This course provides a broad overview of the threats to the security of information systems, the responsibilities and basic tools for information security, and the levels of training and expertise needed in organizations to reach and maintain a state of acceptable security. Topics include an introduction to confidentiality, integrity, and availability; authentication models and protection models; security kernels; secure programming; intrusion detection and response; operational security issues; physical security issues; and personnel security. Additional topics include policy formation and enforcement; access controls and information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; and risk assessment.

This course will cover fundamental concepts, principles, and practical issues relevant to the design, analysis, and implementation of enterprise-level trusted networked information systems. Topics include networking and security architectures and techniques and the protocols defined at the various layers of the Internet model.

This course presents tools for conducting a hands-on computer forensics investigation in a business setting. Common business cybercrimes such as financial fraud, data leakage, harassment, and intellectual property violations will be investigated in this course. Students will gain an in-depth understanding of the tools and techniques used by computer forensics experts such as evidence imaging, data recovery, e-mail investigations, graphics investigations, registry analysis, password recovery, and decryption of encrypted data.

Legal and ethical issues are important concepts in this field. This course covers the following topics: policy implications of the use of computers and in particular of the security of computers in modern society; fundamentals of American law with particular regard to the legal aspects of the use of computers and of computer security; the organization and use of the American legal system; ethical challenges in a technological environment; identification of organizations and materials that can be of assistance in resolving or responding to policy, legal, and ethical issues; and social and public policy issues pertaining to the commercial development, availability, and marketing of both software and hardware for encryption.

This course discusses cyber-attacks and security practices that are used to protect individuals, organizations and the national infrastructure. The course will focus on 10 strategies organizations supporting national infrastructure should implement to improve security posture. The concepts discussed in this course are relevant to operations security of all organizations.

This course covers the strategies, procedures and policies to manage and mitigate risk in information systems. It also covers risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. In addition to technical solutions, the course considers strategies and policies that will provide cost effective and highly secure systems.

This course uses case studies to teach students how to implement an IT Governance process in a company using COBiT (Control Objectives for IT andamp; related technology), align IT strategy with the business planning process, and monitor and measure the IT internal controls to meet internal and external compliance legislation like Sarbanes Oxley and FTC (Federal Trade Commission) requirements. The course will also introduce students to the planning and conducting of an IT Audit.

This course examines detailed aspects of incident response and contingency planning consisting of incident response planning, disaster recovery planning, and business continuity planning. Developing and executing plans to deal with incidents in the organization is a critical function of information security management. This course focuses on the planning processes for all three areas of contingency planning: incident response, disaster recovery and business continuity. The course also covers the execution of response to human and non-human incidents in compliance with organizational policies and contingency plans.

This course provides students with the hands-on skills required to manage and mitigate cybercrime at businesses, organizations, and government entities. The successful protection of digital assets of an organization requires a solid understanding of such techniques used by hackers to be better prepared against those kinds of attacks. By deploying a Risk Management approach, students will also learn policy management, identify data assets and verify the effectiveness of existing controls.

This capstone course in the MSIS curriculum enables a student to integrate the expertise gained in all other courses in the development of an information security strategy. Through a series of assignments that simulate real-world information security threats and incidents, students will apply the key concepts from each MSIS course to design, develop and implement solutions that mitigate these threats. This course must be taken as the last course or in the final semester of the MSIS program.

Information Security Certification.

Information Security Certification.

This is an advanced course that enables students to carry out independent study under the supervision of a faculty member.

This course in Quality Management provides a systematic approach to improving and managing quality in healthcare organizations. It is designed for healthcare managers and executives. Students will learn both the conceptual and practical aspects of health care quality. A number of quality management and performance tools and techniques will also be introduced. These include Failure Mode and Effect Analysis, Cause-Effect diagrams, Flow Charts, Pareto Diagrams, Function Deployment Matrices, Histograms, Data Sheets, and Control Spreadsheets.