MS "Cybersecurity" Programs?

Has anyone else noticed the recent proliferation of Masters programs in "Cybersecurity"? I have seen several schools now offering either newly established or in some cases re-named "Cybersecurity" programs. How do these differ from a Master's program in Information Assurance or Information Security? Utica College, University of Maryland University College, NYU-Poly, Stevens Institute of Technology are all examples of schools with "Cybersecurity" programs. How is a "MS in Cybersecurity" likely to be viewed by employers or in the academic community? Is this degree track one that has been created to fill a perceived niche in the employment market, or a truly viable and valuable academic course of study? Opinions? Thoughts? Experiences?

 

Cybersecurity is really an aspect of the overall information assurance (IA) arena. While in traditional information systems programs, cybersecurity is usually captured in network forensics or web/cyber forensics course. However, recent attacks on government websites as well as high profile hacking attempts on some big businesses by folks in remote areas of the world have made the information security field, a major field that has seen a huge hiring explosion recently in the public and private sector. Information assurance, an area influenced and developed vastly by the federal government (NSA & DHS), expands the traditional information systems security arena to include physical location or environmental security, human resources or staff and all employees within a work environment, as well as the management of technology and people. While private businesses still refer to the field as information security, since this is just one aspect of the overall IT function in private sector businesses, Cybersecurity, which is used interchangeably to refer to Information Assurance in many cases within the federal government, deals with active monitoring and management of information systems and people directly related to internet-connected systems and access as well as response to security incidents.

In terms of demand, the federal government (especially the NSA and DHS) has huge demands for information assurance professionals. To encourage new entrants into the area, they have created scholarships as well as have school/program certifications programs with the aim of expanding the number of IA professionals available to staff the infrastructures of the federal government as well as those of businesses. Since this is a field that will continue to grow rapidly, when choosing a program, pay more attention to the content of such program because many of them are created with different slants to them; the technical side of information security, the management side of information security, and the homeland security slant to it.

Also, since some programs offer specializations in narrow areas, the best programs which usually meet the NSA and DHS's 6 CNSS standards, as well as, cover (ISC)2 CISSP certification domain (the gold standard certification when it comes to information security), addresses security from three angles namely: organizations, national, international, while also covering the 10 information security domain specified by (ISC)2 organization. Further, there is also a strong movement by ASIS International (an expert organization in physical security) for full integration of information and physical security, which the information assurance captures more than traditional information security or information systems security.

So moving forward, since we all accept the security facts or realities of post-9/11, and the threats posed by internet security due to the disruptive nature of hacking and the ease at which hackers can cause havoc from far away countries, the need for information assurance professionals will continue to increase hence, the proliferation of various forms of new information security, cybersecurity, or information assurance programs with strong backing from the federal government. An example of a model IA program is this one offered by Capitol College, which comprehensively covers all relevant domains of the field. I say "model" because very few (under 5) programs, among the many certified by NSA and DHS; as well as some schools which are research institutions (CAE-R versus CAE), maps to all domains. If you are interested in entering an IA program, the right place to start your program search is here.

 

make this post a sticky.

 

Awesome post, Cyber. Thank you! In the spirit of making this a great sticky, you mentioned Capitol College as one of the "Model" programs. What other programs fit or come close to fitting the "model" criteria that you proposed in your response? Do many of these include the original 7 NSA Centers of Excellence? What about programs like Norwich, which seems to have a very good reputation amongst govenrment and private sector IA professionals? I think program reputation is of critical importance in this field, particularly to those who are seeking the most coveted IA, Infosec, or Cybersecurity positions in the industry. Can anyone contribute their opinions or insight from industry or academic experience regarding specific programs and their overall reputation and quality of relevant curriculum?

 

The MS in Information Security Engineering program offered by The SANS Technology Institute is one worth watching. Currently a candidate for Accreditation by the Commission on Higher Education of the Middle States Association of Colleges and Schools, the program's tuition is around $31k, and based on course work schedule, it looks like a solid program with a good mix of practical hands-on treatment of all core information security/assurance areas. It would be nice to pay $31k for the degree only once it has secured full regional accreditation, however. Again, a program worth paying attention to.

