RE: MS in information security

[Bob Radvanovsky <rsradvan () unixworks net>]

See comments below.

Bob Radvanovsky, CISM, CIFI, REM, CIPS
"knowledge squared is information shared"
rsradvan (at) unixworks.net | infracritical.com | ehealthgrid.com
(630) 673-7740 | (412) 774-0373 (fax) 

----- Original Message -----
From: Jon Gucinski [mailto:gucinski () gmail com]
To: security-basics () securityfocus com
Subject: RE: MS in information security


> Hi-
>
> I earned my MS-Information Assurance from Iowa State University this past
> May.  It was a great experience straight out of undergrad and many companies
> I interviewed with were highly impressed.  We also had a number of people
> that had been in industry looking to make the switch to InfoSec, as it
> appears you are.  
>
> To my knowledge, no university currently offers a PhD in InfoSec.

** Actually, I've found a few. There are quite a number of programs with the title "information security management", 
"information assurance", "information security assurance", etc.  Here are a few that offer Ph.D degrees specifically 
for "information security" (location and URL for the program is provided):  

** George Washington University, Washington, D.C.
(and it's a Doctorate in Research Science, "D.Sc")
CURRICULUM: Information Security Management
URL: http://www.seas.gwu.edu/~jjchryan/dsc.html

** Naval Postgraduate School, Monterey, CA
Center for Information Systems Security Studies (CISR)
(Doctoral specializing in Information Assurance and Security)
CURRICULUM: Computer Science with a strong emphasis on ISM
URL: http://cisr.nps.navy.mil/downloads/04paper_ISdoc.pdf

** DePaul University, Chicago, IL
(Network Security Graduate Program)
URL: http://ipd.cti.depaul.edu/NSPbrochure.pdf

** DePaul University, Chicago, IL
(Information Systems Security and Management Program)
URL: http://ipd.cti.depaul.edu/ISSMPbrochure.pdf

> I will recommend that you evaluate each of the programs that you are
> considering carefully; the curricula vary greatly from school to school,
> even among the NSA Centers of Excellence.  Some of the programs seem (to put
> it bluntly) pretty crappy while others can be highly specialized in your
> particular interests.  

** The impression that I get is that "information security" or "information assurance" or some combination thereof, is 
mixed with some other "information management" or "computer science" curriculum, with a strong emphasis on security, 
cryptography, et. al.

** National Defense University works with folks, both military pesonnel and "private sector" folks in the Washington, 
D.C. area.  I have a contact there that might be able to shed a little bit of light on the subject matter.  He was my 
mentor from 15-17 years ago at Cal Poly in SoCal when I had studied Business and Computer Information Systems, and is 
one of the tenured professors teaching as part of the IRM curriculum at NDU.  Good school -- I'd highly recommend it if 
you can attend.

** URL about the IRM curriculum:
http://www.ndu.edu/catalog/irmc2body.htm
http://www.ndu.edu/IRMC/news/IRMC_Catalog2005.pdf

** According to the National Defense University's Information Resource Management (IRM) web site, here's a list of 
partnerships that NDU has throughout the nation that offer both forms of graduate studies (I'm guessing both Masters 
and Doctorate):

** URL: http://www.ndu.edu/irmc/ (main page for IRM @ NDU)
** URL: http://www.ndu.edu/irmc/partnerships/

Advanced Management Program, CIO Certificate, Information Assurance Certificate Program, Enterprise Architecture 
Certificate Program, and Organizational Transformation Certificate Program graduates can apply nine to fifteen graduate 
hours toward selected Master's and Doctoral degree programs at several regionally accredited partner institutions. The 
institutions, their web site, applicable degree programs, and point of contact information are provided below.

Application of graduate credits to specific degree requirements varies with each institution. The web site for the 
institution provides general information on the degree program; however, you should contact the representative for 
specific details relating to transfer of credits and admission requirements. Individuals participating in DoD's 
Information Assurance Scholarship Program may select only those programs annotated with "IASP qualified."

The IRM College actively seeks to develop new academic partnerships in response to student and institutional requests. 
Please contact Ms. Patty Coopersmith at coopersmithp () ndu edu or Dr. Brenda Roth at rothb () ndu edu for more 
information about IRMC partnerships.
 

