13.3.3 Master of Information Systems Assurance Management
In all sectors of the economy, there is an increasing demand for skilled professionals with expertise in information security, assurance, auditing and governance. The Master of Information Systems Assurance Management (MISAM) meets these needs by providing in-depth education in information systems audit, assurance, and governance. Students learn both the theory and practice of information systems auditing and assurance and the role this plays in enterprise and information technology governance. Students are well prepared to enter information systems assurance, audit and governance roles immediately upon graduation as well as write two world-wide industry based certification exams in these areas. The MISAM program is delivered in a continuous learning format, consisting of thirteen courses and a major research project performed throughout three research focused courses at the end of the program. The program is normally completed over five semesters.
A. Educational Objectives
The central educational objective of the program is consistent with the mission of Concordia University of Edmonton: preparing students to be independent thinkers, ethical leaders and citizens for the common good. This first objective is the foundation for the more specific objectives of MISAM, which is designed to enable students to do the following:
- To understand the process of auditing and in-depth knowledge of information systems auditing and general understanding of financial auditing.
- To gain first-hand experience in conducting risk based information systems audits and in communicating the results to the enterprise.
- To identify sources of risk for the loss of enterprise information and to develop methods of the financial resources available to mitigate these risks and provide assurance.
- To gain a deep knowledge and appreciation of the role governance plays in the success of public and private sector organizations.
- To understand the role of information systems security in relation to the other business assurance processes in an enterprise.
- To develop a plan for the enterprise to recover from disasters and to test the plan in order to ensure that the plan is ready to be implemented when needed.
- To investigate information systems security incidents and develop and implement solutions to recover or minimize any loss of information.
- To develop an appropriate information security framework for an enterprise, including plans and policies which reflect recognized international standards from implementing security policy (based on identifying stakeholders, security teams and infrastructure, data resource owners, data custodians, and audit methods used to determine compliance).
B. Admission Requirements
Applications are encouraged from those individuals who possess an undergraduate baccalaureate degree. A four-year degree in business is preferred but a computing science degree is also accepted. All other degrees are given consideration since there may be industry certifications or work experience which might assist the application process. Space is limited and admission is competitive. Meeting the minimum admission requirements does not guarantee admission. To be considered for admission, applications must present the following requirements:
- Four-year Bachelor’s degree from a recognized educational institution, preferably in Business/Management, Management of Information Systems or Computing Science. Students entering the program require a minimum grade point average of 3.0 on the 4 point scale, or its equivalent during the last 60 credits of undergraduate (or graduate) study. Students with a three-year degree, for example, Concordia University of Edmonton’s three-year BSc, may be admissible but may be required to take qualifying courses.
- A resume.
- A 3.0 GPA on at least two courses in financial accounting (one introductory and one intermediate) and one course in management accounting.
- A security clearance.
- Demonstrated fulfillment of Concordia University of Edmonton’s English Language Requirement (refer to section 13.1.1 D).
C. General Academic Requirements
- Students must successfully complete 48 course credits in the program.
- Students must successfully complete 12 credits in a research project, which may or may not include a practicum (ISAM 580 or ISAM 581). Whether the student chooses a practicum-based research project or a research project only, the research must be presented to an audience comprising of faculty (including the faculty advisor), peers, and persons actively involved in the security industry.
- Students must maintain a minimum grade point average of 3.0 with no course grade less than 2.3 (C+). Students who do not maintain satisfactory standing may be placed on academic probation, required to withdraw from the program, or asked to retake the course.
D. Program Requirements
60 credits required, to include:
- ISAM512 (Financial Accounting and Analysis for Information Systems Auditors)
- ISAM521 (Information Systems Audit I)
- ISAM522 (Information Systems Audit II)
- ISAM558 (Research Methods II)
- ISAM542 (Forensic Accounting and Fraud Examination)
- ISAM549 (Auditing Theory and Application)
- ISAM581 (Research Project)
- ISSM521 (TCP/IP Security)
- ISSM538 (Research Methods I)
- ISSM541 (Management Accounting)
- ISSM543 (Systems Development and Project Management)
- ISSM545 (Security Policies, Standards and Management)
- ISSM551 (Disaster Recovery and Planning)
- ISSM553 (Governance, Risk and Control)
- Two of ISSM507 (Organizational Behaviour), ISSM525 (Securing an E-Commerce Infrastructure), ISSM531 (Advanced Network Security), ISSM533 (Cryptology and Secure Network Communications), ISSM536 (Digital Forensics), ISSM541 (Management Accounting), or ISSM561 (Information Technology Law and Ethics)
E. Graduation Requirements
Students graduate on one of the three degree-conferral dates following successful completion of their program requirements as well as the general program requirements of The Faculty of Graduate Studies, section 13.1.4. For further information about graduation requirements, see Graduation Requirements, section 13.1.5.