The Master of Information Systems Security Management (MISSM) is 33 Credits (8 x 3-credit courses, plus 1 x 3-credit and 1 x 6-credit in either the research or capstone track) and is considered a two-year program.
Courses for the MISSM degree (33 credits)
This course provides an in-depth review of the TCP/IP protocol suite supplemented with various issue discussions relevant to network security professionals. This course will also investigate various firewall designs and implementations, including the principles of zone-based design, in addition to network security considerations for perimeter-less /cloud environments. Students will gain practical experience constructing internetworks and complex firewall architecture designs and will implement the designs and the associated firewall rule sets in internetworks populated with various TCP/IP clients and servers on a virtual infrastructure.
This course focuses on web application security in both in-house and cloud-based environments. Students learn on how to design, develop, and implement a cloud-based secure e-commerce infrastructure while taking organizational case use, information security and privacy mandates under consideration.
This course in cryptography focuses on securing data through symmetric and asymmetric ‘public key’ cryptographic algorithms, access control, hashing, digital signature, and key distribution using best practices for secure communications. Students assess and evaluate cryptographic systems and how they can be incorporated into an information security system and the security plan for the enterprise. Students implement secure sites ‘on web servers’ that require a secure sockets layer for secure transactions. Emerging trends in encryption, such as lightweight and post-quantum cryptography, are discussed to prepare students for the ongoing changes which will be required to keep ahead of hackers.
This course has two components: the first is a theory component to teach the concepts, principles, and best practices for implementing system security and virtualization security. The second component employs labs, exercises, and assignments to practice what is learned in the theory component. In the theory component, you will learn about the different operating systems and virtualization methods that comprise the modern information technology environment and the best practices for implementing security in these systems. The practice component will complement the theory component through some specific labs, exercises, and assignments illustrating the use and implementation of these concepts.
This course provides an in-depth coverage of live incident response and file system forensic analysis; including the use of various tools and techniques used to extract information from digital media, with a focus on difficult to retrieve information. Forensics tools and techniques will be supplemented with theoretical discussions, both of the structure of the media itself and of the nature and limitations of digital evidence. The course will cover the most commonly used operating systems and file systems.
An in-depth coverage of disaster recovery planning including, techniques to prevent, detect, and recover from loss of information availability. Students are instructed in ways to formulate a disaster and recovery plan, and test and implement the plan in a simulated lab environment.
This course covers the principles, concepts and techniques applied in designing an effective IT enterprise governance structure. In addition, IT risk management methodologies, and best practices, as well as the development and implementation of various administrative IT controls – such as policies and procedures are also discussed. The compliance component of this course focuses on an overview of pertinent information security and privacy laws, standards, and regulations, in addition to information security and assurance ethical considerations.
In this course students develop a literature review paper and a supporting PPT-based oral presentation based on an assigned ‘capstone track’ topic or a topic of interest ‘RM track’ in information security or assurance which will later be used as the basis to register in ISSM 590 or ISSM 575.
For the Research track
In this course, students develop a research proposal which will be used, if approved by Concordia’s ISSAM Master’s Program Committee, to register in ISSM 591 Research Methods III.
The ISSM 591 Research Methods III is the last and often the most challenging part of the MISSM/MISAM graduate studies. Each ISSM 591 registered student performs his or her research in compliance with the approved research proposal and under the supervision of a research supervisor. The registered student is required to regularly report on his or her research progress. It is the student’s responsibility to manage the research project and communication with his or her supervisor about the project progress and challenges. ISSM 591 culminates in production of a formal research paper.
For the Capstone track
This course expands students’ knowledge and research skillset in the area of information systems security and/or assurance, such as systems and application security, access control, security operations and administration, IT risk management, incident response, disaster recovery, cryptography, network security or information systems auditing. With the knowledge and research skillsets, students develop an executable research proposal in the assigned project that will later be used as a basis for registering ISSM 576 Capstone II.
This capstone course will require students who have successfully completed ISSM 575 ‘Capstone I’ to utilize their acquired knowledge and skillsets to complete a comprehensive, assigned term project under the supervision of a core MISSM/MISAM faculty member.
For more information, please see the Academic Calendar.