IRM College MOU Graduate Degree Matrix

 
University
 Degrees Available per MOU
 
Capitol College

Graduate School

VA: Tanya Harlee
Quantico () capitol-college edu
703-640-7318

MD: Ken Crockett
gradschool () capitol-college edu
301-369-2800, x-3025
 Master of Science in Information and Telecommunications Systems Management (ITSM) (37-38 credit hours; traditional 
and/or on-line classes; credit hours applied to specific courses.)


15 credit hours applied for AMP and CIO certificate graduates.


Agreement effective for graduates December 2000 and forward.


 
East Carolina University

School of Industry and Technology

Biwu Yang
yangb () mail ecu edu
252-328-9666
 MS in Industrial Technology (MSIT), concentration in Digital Communication Technology (DCT) (36 credit hours; credit 
hours applied to specific courses; courses available online.)

15 credit hours applied for AMP and CIO certificate graduates.
9 credit hours IA graduates

Agreement effective for graduates December 1996 and forward.

 
George Mason University

School of Public Policy

Kristine McCord, Director of Graduate Admissions
spp () gmu edu
703-993-8099
 Master of Arts in New Professional Studies: Knowledge Management (36 credit hours; four required courses to be 
completed with a cohort; classes evenings and/or over weekends.)

15 credit hours applied for AMP and CIO certificate graduates.

Agreement effective for graduates December 2001 and forward.
 
School of Information Technology & Engineering

Sandy Mayo
703-993-1640
 Master of Science in Information Security and Assurance (MSIS) (30 credit hours) (IASP qualified)


Master of Science in Information Systems (MSIS) (30 credit hours) (IASP qualified)


Master of Science in Software Engineering (MS-SWE) (30 credit hours) (IASP qualified)


Doctorate of Philosophy in Information Technology; Doctorate of Philosophy in Computer Science; Doctorate of Philosophy 
Engineer in Information Technology (number of credit hours for PhD depends on master's degree transferred; credit hours 
applied towards specific courses.) (IASP qualified)


9 credit hours applied for IA Certification graduates.


Agreement effective for graduates December 2000 and forward.

 
School of Information Technology & Engineering

Dr. Jeremy E. Allnutt
jallnutt () gmu edu
703-993-3810
 Master of Science in Telecommunications (30 credit hours; credits applied towards specific courses.)

9 credit hours applied for IA Certification graduates.

Agreement effective for graduates December 2000 and forward.
 
James Madison University

College of Graduate and Professional Programs

Kenneth Bahn
bahnkd () jmu edu

540-568-3009
 Master of Business Administration, concentration in Information Security (45 credit hours; credits applied towards 
specific courses; primarily online) (IASP qualified)

15 credit hours applied for AMP and CIO graduates with IA certification/concentration.

9 credit hours applied for IA Certification graduates.

Agreement effective for graduates December 2001 and forward.
 
Department of Computer Science


Hossain Heydari
heydarmh () jmu edu

540-568-8745

 Master of Science in Computer Science (concentration in Information Security) (33 credit hours; credits applied 
towards specific courses; cohort distance learning) (IASP qualified)


9 credit hours applied for IA Certification graduates.
 
Johns Hopkin University


Dr. Gerald Masson
masson () jhu edu
410-516-4250
 Master of Science in Security Informatics (MSSI) (30 hours; credits applied to specific courses) (IASP qualified)


9 credit hours applied for AMP and CIO graduates with IA certificate/concentration.


9 credit hours applied for IA Certificate graduates.


 
Mississippi State University

Bagley College Of Engineering
 MS in Computer Science (MSC) (20 credit hours required beyond transfer; some courses available online, one year 
residence required) (IASP qualified)


15 credit hours for AMP and CIO graduates who possess IA Certification; 9 credit hours for graduates of IA only.
 
College of Business and Industry

POC: David Dampier
dampier () CS MsState edu
662-325-8923
 MS in Information Systems (MSIS) (15 credit hours required beyond transfer; credit applied to specific courses) (IASP 
qualified)


15 credit hours for AMP and CIO graduates who possess IA Certification; 9 credit hours for graduates of IA only.


