Banner
Masters in Information Security and Assurance
Courses

About the Program

MSISA Home

Admission Requirements

Foundation Requirements

Testing Out of Foundations

Degree Requirements

ISA Course Descriptions

Pre-approved Electives

Advising

Plan Of Study Form

Plan Of Study Form (with concentration)

Plan Of Study Form (pre Fall 2010 )

Self Evaluation Form (MS-word)

Accelerated BS-MSISA

For GMU CS students

For GMU IT students

Graduate Certificates

ISA

ISA course descriptions are also listed in the University Catalog

Graduate Courses

ISA 522 Information Security Essentials (3:3:0). Prerequisites: An introductory information systems class or permission of instructor. Course covers basic concepts and techniques in applied information security. Begins introducing the student to basic concepts of security including confidentiality, integrity, availability, and current concerns of anonymity, privacy and safety of web-based transactions, forensics investigations etc. Also covers the main safeguards available in security such as authentication, authorizations, and network security, and shows how these techniques are applied to the concerns of business, health care, nursing, sociology and law. This course does not count for MS programs in the Computer Science Department.
ISA 562 Information Security Theory and Practice (3:3:0). Prerequisites: INFS 501, 515, 519, and SWE 510; or permission of instructor. This course is a broad introduction to the theory and practice of Information Security. It serves as the first security course for the MS-ISA degree and is required as a pre-requisite for all subsequent ISA courses (at the 600 and 700 levels). It also serves as an entry level course available to non-ISA students, including MS-CS, MS-ISE and MS-SWE students.
ISA 563 Fundamentals of Systems Programming (3:3:0). Prerequisites: An intermediate programming language course or permission of instructor. Introduces systems and network programming for UNIX and Windows using lectures and hands-on labs. Covers ANSI C programming, system libraries and APIs, forking and threads, interprocess communications, synchronization, Windows API, and code debugging.
ISA 564 Security Laboratory (3:3:0). Prerequisites: INFS 501, 515, 519, and SWE 510. This course provides hands-on experience in configuring and experimenting with commodity networked systems and security software in a live laboratory environment, with the purpose of understanding real-world security threats. This course will take both offensive and defensive approaches and expose students to a variety of real-world attacks, including viruses, worms, rootkits, and botnets. Possible mitigation and defending mechanisms such as firewalls and intrusion detection software will also be covered.
ISA 640 Programming Language Security (3:3:0). Prerequisites: CS 540 and ISA 562. This course describes language-based techniques to provide security for executing code. Topics include a discussion on the need for and the advantages of language based security, security principles and properties, memory and type safety, encapsulation and access control, certifying compilers and their verification methods, security types and information flow, and applying programming language-inspired techniques to enforce security in the semantic-web based languages.
ISA 650 Security Policy(3:3:0). Prerequisites: ISA 562 or permission of instructor. Focuses on security policy and its management for information systems having national and international connectivity. Issues include legal, international, cultural, and local factors. Students are expected to participate regularly in presenting material, in discussion of recent security issues, and by writing short papers on major current issues.
ISA 652 Security Audit and Compliance Testing (3:3:0). Prerequisites:ISA 562 or ISA 522 or permission of instructor. Presents the fundamental concepts of the IT-security audit and control process that is being conducted in a plethora of environments, including government, the financial industry, and the healthcare industry. The goal of this course is to enable the students to structure and perform audits based on the specifications of Sarbanes-Oxley, HIPAA, and FISMA audit programs. Covers all the CISA certification requirements in depth. Students completing the course are encouraged to attempt the certification exam on their own.
ISA 656 Network Security (3:3:0). Prerequisites: ISA 562 and CS 555; or permission of instructor. This course is an in-depth introduction to the theory and practice of Network Security. It assumes basic knowledge of cryptography and its applications in modern network protocols. The course studies firewalls architectures and virtual private networks and provides deep coverage of widely used network security protocols such as SSL, TLS, SSH, Kerberos, IPSec, IKE, and LDAP. It covers countermeasures to distributed denial of service attacks, security of routing protocols and the Domain Name System, Email security and spam countermeasures, wireless security, multicast security and trust negotiation.
ISA 673 Operating Systems Security (3:3:0). Prerequisites: CS571 and ISA 562; or permission of instructor. This course covers both fundamentals and advanced topics in operating system (OS) security. It will study OS level mechanisms and policies in investigating and defending against real-world attacks on computer systems, such as self-propagating worms and large-scale botnets. Basic OS security techniques such as logging, system call auditing, and memory protection will be discussed. Recent advanced techniques such as honeypots and honeyfarms, system randomization, vulnerability fingerprinting, and virtualization will also be introduced.
