13.3.4 Master of Information System Security Management
Note that for the 2021/2022 Academic Calendar, the Faculty Council of the Faculty of Management on October 28th, 2020] approved significant changes to this program. The current version of those changes are available here but are subject to change until the new Academic Calendar is finally published.
In all sectors of the economy, there is an increasing demand for skilled professionals with expertise in information security. The Master of Information Systems Security Management (MISSM) meets these needs by providing in-depth education in security protocols, design, software, and management. Students explore protection strategies, including the planning, design, implementation, and management of complete network security solutions in multiple operating-system environments and configurations. Graduates will be able to assess and implement necessary safeguards to ensure the security of information systems. Program content includes network security policies, standards, and management; building and maintaining security firewalls; cryptography; international and national information security laws; ethics; disaster and recovery planning; risk management and analysis; and digital forensics.
The MISSM program is delivered in a continuous learning format, consisting of sixteen courses including a research component. The program is normally completed over five semesters. The intensity of the program (a) allows students to meet their educational goals in an efficient and timely manner and (b) enables students who possess a more general degree to focus on the specific knowledge and skills required in the emerging field of information systems security. The program is open to both full- and part-time students.
A. Educational Objectives
The central educational objective of the program is consistent with the mission of Concordia University of Edmonton: preparing students to be independent thinkers, ethical leaders and citizens for the common good.
This first objective is the foundation for the more specific objectives of MISSM, which is designed to enable students to do the following:
- To identify sources of risk for the loss of enterprise information and to develop methods of minimizing the identified risks based on the priorities established by senior management and the financial resources available to mitigate these risks.
- To understand the role of information systems security in relation to the other business processes in an enterprise.
- To develop a plan for the enterprise to recover from disasters where information ceases to be available to users. They will also have the skills to test the plan and to ensure that the plan is ready to be implemented when needed.
- To investigate information systems security incidents and develop and implement solutions to recover or minimize the loss of information.
- To securely install operating system software and to use this software to build login servers and application servers which are highly resistant to penetration by unauthorized users (both internal and external).
- To securely install servers on different operating environments.
- To develop an appropriate information security framework for an enterprise, including plans and policies which reflect recognized standards for implementing security policy (based on identifying stakeholders, security teams and infrastructure, data resource owners, and auditing used to ensure compliance).
- To determine legal issues involved in information systems security policy and architecture, and to know when to seek advanced legal help and/or help from law enforcement authorities.
- To manage projects involving cryptographic architectures for security and to implement a variety of solutions involving cryptography.
- To develop strategies for all methods of access control to an organization’s information systems and media containing organizational information (physical methods and network methods).
- To ensure that an organization meets the appropriate federal or provincial privacy legislation.
B. Admission Requirements
Applications are encouraged from those individuals who possess an undergraduate baccalaureate degree. A four-year degree in computing science, science, or business is preferred, but all degrees are given consideration. Space is limited and admission is competitive. Meeting the minimum admission requirements does not guarantee admission.
To be considered for admission, applicants must present the following requirements:
- An undergraduate degree from a recognized educational institution: normally a four-year Bachelor’s degree (preferably in business, engineering or computing science); students with a three-year degree (for example, Concordia University of Edmonton’s three-year BSc) may be admissible but may be required to take qualifying courses.
- An admission grade point average (AGPA) of at least 3.0 (on Concordia University of Edmonton’s 4-point scale) or equivalent on the most recently completed 60 credits.
- A resume.
- A security clearance.
- Demonstrated fulfilment of Concordia University of Edmonton’s English Language Requirement, section 13.1.1.D.
All grades used in calculating the AGPA are adjusted according to Concordia University of Edmonton’s grade conversion scale.
C. General Academic Requirements
- Students must successfully complete 48 course credits in the program.
- Students must successfully complete 9 credits in a research project, which may or may not include a practicum (ISSM 580 or ISSM 581), and culminating in a formal report of the student’s research evaluated by an internal committee.
- Students must maintain a minimum grade point average of 3.0 with no course grade less than “C+”. Students who do not maintain satisfactory standing may be placed on academic probation, required to withdraw from the program, or asked to retake the course.
D. Program Requirements
60 credits required, to include:
- One of ISSM503 (Operating Systems Security), ISSM507 (Organizational Behaviour), or ISSM542 (Financial Accounting)
- ISSM521 (TCP/IP Security)
- ISSM525 (Securing an E-Commerce Infrastructure)
- ISSM531 (Advanced Network Security)
- ISSM533 (Cryptology and Secure Network Communications)
- ISSM535 (Firewall Fundamentals)
- ISSM536 (Digital Forensics)
- ISSM538 (Research Methods I)
- ISSM541 (Management Accounting)
- ISSM543 (Systems Development and Project Management)
- ISSM545 (Security Policies, Standards and Management)
- ISSM551 (Disaster Recovery and Planning)
- ISSM553 (Governance, Risk and Control)
- ISSM559 (Research Methods II)
- ISSM561 (Information Technology Law and Ethics)
- ISSM581 (Research Project)
E. Graduation Requirements
Students graduate on one of the three degree-conferral dates following successful completion of their program requirements as well as the general program requirements of The Faculty of Graduate Studies, section 13.1.4. For further information about graduation requirements, see Graduation Requirements, section 13.1.5.