Will consider doctoral students on a case-by-case basis.

Agreement effective for graduates December 2000 and forward.
 
New Mexico Tech

Dr. Andrew H. Sung
sung () cs nmt edu
505-835-5126
 Doctorate of Philosophy in Computer Science (36-42 hours additional required)

9 credit hours applied for IA Certification graduates
15 credit hours applied for CIO graduates
 
Northeastern University

Colleges of Computer and Information Science and College of Criminal Justice

Agnes Chan
ahchan () ccs neu edu

617-373-2464
 Master of Information Assurance (additional 24 credits required)

9 credit hours applied for IA Certificate graduates
 
School of Professional and Continuing Studies

Todd Leach
tleach () neu edu

617-373-2420
 Master of Professional Studies in Informatics 

9 credit hours applied for IA Certificate graduates

15 credit hours for CIO graduates who possess IA Certification; 9 credit hours for graduates of IA only.
 
Pace University

School of Computer Science and Information Systems

Susan M. Merritt
smerritte () pace edu

212-346-1200
 MS in Internet Techology; MS Computer Science; or MS Information Systems (additional 21 credit hours for CIO 
certificate holders; additional 27 credit hours for IA certificate holders)


15 credit hours for CIO graduates who possess IA Certification; 9 credit hours for graduates of IA only.

 
Polytechnic University

Stuart Steele
ssteele () rama poly edu
718-260-3357
 MS Computer Science (additional 27 credits required)

9 credit hours applied for IA Certificate graduates
 
Syracuse University

School of Information Studies
Admissions: 
Kathy Allen
kallen02 () syr edu
315-443-4251

General Questions:
Scott Bernard
sabernar () syr edu
703-532-4243
 MS in Information Management, Concentration in Information Assurance


(30 credit hours; courses available in D.C., online, or Syracuse) (IASP qualified)


15 credit hours applied for AMP and CIO certificate graduates; 9 credit hours applied for IA graduates.


Agreement effective for graduates December 1993 and forward.

 
Texas A&M University

Center for Information Assurance and Security


Wei Zhao
w-zhao () tamu edu
979-845-9776


 MS Computer Science
MS Computer Engineering
Master of Computer Science
Master of Engineering in Computer Engineering
PhD Computer Science
PhD Computer Engineering
MS Electrical Engineering
Master of Engineering in Electrical Engineering
PhD Electrical Engineering
MS in Management and Information Systems
PhD in Information and Operations Management


(21-24 credits additional for Master's; 52 hours for PhD if Master's was in an approved program, 84 if Master's was not 
in a related field) (all degrees IASP qualified)

Will award 9 credits to IRMC students who complete IA Certificate and possibly more credits for those students who 
complete the CIO Certificate with the IA concentration
 
Towson University

Patricia Beere
pbeere () towson edu

 Master of Science in Applied Information Technology (33 hours; credits applied to specific courses) (IASP qualified)


15 credit hours applied for AMP and CIO graduates with IA certification/concentration; 12 credit hours for IA 
Certificate option 2; 9 credit hours applied for IA Certificate option 1 graduates.

 
University of Dallas


Graduate School of Management

Eva Carwyle ecarwile () gsm udallas edu
972-721-5392
 Master of Business Administration, concentration in Information Assurance (MBA/IS) (49 hours; courses available 
online; credit hours applied to specific courses) (IASP qualified)

Master of Management in Information Assurance (31 hours; courses available on-line) (IASP qualified)


Master of Science in Information Assurance (31 hours; courses available on-line)


15 credit hours applied for CIO certificate graduates; 9 credit hours applied for IA graduates


Agreement effective for graduates December 2001 and forward.

 
University of Maryland, Baltimore County

The Graduate School and College of Engineering

Alan T. Sherman
dralansherman () starpower net
410-455-2666
 Master of Science in Computer Science (30-33 credit hours; resident only) (IASP qualified)


Doctorate of Philosophy in Computer Science (IASP qualified)


9 credit hours applied for IA Certification graduates.


Agreement effective for all CIO with concentration in IA and IA Certification graduates.

Will consider PhD candidates on a case-by-case basis.