 

Since this message is now stickied, I guess I'll re-post my non-exhaustive list of online Information Security/Assurance programs. Note that you'll need to figure out if any of these will fit your needs, and in particular, put them through Cyber's filter/advice above if you're concerned re the utility of the program:

Listed by price (all are RA unless otherwise indicated); tuition prices were recorded 6mths-1yr ago so they may not be entirely accurate but are in the right ballpark:

Fort Hays State University
Master of Liberal Studies, concentration in Information Assurance
http://www.fhsu.edu/mls/conc/ia.shtml
$6,975 31 hours

Columbus State University
Master of Science Applied Computer Science, concentration in Information Assurance
http://academics.colstate.edu/catalogs/2009-2010/reqs/COS_MSapcompsci.htm
$7,584 36 hours

Western Governors University
Master of Science in Information Security and Assurance
Online IT Degree | MS in Information Security and Assurance
$11,560 (2 years tuition) - includes multiple certifications, ex A+

Dakota State University
Master of Science in Information Assurance
MSIA - Master of Science in Information Assurance - Dakota State University
$12,133.80 36 hours

Davenport University
Master of Science in Information Assurance
Davenport University > Home > Degrees and Majors ___ > All Degrees (Alphabetical)
$15,655 31 hours (thesis REQUIRED)

TUI University
Master of Science in Information Technology Management (Information Security / Assurance and Digital Forensics)
TUI University - Master of Science in Information Technology Management
$16,560 40 hours (quarter credits)

Nova Southeastern University
Master of Science in Information Security
http://www.scis.nova.edu/Masters/Academic_Programs/Academic_Programs_MSIS_info.html
$18,000 31 hours

University of Dallas
Master of Science in Information Assurance
University of Dallas - Home
$18,600 31 hours

Charles Sturt University (AUS)
Master of Information Systems Security
Course overview | Master of Information Systems Security | Postgraduate | Courses | Charles Sturt University
$19,098.71 96 "points"

Capitol College
Master of Science in Information Assurance
Information Assurance (MS) | Capitol College
$19,764

University of Maryland University College
Master of Science in Information Technology: Information Assurance
Master of Science in Information Technology - Graduate School of Management & Technology - UMUC
$21,747 ($14,124 for Maryland residents) 33 hours

Brandeis University
Master of Science in Information Assurance
Programs and Courses | Graduate Professional Studies | Brandeis University
$22,050 30 hours

Mercy College
Master of Science in Information Assurance and Security
https://www.mercy.edu/pages/892.asp
$22,260 30 hours (capstone)

University of Denver
Master of Science in Information Systems Security
Information Systems Security master's degree online University College, University of Denver
$24,672 48 hours (quarter credits)

Penn State University
Master of Professional Studies in Information Sciences (Information Assurance and Decision Support focus)
Penn State | Online Masters of Professional Studies in Information Sciences | Overview
$27,225 33 hours

American Intercontinental University
Master of Information Technology (Information Security focus)
American InterContinental University
$30,870 48 hours (8 courses)

 

The SANS program is a heck of a lot cheaper if you do the work study option. A 6 day long course that normally would cost 3,500 to 4,000 only winds up costing 800. If you do the math it actually only comes out to 7,200.00 + whatever you pay for hotel and food at the conferences. (You can combine a 1-2 day with a 6 day at the major conferences which includes 4 months of Ondemand access and the certification for 800.00. Then add another 100.00 to go Gold/write the paper. That's 900.00 for 5 credit hours. They give work study priority to STI students) I was considering going that option since I have over half the coursework completed as part of my normal training agenda the last few years (I usually volunteer every year at the Orlando SANS conference) and half of the certifications done but without accreditation I'm worried I won't be able to get into a doctorate program. Something tells me they won't be accredited by the time I'm ready later in 2011 so am trying to go the NSU route instead.

 

Thanks for the list. Very informative....

 

I was going to post in a new forum but this kind of transitions into this topic. I am looking at AIU bach and then masters program for cyber security. Are they actually respected in the field? I have been reading up on the university and they seemed to have a lot of accreditation issues. I only want to spend this money once so I would appreciate some people's experiences and thoughts. Has anyone completed their online program in this field? did they feel it prepared them for work out there? Were they well received by hiring managers? Are they comparable to other institutions? Thanks!

 

I'm not sure how factual this is, but I've heard degrees in information assurance are generally considered worth more if the place they're offered is listed as a Center for Academic Excellence in Information Assurance by the National Security Agency.

The list of such institutions is found here: Centers of Academic Excellence - Institutions - NSA/CSS

Fort Hays and some of the other Unis mentioned are listed.

 

What do you guys think of DSU? I was going to apply there...

