Master of Science in Information Security and Assurance

This is an archived copy of the 2017-18 Catalog. To access the most recent version of the catalog, please visit

Program Director: Rosemarie Pelletier

The Master of Science in Information Security and Assurance program delivers state-of-the-art, high-quality, and convenient education to busy professionals committed to furthering their careers in information security and assurance. In particular, the Master of Science in Information Security and Assurance program appeals to chief information, technology, and information security officers of business and governmental organizations. Additionally, it is designed for security administrators, network administrators, information technology specialists, professionals in the information technology field, and military personnel. Master of Science in Information Security and Assurance graduates are leaders and innovators in information security and assurance, bringing sound interdisciplinary perspectives to the field.

The program balances academic rigor with convenience. This combination maintains and respects Norwich University’s long educational heritage while it meets the needs of today’s working students. The program hires instructors of high professional stature and demands highly personal and extraordinary academic interactions with students.

The program's information security and assurance curriculum includes exploration of the current state of the information security and assurance marketplace. White papers, Web sites, discussion groups, conference proceedings, professional association meetings – all provide opportunities to learn about which products and services are being discussed and used by practitioners of information security and assurance.

The case study is a required part of the Master of Science in Information Security and Assurance program and each student is required to demonstrate access to an organization or industry segment which will serve as their case study during the program. Throughout the program, students read about and discuss the topics at hand; as they study various aspects of information security and assurance, students must analyze the situation at their workplace or case study site every week with respect to the week’s topics, and to complete three writing assignments applying the seminar principles and lesson to the case study. Students use their research findings to prepare a report with recommendations for improvement of specific areas of information security and assurance to be submitted in the last week of each seminar to the program's instructors.

Curriculum Map

Semester 1Cr.Semester 2Cr.Semester 3Cr.
GI 512 Foundations and Historical Underpinnings of Information Assurance6GI 532 Human Factors and Managing Risk6Select one concentration course6
GI 522 Information Assurance Technology6GI 542 Information Assurance Management and Analytics6Select one concentration course6
  GI 595 Residency10
Semester Total Credits12Semester Total Credits12Semester Total Credits12
Total Credits For This Major: 36

Students are required to attend a one-week, on campus Residency Conference the June following or concurrent with their final course.

Curriculum Requirements

Four of the six seminars in the 36 credit hour program are core requirements and two courses comprise an elective concentration. All courses are focused on providing an opportunity for students to acquire and exercise the knowledge and skill expected of top-level managers of information security and assurance in today’s demanding security environment.

Required Core Courses (24 credits)

GI 512Foundations and Historical Underpinnings of Information Assurance6
GI 522Information Assurance Technology6
GI 532Human Factors and Managing Risk6
GI 542Information Assurance Management and Analytics6
Culminating Academic Requirement
GI 595Residency0
Total Cr.24

Concentrations (12 credits)

One of the following two-seminar, 12-credit concentrations is required to complete the 36 credit hour program: Project Management, Forensics, Critical Infrastructure Protection and Cyber Crime, Vulnerability Management, Cyber Law and International Perspectives on Cyber Space.

Project Management Concentration

The Project Management concentration offered to the MSISA students uses a sequential approach to provide a thorough understanding of all aspects of project-management theory and practice. Academic objectives of this program are mapped to A Guide to Project Management Body of Knowledge (PMBOK® Guide). MSISA students enrolled in this concentration will be taking advantage of the experience of the Project Management faculty in conjunction with MSISA faculty members who specialize in cyber security and information assurance. More importantly, the Project Management students establish a firm foundation in project management tools, techniques and practices. MSISA students are required to take two of the three Project Management concentration courses. The courses offer in-depth study, specifically addressing each project management process area from a project leadership perspective.