 
University of Maryland University College

Graduate School of Management & Technology

Paul Keller
pkeller () umuc edu
301-985-4616

General questions:
Jim Cronin
jcronin () umuc edu
240-684-5153/5151

 MS in Computer Systems Management (CSMN) (36-39 credit hours; courses available online; credit hours applied to 
specific courses)


MS in Telecommunications Management (TLMN) (36-39 credit hours; courses available online; credit hours applied to 
specific courses)


15 credit hours applied for AMP and CIO certificate graduates.


Agreement effective for graduates April 1995 and forward.

 
Robert Ouellette
rouellette () umuc edu
301-985-7833
 MS in Electronic Commerce (credits applied to specific courses)


15 credit hours applied for eGOV certificate graduates.

 
University of Nebraska at Omaha

The College of Information Science and Technology

Blaine Burnham
bburnham () mail unomaha edu
402-554-2039
 Master of Science in Management Information Systems 
(15 credit hours; for AMP and CIO graduates with IA concentration)
 
University of North Carolina at Charlotte

Bill Chu
billchu () uncc edu
704-687-4568
 Master of Science in Information Technology (MSIT) (30 credit hours; residence only) (IASP qualified)


15 credit hours for AMP and CIO graduates who possess IA Certification; 9 credit hours for graduates of IA only.


Agreement effective for graduates December 2000 and forward.

 
University of Texas at San Antonio

Glen Dietrich
gdietrich () utsa edu
210-458-5354

 Master of Science in Information Technology (concentration in Information Assurance) (33 credit hours) (IASP qualified)

15 credit hours for AMP and CIO graduates who possess IA Certification. (9 credit hours for IA graduates)
 
University of Tulsa

Center of Information Security

Sujeet Shenoi
sujeet () euler mcs utulsa edu
918-631-3269
 Master of Science in Computer Science (concentration in Information Assurance) (30 credit hours; credit hours applied 
to specific courses; residence only) (IASP qualified)


Doctorate of Philosophy in Computer Science (concentration in Information Assurance) (90 credit hours, which includes 
30 credit hours for transfer of master's degree; 45 additional credit hours needed, if prerequisites are met; credit 
hours applied to specific courses; residence only) (IASP qualified)


15 credit hours for AMP and CIO graduates who possess IA Certification. 
(9 credit hours for IA graduates)

Agreement effective for graduates December 2000 and forward.

> If you have any more questions, please don't hesitate to ask either on the
> list or to my personal address.
>
> -Jon Gucinski

** As an aside, I, too, would like to get a Ph.D or D.Sc in Information Security or Information Assurance or 
Information Security Management, or something similar.  The thing is, and what was explained to me, was that, unless 
you're willing to spend 7-10 more years studying your arse off, and plan on doing research, what would a Doctorate 
degree get you?  To me, having the Ph.D would signify *THE* graetest accomplishment that I could ever achieve (I am the 
FIRST member of my family to ever have had a Masters Degree in an advanced study, in this case, Computer Science, and 
was the FIRST member to ever have obtained a Masters Degree...period; 2 other members got a Masters later, but were 
Liberal Arts related: Poly Sci, the other History).  

** My beef about this is this: if you plan on doing an advanced study research project, or want to teach (say at NDU, 
or GMU, or someplace like that), having a "Ph.D" would help you.  BUT...you'd have to be willing to do an awful lot of 
writing of whitepapers, writing books, etc., not to mention give presentations about your theories and openly 
discussing with people and government, your ideas and concepts.  Would you be willing to do that?

** For example, I have been actively writing on open discussion forums and blogs since 1996, and have had other 
postings date as far back as 1987.  Within the past 3 years, I have been trying to find a need for something more in 
life that gives me a sense of "purpose and meaning".  I was getting VERY tired of being simply labelled as a "systems 
administrator", even though I've done quite a bit of the other tasks involved within the Information Security realm: 
risk assessments, pen-tests, disaster recovery and business continuity planning, strategic planning, et. al.  One of 
the caveats that I've found is that once Corporate America labels or brands you as something, you're stuck with that 
UNTIL you've proven yourself in something else through a positive, yet drastic, method -- say writing a book about 
Homeland Security (which I did, and will be out sometime in May 2006).  Does this make me an "expert" (per se)?  Hardly 
-- just another person who is trying to find a better niche for themselves.  Read some of my whitepapers that I've 
written (http://www.unixworks.com/uw-research.html), if you're interested.  These papers are available FREELY for 
anyone's reading pleasure.

