MSIAS Master of Science in Information Assurance and Security What's it All About? The MSIAS degree is a unique program in that it is an interdisciplinary program of study among three colleges: Business Administration, Engineering and Computer Science. Due to this collaboration between the colleges, students will be exposed to a diversified core curriculum with a choice of 3 different elective tracks, having in-depth curriculum in their track while gaining familiarity in the other two. Upon graduation, students will be able to perform: * Cyber Security Analysis of vulnerabilities and threats to network environments * Network Penetration Testing, Auditing for Certification and Accreditation * Technical Project Management in Information Technology Students will also be able to integrate the business and scientific underpinnings of information technology trends related to the System Development Life Cycle, and understand the federal, state and local statutory requirements associated with Information Security through the Information Assurance Technical Framework (IATF). MSIAS is a 33 graduate level credit program: 18 of the credits are part of the core classes while the other 15 are focused on the specific track. Objectives The MSIAS program has three primary objectives: The first objective emphasizes the multi-college, multi-disciplinary characteristics of the Information and Information Systems Assurance solutions. By bringing this mix of disciplines into the classroom, this program emulates the real world challenges of Engineers, Managers, and Scientists, who must work together to resolve their IT security challenges. The threats are numerous—viruses, intrusions, industrial espionage, etc. and security requires a asic awareness of the physical, personnel, and technical (network/ application/ hardware/software) dimensions of information systems. Secondly, the program takes existing software development and engineering processes and overlays the mandated security requirements of a technology solution to provide an educational platform for Managers, Scientists, and Engineers to specialize in the security aspects of information and information technology in the system concept, design, and development phases. The third objective takes this same group, Managers, Scientists, and Engineers and provides a controlled networked environment to address the continuous monitoring required of any operational networks. In labs students learn to contend with the dynamic nature of incident responses to threats not yet known, the continuous balancing of the feasibility of security versus operational need, the planning for business continuity, disaster recovery, and the sustainment of critical business resources in an evolving networked environment. Admission Requirements Unconditional Admission: Unconditional admission requires a GPA of 3.0 (4.0 scale), a minimum of a 1000 on the GRE verbal and quantitative sections, and a minimum of a 3.0 on the analytical and writing portions; or a minimum of 500 on the GMAT. Also, international students must have an acceptable score on the TOEFL or IELTS. Applicants for MSIAS need to have a bachelors degree in a curriculum related to one of the following: Management in Computer Information Systems, Computer Science, Electrical Engineering, Computer Engineering, or Information Systems Security Engineering. Tracks are as follows: Business: Bachelors degree in a business or related field; students with a bachelors in an unrelated field will be required to take the following prerequisites—Economics/microeconomics, Calculus and Statistics Computer Science: Bachelors degree in computer science or a related field; student's with a bachelors in an unrelated field will be required to take the following prerequisites—Data Structure, Operating Systems, Algorithm Design andAnalysis, Computer Architecture and Probability and Statistics Engineering: Bachelors degree in engineering from an ABET accredited program; students with a bachelors in an unrelated field will be required to take the following prerequisites—Data Structure, Operating Systems, Algorithm Design and Analysis, Computer Architecture, Probability and Statistics Conditional Admission: For those who do not satisfy the unconditional requirements, applications will be considered for conditional admission. The Program All students must take the following core courses. IS 501 - Introduction to Information Assurance: Overview of information security from a technical project management and risk management perspective. IS 563 - Computer Forensics: Looks at problems and concerns related to computer investigations blending traditional methods with classic systems analysis technique. CPE 549 - Introduction to Information Assurance Engineering: Introduction to information security requirements and hardening techniques such as cryptography, Network O/S, and file structures. CPE 649 - Advanced Information Assurance Engineering: Advanced concepts of network vulnerability analysis and attack vector development with mitigation strategies. CS 570 - Introduction to Computer Networks: Introduction to the organization, secure architecture and operation of computer networks. CS 670 - Computer Networks: Detailed analysis of the organization and operation of computer networks focusing on algorithms and organizations for the Transport Layer, Network Layer and Data Link. The MSIAS degreee will be awarded by the unit offering one of the following tracks. Business Track Computer Science Track Engineering Track The Business track looks at the security requirements mandated by statutory authority and analysis of business impact as it relates to the System Development Life Cycle. This track introduces tools and techniques for proven methodologies in technical project management related to integrating information security best practices into system development while minimizing associated risks. The Computer Science track involves developing, documenting and maintaining secure coding practices for scripts and applications. Also included are the design aspects of networks ensuring a risk mitigated network in relation to confidentiality, integrity and the availability of data and devices. The Engineering track takes existing and proven practices and enhances them with an education in the National Institute of Standards and Technology (NIST) and the Defense Information Assurance Certification And Accreditation Process (DIACAP). This approach will address security issues in future technologies during the concept & requirements stages of system design and the formulation of the hardware design. This type of forward thinking security design is a void in the industry today. Business Track Courses (15 hours): Computer Science Track Courses (15 hours): Engineering Track Courses (15 hours): IS 577 (3 hours)-Network defense and Operation SystemsIS 560 (3 hours)-Telecommunications and NetworkingIS 660 (3 hours)-Information Security ManagementIS 670 (3 hours)-Business Continuity Planning (capstone course of the Business track)600 level elective (3 hours) in IS, CS, or ECE. CS 585 (3 hours)-Introduction to Computer SecurityCS 685 (3 hours)-Computer SecurityCS 553 (3 hours)-Client/Server ArchitecturesTwo courses in Computer Science at the 600 level (must be approved by the department )(6 hours)All students must pass a written comprehensive final examination. EE693 (3 hours)-ECE capstone (required)Choose 4 of the following:CPE 645 (3 hours)-Computer Network SecurityCPE 551 (3 hours)-Software Design and EngineeringCPE 647 (3 hours)-Ubiquitous ComputingCPE 646 (3 hours)-Mobile and Wireless NetworksCPE 648 (3 hours)-Advanced Computer Networks Note: All programs of study must be approved by the program committee. How to Apply Graduate Application Forms are available from: http://www.uah.edu/graduate/admissions/application If you have questions, call Jackie Siniard at 256-824-6316.