Education

The Institute proposes a comprehensive educational cybersecurity program delivered by Pace University, located in the New York Metropolitan Area.  It consists of two offerings:

Beginning fall 2012, the Seidenberg School will offer an Advanced Certificate for Chief Information Security Management Officers (CISMO). This 15-credit certificate will be made available online and can be completed in as little as one year.  Candidates for the CISMO certificate should have at least 12 credits in management in addition to 9 credits in quantitative analysis and/or general computing. Prospective candidates may be graduates of MBA, IT, IS, MIS, or MS in Computer Science programs, or the equivalent.  Our CISMO certificate prepares functional managers striving to advance to higher strategic management rank and responsibility, the opportunity to assume the role of a Chief Information Security Management Officer.

Later, in fall of 2014, the school will introduce a 36-credit MS in Information Security Management with a concentration in Security Planning and Auditing.

Advanced Certificate for Chief Information Security Management Officers (CISMO) Curriculum

IS 641 Introduction to Information Security Management 3
IS 642 Information Security Planning and Policy: NSIT Standards 3
IS 643 Information Security Auditing and Risk Management: ISO Standards 3
IS 644 Business Continuity and Disaster Recovery Planning 3
IS 645 Information Security Management Project: The Role of the CISMO 3
Total Credits 15

Course Descriptions

IS 641 Introduction to Information Security Management

This course provides an introduction to Information Security. It is designed to help the MBA or equivalent student to grasp the main concepts of information security including information confidentiality, data integrity, and system availability. The course also presents related concepts as privacy, information assurance, and business continuity. While a great emphasis will be placed on managerial and operational security controls, the course also addresses technical security controls applied to access control, operating system and application security, network security, cryptographic solutions, and security protocols.

This course provides the student with a background, foundation, and insight into the full dimension of the subject of Information Security. This knowledge will serve as basis for playing roles in effective information security management. The primary objectives of the course are to:

  • Understand the importance of information security in business continuity.
  • Identify the key areas of information security and how to implement them.
  • Learn how to critically analyze security risks and define effective security management controls.

IS 642 Information Security Planning and Policy: NSIT Standards

The United States government requires all federal systems to have a customized security plan. In addition, the National Training Standard for Information Systems Security (INFOSEC) Professionals requires programs that meet this standard to produce students capable of developing a security plan. This course provides an introduction to security planning as recommended by NIST guidelines on developing security plans. The student is required to conduct a case study where a security plan is developed for a fictitious or real small size organization.

The purpose of this course is to provide an overview of the security requirements on existing computing environment and describe the controls in place or planned for meeting those requirements. The security plan presents all managerial, operational, and technical controls an organization will need in the next three years. The purpose, scope, and content of a security plan are covered in the first week of lecture. Several outlines for a security plan are shown from the following sources:

  • OMB Circular A-130 [2]
  • NIST Special Publication 800-18 [1]
  • Director of Central Intelligence (DCID) 6/3

IS 643 Information Security Auditing and Risk Management: ISO Standards

This course provides an introduction to security auditing based on the ISO 27000 family of standards. In addition to risk management, the course also presents both nominal security audit based on ISO 27002 and technical security audit based on ISO 27001. Each student is required to conduct a case study where he/she performs security audit for a fictitious or real small-size organization.

Security Audit program contains about a dozen security areas of audit focus that are performed by either an external auditor or internal auditor who aims at validating the compliance of the Information Technology and the enterprise to the ISO 27000 Series, Sarbanes-Oxley, HIPAA, and PCI-DSS.

Here is the main security audit objectives found in most security audit projects:

  • Corporate Security Management
  • Systems Development and Maintenance
  • Information Access Control Management
  • Compliance Management
  • Human Resource Security Management
  • Information Security Incident Management
  • Communications and Operations Management
  • Organizational Asset Management
  • Physical and Environmental Security Management
  • Security Policy Management
  • Disaster Recovery Plan and Business Continuity

IS 644 Business Continuity and Disaster Recovery Planning

Recent events in this world have increased the need for organizations to develop strategies for mitigating, preparing for, responding to, and recovering from small and large scale emergencies. In the context of a highly integrated global economy, nearly every business is likely to feel the effects of emergencies around the world, and in the face of intense competition, it is crucial that all businesses have a plan for continuing operations before, during, and after emergencies of all types.

This course presents an introduction to business continuity and disaster recovery planning. It includes a comprehensive advanced business continuity planning and management workshop which is designed to teach practical methods to develop, test, and maintain a business continuity plan. In addition to the BS 25999 business continuity standard, this course is based on industry best practices and guidelines for business continuity, disaster recovery, and emergency management.

IS 645 Information Security Management Project: The Role of the CISMO

This course recaps the requirements defining the roles on an information security management executive officer. This course reviews and presents all security managements activities and discusses and defines the different roles played by an executive cybersecurity management officer. The student develops a write-up/handbook where he/she defines all roles is expected to play at every security management activity.

The security management officer roles are written in terms of risk management, security planning, and security policy enforcement and auditing activities. The course also presents security guidelines, regulations, and standards that apply in information security management.

This course should be considered as a final project that recaps all security management roles that the successful executive cybersecurity management officer should play.