Curriculum

ISP 380 Introduction to Information Security and Privacy

Foundational concepts exploring the wide range of disciplines critical to successful of information security and privacy with topics including data inventory characterizations, information architectures, information valuation, classifications, CIA triad, threats, liabilities and risk management, identity and access controls (IAM), business continuity, zero trust frameworks, encryption, digital signatures; and network, web, software and cloud security; incident detection, classification and response, and privacy laws, regulations and public policy.  

Students will learn about people, process and technology vulnerabilities, threats and solutions.  State-of-the-practice and emerging technology including the use of AI as a tool by attackers and as a solution by organizations and individuals for improved security and privacy. 

Students gain hands-on experience via a semester-long project employing concepts learned in real-world scenarios.

ISP 381 Information Security & Privacy in Society

This course explores how information is social, contextual, and contested, considering how conceptions of privacy, ownership, and security change throughout history and differ from place to place. Students will explore the socio-technical nature of information and information practices, and their effects on how communities develop norms that shape what is shared, what is protected, and the differing boundaries that govern and structure information flows.

The course investigates contemporary information landscapes as shaped by digital technologies and ubiquitous data collection. Particular emphasis is placed on regimes of data accumulation and capitalization, as well as novel data scientific technologies and artificial intelligence as drivers of new information behaviors and as forces reshaping societal norms of privacy and trust. Students analyze how data systems reconfigure our expectations of privacy and information, and how those processes intersect with policy, ethics, identity, and behavior.

Throughout the semester, learners assess personal, technological, community, and organizational information dynamics in an era of algorithmic decision-making. Case studies and discussions help students evaluate emerging challenges and opportunities, preparing them to navigate and critique the evolving relationship between privacy, information, society, and emergent, often AI-driven, technologies.

ISP382D Data Governance for Information Security and Privacy

This course provides a comprehensive exploration of data and AI governance as foundational components of information security, privacy, compliance, and ethical practice. Students examine the theories, frameworks, and standards that shape how organizations manage data lifecycles, lineage, provenance, metadata, and stewardship, ensure responsible use of trustworthy AI systems, and maintain digital trust in an increasingly complex environment.

Through case studies and hands-on analysis, the course investigates both technical and human dimensions of information risk management. Learners assess pervasive and emerging data risks, ranging from data quality, anonymization, and vulnerabilities introduced by modern data architectures, MLOps pipelines, and adversarial AI attacks. Emphasis is placed on understanding how AI-enabled automation, social engineering (e.g., deepfakes, synthetic identities), and agentic hacking amplify the need for rigorous governance, transparency, and accountability.

Students engage with real-world regulations, controls, and governance standards used to safeguard information assets, including the NIST AI Risk Management Framework, enterprise data management & governance practices, and red teaming as part of holistic and continuous assurance. By the end of the course, they will be equipped to evaluate risk, design governance mechanisms, and implement organizational policies that uphold security, privacy, resilience, and ethical responsibility.

ISP 382P Public Policy and Law Governing Information Security and Privacy

Provides a comprehensive overview of the key tenets of public policy, their significance, and their influence on lawmaking and enforcement related to information security and privacy. Students will develop an understanding of the core principles of public policy, as well as the methods individuals and organizations use to shape public policy at the state and federal levels. 

The course is designed to introduce the concept of public policy and then place it within the context of information security and privacy, covering contemporary topics including the impact and opportunities of AI in this field. 

The course provides instructor-led content, integrated with guest lectures by subject-matter experts in public policy, AI, information security, privacy, and fraud prevention. Topics include legal requirements, corporate responsibilities, and social responsibilities related to data protection and the prevention of various types of fraud and information crimes.

ISP 383 Business Governance and Controls for Information Security and Privacy

Students learn to govern and control the complex cybersecurity, privacy, and IT risks organizations face in an era increasingly shaped by artificial intelligence (AI) and intelligent automation technologies.

Students begin by building a solid foundation in governance and control of digital risks through established frameworks such as NACD, COSO, COBIT, NIST CSF, AICPA GAPP, and SOC audits. Building on this base, students explore how emerging technologies—including robotic process automation (RPA), process mining, AI, machine learning (ML), generative AI (GenAI), Internet of Things (IoT), blockchain, and brain computer interfaces (BCI)—introduce new and evolving risk landscapes. Students also analyze leading-edge frameworks like MITRE’s ATLAS and explore innovative risk mitigation techniques at the intersection of AI, cybersecurity, privacy, and ethics. Special attention is given to privacy-enhancing technologies and ethical decision-making frameworks that help address the novel challenges posed by intelligent systems, such as autonomous vehicles and smart cities.

