ST8113

This course provides students with a practitioner-grounded framework for managing information security across an organization. Covers cybersecurity governance structures, risk identification and treatment, and the application of established risk frameworks including the NIST Cybersecurity Framework, ISO/IEC 27001 and ISO/IEC 42001, CIS, SOC 2, COBIT and others. Examines the development and enforcement of security policies and compliance programs responsive to federal, state and local regulatory requirements. Addresses security operations management, incident detection and response, and coordination with law enforcement and regulatory agencies following a cyber event. Introduces digital forensics methodology, including evidence preservation, chain of custody, and investigative reporting. Emphasizes translating technical risk into organizational decision-making for students pursuing leadership roles in information security.

In addition to MSST grad students this course is also open to non-ST graduate students and non-degree graduate students who may register with permission/consent from the ST program (DGS, DGSA or teaching faculty).

004120

Every Spring