 

A Navy buddy of mine is taking up Cybersecurity at UMUC. He's originally from Oklahoma and I told him about a grad certificate Oklahoma State offers online. He's a Sooner fan to the core and hates Okstate.

Curriculum, CTANS

 

Utica

Has anyone heard anything about Utica College MS Cybersecurity program. I know that its fairly new. I can't seem to find any detailed information about their program.

 

Norwich University has an MS in Information Assurance program. Norwich is a NSA/DHS Center of Excellence.

Norwich University Master of Science in Information Assurance Online Masters Degree Program

 

Guys, how about AOT? What do you think of this. Is it good to have some certificate course there?

 

Hi all I am in the last stages of my Bachelors of Arts in Management INformation Systems and I am doing an unpaid internship with a local I.T. Contractor. He is really nice and he told me I should take 2 more cours in networking and security because it will benefit me. I let him know that I wanted to pursue my Masters in Cybersecurity. He told me he wouldn't recommend it because security is always changing...Is this true? Will a Masters in Cybersecurity not be beneficial? He told me networking and security are "hot' as of now.

 

Love2Learn, first, let me say that security (both physical and electronic) "ain't going anywhere;" there will always be need for "stuff" to be secured. That said, I have a strong feeling that your boss is suggesting a path that will benefit him or his company immediately (two classes versus one or two years of graduate work). From the perspective of seeking graduate education, you can't be wrong by pursuing something higher than your BS degree; the question really should be in what variant of security.

First, what you should know is that there is no information systems security program (my use of information security systems here include programs such as cybersecurity, information security, information assurance, computer security, security engineering, electronic security, security management and homeland security with specialisms in information assurance/security etc.) that is complete without atleast one networking class. Second, you need to decide what part of information security you want to specialize in; were you intend to work might help you decide (for example, the federal government values information assurance specialisms more than others although other highly technical areas like cryptography and computer/software engineering security might get you in also).

If I were in your shoes, I probably will take those two classes that your boss have suggested if you can afford it as part of your BS program, or make sure that the MS degree that you get into include those classes as required courses; the best programs are those certified and termed "Centers of Academic Excellence" by the National Security Agency and the Central Security Service of the United States. Also, since I pay more attention to course content than the program name, I would make sure that the program I ultimately get into is technical in nature not management-inclined. That means course such as cryptography, software application security, telecommunication network security and/or wireless network security must be part of it, in addition to a complete coverage of all 10 ISC2 CBK domains (namely: Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security Governance and Risk Management, Legal-Regulations -Investigations and Compliance, Operations Security, Physical (Environmental) Security, Security Architecture and Design, and Telecommunications and Network Security).

I say that because most of the security programs that are not part of a computer science program do not cover all the technical areas, which are very important if you want to remain on the technical side rather than the management side. On more thing: IT contractors, such as your employer, do alot of penetration testing work (also referred to as ethical hacking). That may be the skill set that your boss is angling for your to acquire; I would get a good a ethical hacking book to brush up on the basics or make sure it is part of your present or future program (again, not many programs include it; EC Council offers a certificate worth looking into, if that is an area of interest). Before I talk too much, continue on with your master's degree, in addition to what ever else your present boss tells you. Goodluck with deciding...

 

Thank you for your in depth post! I greatly appreciate it. I am very confused about going forth with my Masters degree in Cybersecurity because of his comment. I do plan on working for the public sector in the future, so I believe that Cybersecurity would be beneficial to me. I get a little deterred when people make comments like,"What if all computer jobs get outsourced?" or "What if there is another dot com bust or something similar to where computer people are no longer needed?" When people discourage me with these questions I start contemplating on not pursuing the I.T field further. I pursued the I.T. field because I love working with computers but I especially enjoy Network Security.. .. does anyone think that I should be worried about the future. I am 29 right now.??

 

I would not worry too much. The people to be concerned are the ones in IT that refuse to reinvent themselves with learning new skills. Right now security is the hot ticket. Imagine if someone got their A+ in 1999 when it covered 3.11, W95 and DOS. Imagine if they did not learn NT, 2000, Active Directory, security, etc. What would happen? Listen, IT is here to stay but you have to be willing to keep up with technology. As long as you are fluid and enjoy change, you will stay at the leading edge and be in higher demand.

 

Thanks for your response! I will still pursue my Masters in IT or Cybersecurity. I am confident that technology is here to stay as well. I also read the U.S. Government Bureau of Labor Statistics (BLS) and it said Computer Information Systems will be one of the most indemand jobs of the future with the most openings.