term
Graduation - $150/one-time


Careers & Outcomes

Career Opportunities for Information Security & Assurance Graduates

The cybersecurity market is expected to grow from a $75 billion industry in 2015 to a $170 billion industry by 2020.*

The demand for cybersecurity professionals is high, which means salaries are, too. Those in the field command an average salary 9% higher than other IT workers, according to the Job Market Intelligence: Cybersecurity Jobs 2015 report.

Career opportunities for those earning a Master of Science in Information Security & Assurance are on the rise, outpacing the availability of qualified professionals in the industry.

Our graduates have pursued a variety of roles, including:

Career Roles

  • Chief Information Assurance Officer
  • Chief Information Security Officer
  • Chief Risk Manager
  • Consultant
  • Cyber Security Engineer
  • Director of Information Systems
  • IT Security Manager
  • IT Specialist
  • Network Engineer
  • Security Compliance Manager
  • Security Liaison

Our alumni have attained positions at top organizations, including:

Public Sector

  • Baxter Healthcare
  • Pacific Rehabilitation and Behavioral Health
  • Louisana Tech University
  • Naval Undersea Warfare Center
Private Sector

  • Triad Retail Media
  • Raytheon
  • E3 Technologies, Inc.
  • Madison Gas and Electric Company
  • American Family Insurance
  • Worldwide Language Resources

What our graduates have to say:

  • 86% of responding graduates stated that their Norwich education gave them a competitive edge in the job market.**
  • More than 90% of responding alumni would recommend Norwich’s online MSISA program to someone they know.**
  • Read more about our MSISA student outcomes.

*Source: https://www.forbes.com/sites/stevemorgan/2016/03/09/worldwide-cybersecurity-spending-increasing-to-170-billion-by-2020/#6b5269b76832
**Source: Norwich University Master of Science Information Security & Assurance Graduate Survey, fielded March 2016

Where are Norwich Alumni Today?

Lyda Tesauro

Current student gets course paper published.

Matthew Horner

Matthew Horner published in the April 2018 edition of Homeland Security Affairs.

Class of 2017

Book icon
Matthew Horner

Published article in the Journal of Forensics, Security and Law.

Class of 2017

Harry Brown III

Graduate of Information Security and Assurance program has thesis published.

Class of 2015

Faculty & Staff

Our Master of Science in Information Security & Assurance program is led by dedicated faculty and staff members that are available to help you reach your academic, professional, and personal goals.

Our faculty members hold advanced degrees and industry certifications and are subject matter experts and practitioners in topics including organizational governance, cybersecurity threats, risk management, and cyber crisis management.

We have an in-house instructional design team that work hand-in-hand with program faculty and staff to ensure a world-class, efficient, and interactive online learning experience in each course.

Program Director

Rosemarie Pelletier, DPA

Rosemarie A. Pelletier is the program director for the Master of Public Administration and Master of Science in Information Security & Assurance programs at Norwich University. Dr. Pelletier has several years of experience in education, public policy, and real estate. She has been teaching in Virginia for 15 years in the classroom and for about 10 years online, where she wrote and developed courses and chaired dissertation committees. Dr. Pelletier was the president and founder of a company responsible for the identification, research, and development of projects suitable for construction by the formation of a public-private partnership.

Dr. Pelletier served as the Secretary of the Virginia State Technology Council where she advised the Executive and Legislative branches on technology policy issues. She chaired the Transportation Technology Advisory Panel in writing the Transportation Technology Blueprint for the Commonwealth of Virginia. She was appointed by Governor George Allen to the Joint Committee on Technology and Science to study and advise on technology and science policies. Appointed by Governor Mark Warner, Dr. Pelletier served on the statewide speakers bureau to address transportation funding issues throughout the Commonwealth. She combines her knowledge and experience in technology policy with her education in public policy and public administration to bring the best of both worlds to Norwich University.

At George Mason University, she earned her Bachelor of Arts in English and Philosophy, her MPA, and began her Ph.D. work. She then went on to the University of Baltimore to receive her Doctorate in Public Administration, specializing in policy and project implementation.

Meet Rosemarie »

Program Staff

Jennifer Gagnon, MJA
Associate Program Director
George Silowash, MS, CISSP, GCFE
Associate Program Director of Academics, Faculty
portrait of claire robinson-white, greenery background
Claire  Robinson-White
Student Services Advisor
Student Services Advisor

Featured Faculty

Advisory Board

A team of distinguished professionals from the industry and field offer their expertise and guidance as advisory board members for the Master of Science in Information Security & Assurance program.

