Master of Science in Information Security & Assurance

Core Curriculum

Norwich’s Master of Science in Information Security & Assurance program is presented in three six-month semesters, each comprising two 11-week, six-credit courses. The course topics introduce today’s most critical and relevant areas of information assurance. Students master one course at a time, with each course building on the next to create a strong foundation of knowledge and context for future topics. The final semester offers a concentration option through which students may pursue a specialized area of interest. The program culminates in a required one-week residency and a graduation ceremony at Norwich University in June. There are four program start dates per year: March, June, September, and December.  An overview of the courses required for each concentration and complete course descriptions are listed below. More information about program requirements is also available in our course catalog.

  • Foundations and Historical Underpinnings of Information Assurance • GI512 6 credit hours

    This course explores the historical foundations of information assurance, from the early days of mainframes to the foundations of today’s sophisticated networks and distributed computing systems. You will explore the earliest thinking about data structures and domains, interoperability among various computing platforms, mechanisms for data transfer, and the emergence of encryption as a defense against early forms of computer crime. The course examines privacy, policies, security standards and regulatory requirements, and the underlying models that define information assurance. You will also be introduced to IA architecture.

  • Information Assurance Technology • GI522 6 credit hours

    This course focuses on the use of technological defenses against threats and exploitations of vulnerabilities in information systems. Topics include physical security measures, access controls, security elements of operating systems, network security measures, anti-malware tools, anti-spam measures, anti-piracy systems, software development methods supporting security, and security certifications for software products.

  • Human Factors and Managing Risk • GI532 6 credit hours

    This course focuses on the ways business objectives, user attitudes, and user activities significantly influence both the development of an information assurance program and its successful implementation. The first week focuses on operations security and why it’s the foundation of an IA program.

    During the following five weeks, you will explore security awareness as a component of organizational culture; the process of crafting an information assurance message; ethical decision making as a factor in security; social psychology and how behaviors influence the effectiveness of security activities; the use of employment practices and policies to support information security; and the creation of acceptable use and email policies.

    The final four weeks of the course examine elements of risk management from basic principles through application, using the NIST Special Publication 800-30 as a solid foundation for the risk management issues. You will also discuss two popular risk assessment processes and several other processes that help identify risk.

  • Information Assurance Management & Analytics • GI542 6 credit hours

    This course covers four general areas of information assurance management and analytics – from the strategic to the tactical level: compliance; management, leadership, and policy development; relationships and adding value; and project management. You will explore the aspects, methods, and alternatives in information assurance management and compare and utilize them with respect to non-IT-related management approaches and styles. The course covers alternatives in building support and consensus for projects and activities and focuses heavily on adding value to the organization. You will examine the development of an information assurance marketing plan and use it to help identify techniques of improving information assurance awareness. Topics also include analytics in terms of both metrics and measuring business impact, and problem solving and project management techniques and alternatives.

Computer Forensic Investigation/Incident Response Team Management Concentration
  • Computer Security Incident Response Team Management • GI554 6 credit hours

    In this course, you will analyze and apply the key points in creating and managing a computer security incident response team (CSIRT), also known as a computer incident response team (CIRT) or a computer emergency response team (CERT). Topics include establishing CSIRTs; responding to computer emergencies; securing the CSIRT; managing the CSIRT with respect to professionalism, setting priorities for triage, and protecting personnel against burnout; and learning from emergencies using the incident postmortem and establishing continuous process improvement within the organization. Students will use their case study to apply their knowledge to real-world situations and will prepare recommendations for the establishment of a new CSIRT or improvement of their existing CSIRT.

  • Computer Forensic Investigation • GI551 6 credit hours

    This course focuses on the spectrum of tools and techniques used to investigate digital incidents, whether in a civil or criminal environment. The course provides the broad understanding that information assurance professionals must have of the management, investigation, and analysis of digital incidents. It also places that understanding in the context of other information assurance domains. Discussions of digital investigation and forensics cover topics from both technical and management perspectives to increase the information assurance professional’s understanding and application of domain-specific knowledge.

Critical Infrastructure Protection & Cyber Crime Concentration
  • Cyber Crime • GI556 6 credit hours

    This course explores the nature of conflict in cyber space focusing on two major Internet-based threats to the U.S. national security: cyber terrorism and cyber crime. The course addresses questions such as: who is undertaking these cyber activities, what techniques do they use, and what countermeasures can be adopted to mitigate their impact. The course is built around a risk management framework to help information leaders leverage the benefits of Internet technologies while minimizing the risks that such technologies pose to their organizations.

  • Critical Infrastructure Protection • GI566 6 credit hours

    This course examines the security of information in computer and communications networks within infrastructure sectors critical to national security. These include the sectors of banking, securities and commodities markets, industrial supply chain, electrical/smart grid, energy, transportation, communications, water supply and health. Special attention is paid to the risk management of information in critical infrastructure environments through an analysis and synthesis of assets, threats, vulnerabilities, impacts, and countermeasures. Critical consideration is paid to the role of Supervisory Control and Data Acquisition (SCADA) systems in the flow of resources such as electricity, water, and fuel.