ISA 674 Intrusion Detection (3:3:0). Prerequisites: ISA 562 and 656; or permission of instructor. Studies methodologies, techniques, and tools for monitoring events in computer system or network, with the objective of preventing and detecting unwanted process activity and recovering from malicious behavior. Topics include types of threats, host-based and network-based information sources, vulnerability analysis, denial of service, deploying and managing intrusion detection systems, passive vs. active responses, and designing recovery solutions.
ISA 681 Secure Software Design (3:3:0). Theory and practice of software security, focusing in particular on some common software security risks, including buffer overflows, race conditions and random number generation, and on the identification of potential threats and vulnerabilities early in the design cycle. The emphasis is on methodologies and tools for identifying and eliminating security vulnerabilities, techniques to prove the absence of vulnerabilities, and ways to avoid security holes in new software and on essential guidelines for building secure software: how to design software with security in mind from the ground up and to integrate analysis and risk management throughout the software life cycle.
ISA 697 Topics in Information Security (3:3:0). Prerequisite: permission of instructor. Special topics in information security and assurance not occurring in regular ISA sequence. May be repeated for credit when distinct offerings of course differ in subject.
ISA 763 Security Protocol Analysis (3:3:0). Prerequisites: ISA 656. This course teaches how to design, understand, verify and test communication protocols so that they meet their objective: recognize the basic components of a communication protocol, specify security properties accurately, model actors and mal-actors against which a protocol ought to be secure, discuss verification methods and their limitations in ensuring that the specified protocol satisfies stated security objectives in the presence of intended mal-actions, design a medium-sized protocol that satisfies a specification of requirements, use existing tools to specify and verify security protocols and test protocols for satisfying their security objectives.
ISA 764 Security Experimentation (3:3:0).. Prerequisites: ISA 562, 564, and 674. This course teaches how to conduct security experimentations and how to empirically demonstrate, validate and evaluate security vulnerabilities, exploits and defense mechanism. By the end of the course, students will gain deeper understanding and first hand experiences on: capturing packets of interests from both wired and wireless networks; and replying interested network flows; how shellcode works; how various buffer overflows work; how worm, spyware, rootkit, botnet work; how anonymous communication works; and how traceback works.
ISA 765 Database and Distributed Systems Security (3:3:0). Prerequisite: INFS 614 and ISA 562; or permission of instructor. Science and study of methods of protecting data: Discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases, security of databases in a distributed environment, statistical database security, and survey of commercial systems and research prototypes.
ISA 767 Secure Electronic Commerce (3:3:0). Prerequisites: ISA 562 and 656; or permission of instructor. Cryptography review, cryptographic protocols, secure electronic transactions, public key certificates and infrastructures, authentication and authorization certificates, secure credential services and role-based authorization, mobile code security, security of agent-based systems, electronic payment systems, intellectual property protection, secure timestamping and notarization.
ISA 796 Directed Readings in Information Security (3:3:0). Prerequisite: Graduate standing in information systems with at least 12 prior credit hours in M.S. Research and analysis of a contemporary problem in information security. Prior approval is required by a faculty sponsor who supervises the student's work. Written report or thesis proposal is required. A maximum of 6 hours may be earned. (In order to register, the student must complete an independent study form, which is available in the department office. The form must be initialed by the faculty sponsor and approved by the department chairman.)
ISA 797 Advanced Topics in Information Security (3:3:0). Prerequisite: Permission of instructor. Special advanced topics not occurring in the regular ISA sequence. May be repeated for credit when distinct offerings of the course differ in subject.
ISA 798 Research Project (3:3:0). Prerequisite: 18 hours of credit applicable towards M.S. Research project chosen under the guidance of a full-time graduate faculty member, resulting in a written technical report. Prior approval required by a faculty sponsor who supervises the student's work. (In order to register, the student must complete an independent study form, which is available in the department office. The form must be initialed by the faculty sponsor and approved by the department chairman.)
ISA 799 Thesis (6:3:0). Prerequisite: 18 hours of credit applicable toward M.S; or permission of instructor Original or expository work chosen and completed under supervision of graduate faculty member, which results in technical report accepted by three member faculty committee. Report must be defended in oral presentation. (In order to register, the student must complete an independent study form, which is available in the department office. The form must be initialed by the faculty sponsor and approved by the department chairman.)