Leslie Daigle, MS
Advisory Board Member
Glenn Deen
Advisory Board Member
Aaron Falk, MS
Advisory Board Member
Russ Housley
Advisory Board Member
Henrik Levkowetz
Advisory Board Member
Kathleen Moriarty, MS
Advisory Board Member



Get to know the graduates of Norwich’s online Master of Science in Information Security & Assurance program.

meghan rioux, master of science in information security and assurance 2016

I think the most unique part about Norwich is the people. The faculty are outstanding. I couldn't tell you how much time and energy my professors gave me to help me prepare for my future career.

Meghan Rioux
Class of 2016
Master of Science in Information Security & Assurance
photo of steven

was able to work through multiple obstacles of life while working full time that requires bi-monthly travel, writing course papers on the airplane, and meeting family obligations.

Stephan  Bohanan
Class of 2015
Master of Science in Information Security & Assurance
portrait of michael

I was looking for a school with mature, highly ranked course. I wanted the curriculum to be certified by the NSA/DHS.

Michael Esch
Class of 2015
Master of Science in Information Security & Assurance

Frequently Asked Questions

Information Security & Assurance Program FAQs

What courses can I take in the information security and assurance program?

Students can choose from a variety of courses specific to their interests in the field of information security and assurance. Course topics include foundations and historical underpinning of information assurance, use of technological defenses against threats, exploitations of vulnerabilities in information systems, operations security, and risk management.

What concentrations are available?

Students can choose one of five concentrations:

  • Computer Forensics and Incident Response Management
  • Critical Infrastructure Protection & Cyber Crime
  • Cyber Law & International Perspectives on Cyberspace
  • Project Management
  • Vulnerability Management
What will my case study involve?

The purpose of the case study is to make real-world assessments of security principles and practices and apply lessons learned in the program to that real-world environment. The information assurance program recognizes that there are confidentiality concerns, and has put in place safeguards in order to maintain confidentiality.

How have graduates of the program applied their degree?

Our alumni have found employment with notable organizations such as the U.S. Army, Boeing, Bank of America, Department of Defense, IBM, AT&T, and Fidelity.

How are the information security and assurance program faculty members selected?

Information security and assurance program instructors all have advanced degrees (some are terminal) and must be currently certified as a CISSP or CISM. Other certifications may be honored if they relate to specific curriculum areas. They must demonstrate enthusiasm for university/college-level teaching, and solid, practical experience in information assurance. The faculty roster includes practitioners, publishers, speakers, writers, teachers, consultants, and senior executives.

What are the eligibility requirements for applying to the program?
  • A bachelor's degree from a regionally or nationally accredited institution or an equivalent degree from a foreign institution, as evaluated by WES, IERF, or SpanTran.
  • The GRE is not required to apply, but may be requested based upon an applicant's undergraduate GPA.
  • If English was not the language of degree study, proof of English language proficiency and a minimum score of 550 (paper-based test) or 80 (Internet-based test or iBT) on the TOEFL are required, unless otherwise noted in specific articulation agreements.


How long is the information security and assurance program?

The program's six courses (each six credits) take approximately 18 months to complete. Depending on when you start the program, you can expect your degree to be conferred in 18 to 24 months.

Is the online Master of Science in Information Security and Assurance program accredited?

In addition to the University’s regional accreditation, Norwich has been certified by the National Security Agency and Department of Homeland Security as a Center of Academic Excellence in Cyber Defense.

Will I be able to take my CISSP certification exam while studying at Norwich University?

In the past, students have had the opportunity to take their exams while at Norwich University as the exams’ timing coincided with the Residency Conference, although there is no direct preparation or connection to the residency activities.

How much is the online Master of Science in Information Security and Assurance program?
  • Credit Hours - 36
  • Price Per Credit - $825
  • Term Tuition - $4,950
  • Technology - $300/term
  • Library - $75/term
  • Graduation - $150/one-time
  • Total Program Cost (6 terms): $32,100


Does Norwich accept transfer credits?

When you apply for admission to the information security and assurance program, you can submit transcripts and course outlines from previously attended institutions of higher education to be considered for transfer credits. Transfer credits will be evaluated on a case-by-case basis and may be accepted for up to 12 credits. Norwich complies with VA regulations and guidelines as they pertain to transfer credits.

Learn more about Norwich University’s transfer credit policy.

How can I help you?