Cyber Law & International Perspectives on Cyberspace Concentration
  • Cyber Law • GI557 6 credit hours

    This course explores a broad variety of federal statutory, common, and international laws that may impact the information technology professional. Because the overwhelming majority of cyber infrastructure is owned and operated by the private sector, the course focus is on those laws that affect the interaction between government and the private sector information technology industry, including the privacy rights so often implicated in modern data storage systems. The course starts with a look at “cyber law” and whether it is really a distinct legal discipline at all. It then moves into criminal, civil, regulatory, international and common laws with which today’s information technology professional may come in contact. Throughout the course we discuss how public policy and other factors impact the development, implementation, and interpretation of the law. Students read, interpret and apply legal authorities and theories, a valuable skill for future information technology leaders if they are to stay in compliance with the ever-growing “cyber” legal framework.

  • International Perspectives on Cyberspace • GI567 6 credit hours

    This course provides an overview of the issues surrounding transnational cyberspace policies, international investment strategies, and implementation of communication and information technologies that affect the global economy and transforms the flow of information across cultural and geographic boundaries. The course will examine various global governance frameworks, and organizations that shape and transform cyberspace such as the International Telecommunications Union, the World Bank Information and Communications Technology Sector and the U.S. Federal Communications Commission.

Project Management Concentration

Students will take Project Management Techniques, Tools and Practices as their first course in the concentration and then choose to complete either Project Management Leadership, Communications, and Teams or Strategic Management in Project Management as their second course.

Courses are cross-listed with the Master of Business Administration Program.

Accredited by the PMI Global Accreditation Center for Project Management Education Programs (GAC)
PMI accreditation of Norwich’s MSISA project management concentration signifies that the courses meet the comprehensive academic quality and excellence standards necessary in the industry. Completion of Norwich’s MSISA project management courses only fulfills the education requirement for students interested in seeking certification through PMI. To obtain PMI certifications, such as the Project Management Professional (PMP) or the Certified Associate in Project Management (CAPM) designations, students will need to separately pursue the certification process administered through PMI, which includes submitting an application to PMI, acceptance by PMI of your application, and passing a certification exam administered by PMI.

  • Project Management Techniques, Tools and Practices • GB544 6 credit hours

    This seminar focuses on the fundamentals of project management and practices. The key elements of project management from the project management framework, the project life cycle, project process and key project management knowledge areas are discussed. Additionally, the project integration, scope, time, cost, quality, resource and schedule management are studied. Other areas of focus are project management procurement and overall project communications.



  • Project Management Leadership, Communications, and Teams • GB554 6 credit hours

    This seminar focuses on project management leadership, effective communications and the management of project teams. Students explore the fundamental principles of good project management, including: leadership skills, winning stakeholder cooperation, writing the rules to manage expectations, project risk management, creating realistic schedules, achieving accurate project estimates, trade-offs between project cost, schedule and quality, building strong project teams, clear communications, measuring progress, problem solving, defining clear requirements and applying lean principles in project management. This seminar discusses project leadership, communication and team management skills integrating them with  concepts from previous seminars, resulting in fundamental principles of project management being integrated with leadership, communications and team building practices and challenges.

  • Strategic Management in Project Management • GB564 6 credit hours

    Applications from the GB 544 and GB 554 are applied in this seminar using the fundamental principles of project management from the project management framework, the project life cycle, project integration, scope, time, cost, quality, and schedule management. Students synthesize leadership skills, winning stakeholder cooperation, project risk management, building strong project teams, clear communications, measuring progress and problem solving in a proposed project. Prereqs: GB 544 and GB 554, or permission of the Program Director.

Vulnerability Management Concentration
  • Vulnerability Management and Penetration Testing I • GI562 6 credit hours

    This course introduces students to the penetration testing of computer networks. Students will utilize a virtual lab to gain experience through hands‐on lab exercises, and learn to use the well‐known open‐source Metasploit computer security project to understand security vulnerabilities. Students will apply this tool for penetration testing, testing the control tools, and learn how to conduct monitoring of an enterprise. Topics explored in this course include system security and vulnerability analysis, the most common system exploits and vulnerabilities, along with system “pivoting” and client‐side exploits. This course also introduces open‐source tools, in particular, the Metasploit Framework (MSF). Students will learn how to assess enterprise security controls and system vulnerability, and learn to document their findings. The course is designed for penetration testers, system security, and network administrators.

  • Vulnerability Management and Penetration Testing II • GI563 6 credit hours

    This course introduces students to advanced open-source tools used to conduct penetration testing of computer networks. Students will learn the rules of engagement, and how to conduct legal and ethical security tests and vulnerability assessments. Students will utilize a virtual lab to gain experience through hands-on lab exercises. Students will learn to use the well-known open-source tools (Metasploit , John the Ripper, Wireshark) to understand security vulnerabilities and how to use this tool for penetration testing, testing the control tools, and how to conduct monitoring of an enterprise.


The final academic requirement for the information security and assurance program is a week-long residency at the beautiful and historic Norwich University campus in Vermont. Students have the opportunity to meet with fellow students, faculty, and program staff in both formal classroom and informal settings. Norwich covers the cost of all meals and accommodation on campus. Academic recognition ceremonies and commencement cap off the week, and family and friends are encouraged to attend.