Project Management Seminars
GB 544Project Management Techniques, Tools and Practices6
GB 554Project Management Leadership, Communications and Teams6
or GB 564 Strategic Management in Project Management
Total Cr.12

Computer Forensic Investigation/Incident Response Team Management Concentration 

Computer Forensic Investigation/Incident Response Team Management Seminars
GI 551Computer Forensic Investigations6
GI 554Computer Security Incident Response Team Management6
Total Cr.12

Critical Infrastructure Protection and Cyber Crime Concentration

This concentration explores the nature of conflict in cyber space focusing on two major Internet-based threats to the U.S. national security: cyber terrorism and cyber crime, and the security of information in computer and communications networks within infrastructure sectors critical to national security. These include the sectors of banking, securities and commodities markets, industrial supply chain, electrical/smart grid, energy, transportation, communications, water supply, and health. The seminars in this concentration provide a risk management framework to help information leaders leverage the benefits of internet technologies while minimizing the risks that such technologies pose to their organizations. Special attention is paid to the risk management of information in critical infrastructure environments through an analysis & synthesis of assets, threats, vulnerabilities, impacts, and countermeasures. Critical consideration is given to the role of Supervisory Control and Data Acquisition (SCADA) systems in the flow of resources such as electricity, water, and fuel. 

Critical Infrastructure Protection and Cyber Crime Seminars
GI 556Cyber Crime6
GI 566Critical Infra. Protection6
Total Cr.12

Vulnerability Management Concentration

The basics of penetration testing constitute the core of this concentration. Students utilize a virtual lab to gain experience through hands-on lab exercises. Students learn to use the well-known open-source Metasploit computer security project to understand security vulnerabilities, study to use this tool for penetration testing, testing the control tools, and learn to conduct monitoring of an enterprise. Students are introduced to: system security and vulnerability analysis, the most common system exploits and vulnerabilities, system “pivoting” and client-side exploits. Students learn how to assess enterprise security controls and system vulnerability, and to document their findings. Students study the rules of engagement, and how to conduct legal and ethical security tests and vulnerability assessments using known open-source tools (Metasploit , John the Ripper, Wireshark) to understand security vulnerabilities as well as to use this tool for penetration testing, testing the control tools, and how to conduct monitoring of an enterprise. This concentration is designed for penetration testers, system security, and network administrators. 

Vulnerability Management
GI 562Vulnerability Management and Penetration Testing I6
GI 563Vulnerability Management II6
Total Cr.12

Cyber Law and International Perspectives on Cyber Space Concentration

This concentration presents a comprehensive overview of ethical issues, legal resources and resources, and public policy implications inherent in the evolving online society. Complex and dynamic state of the law as it applies to behavior in cyberspace is introduced, and the pitfalls and dangers of governing in an interconnected world are explored. Ethical, legal, and policy frameworks for information assurance are addressed. Various organizations and materials that can provide assistance to operate ethically and legally in cyberspace are examined. Topics include intellectual property protection, electronic contracting and payments, notice to consent from e-message receipts, non-repudiation and cyber crime, and the impact of ethical, moral, legal, and policy issues on privacy, fair information practices, equity, content control, and freedom of electronic speech using information systems. It also provides an overview of the issues surrounding transnational cyberspace policies, international investment strategies and implementation of communication and information technologies that affect the global economy and transforms the flow of information across cultural and geographic boundaries. The concentration examines various global governance frameworks, and organizations that shape and transform cyberspace such as the International Telecommunications Union, the World Bank Information and Communications Technology Sector, and the U.S. Federal Communications Commission. 

Cyber Law and International Perspectives on Cyber Space Seminars
GI 557Cyber Law6
GI 567International Perspectives on Cyberspace6
Total Cr.12

One-Week Residency

All degree candidates of the Master of Science in Information Security and Assurance are required to attend a one-week Residency Conference on the Norwich University campus, during which they may attend professional presentations, participate in roundtable discussions with faculty, and present papers. The one-week residency is a degree requirement.

Faculty Member Institution at which highest degree was earned
Martin J. Devine, MA, CISSP, CISM, CBCP Naval War College
Cris Ewell, PhD, CISSP, CISM Nova Southeastern University
Robert Guess, MSIA, CISSP, NSA-IAM, -IEM Norwich University
Dawn Hendricks, MSSE, CISSP Johns Hopkins University
Thomas Hendricks, MESCS, CISSP Loyola College (MD)
Rebecca Herold, MA, CISSP, CISM, CISA, FLMI University of Northern Iowa, Cedar Falls
Donald Holden, MBA, CISSP-ISSMP University of Pennsylvania
Christopher King, MS Carnegie Mellon University
John Mason, MBA, CISA, CISM, CFE, CFSSP, CFS University of Phoenix
Michael Miora, MA, CISSP-ISSMP, FBCI University of California, Berkley
Matthias Plass, MS University of Maryland, University College
George Silowash, MSIA, CISSP Norwich University
Ric Steinberger, MSME, CISSP Catholic University