** If that's what you're looking for, then I wish you ALL THE BEST -- more power to you and your efforts.  Acquiring a 
Ph.D in any one of these programs, for that matter, a Ph.D in ANY higher-level study, with an emphasis in Information 
Security -- would be a "good thing".

** One more thing that you should be aware of -- the "information security industry" is currently undergoing a 
*change*; that is, there's a convergence of studies in how security is done -- at all levels.  Physical, cyber, and 
policy management security seem to be all converging together into ONE course of study.  You might want to look around 
for topics relating or pertaining to "Homeland Security".  Check out something called the "Homeland Security Institute" 
-- most of the big colleges and universities are now offering courses about this topic -- some are doing it on their 
own, while most are affiliated with the Homeland Security Institute (which I *think*) is an educational learning center 
affiliated with the Department fo Homeland Security.  Be wary in that some of these "institutes" may or may not be 
affiliated with DHS's HSI.

** This might be another way for you to get your "Ph.D" in a security-related topic.  ;))

** Good luck!  This message will self-destruct in 5 seco...

-rad 

> -----Original Message-----
> From: Daniel Accioly Rosa [mailto:listas.accioly () terra com br] 
> Sent: Wednesday, February 01, 2006 6:12 PM
> To: security-basics () securityfocus com
> Subject: RE: MS in information security
>
> Hi,
>
> I'm currently doing a MSc. in Information Security at the Royal Holloway
> College, which is part of the University of London. The ISG (Information
> Security Group) has an enormous reputation and the course is great!
>
> The idea of the course is to be a foundation for the infosec professional.
> So, instead of learning "on the fly" you can stop and organize the concepts
> in your head, being able to discuss issues from secure application
> development to ISMS, information security management and its relevance to
> various industries.
>
> It is a 1 year program full time, but also have the option of being 2 years
> part time, which gives the advantage of combining experience on the market
> (as you work) and the theoretical foundation. I found this a great way to
> come back to college and learn a little more.
>
> More info at http://www.isg.rhul.ac.uk/. I hope it helps.
>
> Daniel Accioly Rosa, CISSP CISA
> daniel.accioly () terra com br
>
> -----Original Message-----
> From: bob1th () yahoo com [mailto:bob1th () yahoo com] 
> Sent: segunda-feira, 30 de janeiro de 2006 20:52
> To: security-basics () securityfocus com
> Subject: MS in information security
>
> Hello, 
>
> I noticed that the question of 'CISSP or degree' got a lot of feedbacks and
> comments.  I am also considering more education in order to enter security
> field.  I already have BS degree from good school and working for a IT
> company working with various applications.  However, I have always wanted to
> be a little bit more technical and be exposed to more research-like
> environment.  Not sure if I want Ph.D., but definitely looking at one of
> those MS in information security.  Georgia Tech and several other reputable
> universities offer such program.  
>
> After working almost 2 years in industry, I know that experience is really
> important and that I can acquire the knowledge myself through many sources
> although I don't go back to school to do it. On the other hand, the idea of
> getting higher or specialized education and degree is really appealing.
> Also, since my current work does not have anything to do with security,
> getting more education might offer me a better chance of getting in to
> security field than studying on my own, getting some certs and try to
> convince companies to believe that I know about security. 
>
> Any opinions welcome
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
> University program offers unparalleled Infosec management education and the
> case study affords you unmatched consulting experience. 
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations. 
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.14.25/247 - Release Date: 31/1/2006
>  
>
> -- 
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.14.25/247 - Release Date: 31/1/2006
>  
>
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Tailor your education to your own professional goals with degree 
> customizations including Emergency Management, Business Continuity Planning,
>
> Computer Emergency Response Teams, and Digital Investigations. 
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Tailor your education to your own professional goals with degree 
> customizations including Emergency Management, Business Continuity Planning,
>
> Computer Emergency Response Teams, and Digital Investigations. 
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------