The course is delivered through an active, participant-centered learning approach—including brief lectures, guest lectures, interactive case discussions, simulations, and in-class group exercises. This course equips students to develop enterprise-wide strategies for secure, ethical, and compliant digital transformation; and lead responsibly and effectively in a digitally driven world. The course is well-suited for students pursuing careers in IT management; cybersecurity and privacy consulting; data governance, data engineering and privacy engineering; AI security, AI Ethics, and AI-driven digital risk management; IT audit, IT security, and enterprise IT risk management; and digital strategy.

ISP 384 Strategic Communication for Information Security and Privacy

Examines how strategic communication shapes perceptions of information security, privacy, and organizational risk. Students explore how messages are framed for different audiences, how communication choices influence behavior and trust, and how effective planning supports business continuity during crises. Emphasis is placed on understanding the psychological and organizational dynamics that drive sense-making in moments of uncertainty.

As AI becomes a central component of modern security environments, the course also investigates how automated systems, AI-generated content, and algorithmic decision-making influence crisis communication. Students analyze both the opportunities AI provides—such as rapid threat detection and streamlined messaging—and the risks it introduces, including misinformation, bias, and erosion of public trust. Discussions highlight how communication strategies must evolve to address AI-related incidents and maintain clarity amid accelerated information flows.

Through case studies, simulations, and practical exercises, learners develop skills in crisis response, time management, stakeholder messaging, and reputation protection. By the end of the course, students will be prepared to craft effective communications that support organizational resilience and uphold privacy and security in an era shaped by AI.

ISP 385 Information Risk and Benefit Analysis

An examination of the risks and benefits associated with information use across major sectors—including financial services, healthcare, consumer industries, government, education, and energy—with particular attention to the growing influence of artificial intelligence and cyber risk. The analysis considers how these domains collect, manage, and deploy information, as well as the distinct vulnerabilities, operational dependencies, and strategic opportunities that emerge in environments shaped by digital transformation.

Students evaluate sector-specific regulatory landscapes, technological infrastructures, and information-governance practices to understand how data can simultaneously advance organizational objectives and introduce significant exposure to security and privacy threats. Special emphasis is placed on AI-driven analytics and their implications for cyber risk assessment, including the expanding role of cyber risk modeling in insurance underwriting and the challenges of quantifying losses in increasingly interconnected systems.

Through comparative and applied analysis, the course highlights patterns, divergences, and emerging issues in information stewardship, offering a comprehensive view of how organizations across sectors manage data-driven benefits while mitigating evolving cyber and AI-related risks.

ISP 386 Information Security

Designed to help MSISP students achieve a foundational understanding of information security theory, concepts, and practical applications, this course helps to prepare them for leadership roles in protecting sensitive information assets. Students explore the people, processes, and technologies supporting modern cybersecurity programs, including the dual role of AI as both a defensive tool and emerging attack vector. Students will leave the course with a solid understanding of information security history, contemporary threats and challenges, methods and architectures for successful cybersecurity programs across sectors, and the skills for governing strategic enterprise security programs. This course combines theoretical frameworks with practical readings and exercises, encompassing both technical and non-technical security concepts and practices.

The course employs an active learning approach combining lectures, technology demonstrations, class discussions, and hands-on exercises. Students examine real-world case studies, read information security related books, participate in technology reviews of current security tools and AI-related technologies used in both defensive and offensive operations, and engage in collaborative group exercises. The course structure allows flexibility for students to customize their learning objectives based on their backgrounds and career goals. Students with extensive technical backgrounds are expected to push themselves to improve their management, leadership, and/or technical skills in the direction they choose, while students new to information security are pushed to ramp up on the skills they need to successfully start down the information security path. All students are expected to help and challenge each other to improve.

Assessment in this class balances individual exploration with collaborative learning. Students complete a customized semester learning plan aligned with their career 

ISP 387 Information Management and Repositories

Explores the principles and practices of managing information across its lifecycle, from collection and storage to retrieval, mining, and operational use. Students examine knowledge and data management frameworks, the structure of large-scale repositories, and the ways information is represented, organized, and protected. Core topics include storage architectures, data quality, and the vulnerabilities that lead to breaches and loss of trust.

The course places significant emphasis on the role of algorithms and artificial intelligence in modern information systems. Students investigate how AI enhances data mining, classification, and pattern detection, enabling more efficient enrollment, authentication, and decision-making processes. At the same time, they assess the risks associated with AI-driven analytics, including bias, overfitting, and the security implications of automated data pipelines.

By analyzing applications across market sectors—such as finance, healthcare, retail, and government—learners evaluate how information repositories support fraud detection, fraud prevention, and real-time operational needs. Through case studies and practical exercises, students develop the skills needed to design, manage, and audit information systems that balance utility, privacy, and security in an AI-driven world.

ISP 388L Professional Experience and Project

Study of a practical problem, current phenomenon, or professional issue in an institutional setting. Conference course. Offered on the credit/no credit basis only.