The curriculum for the Fox Master of Science in IT Auditing and Cyber-Security is designed to deliver both a breadth of expertise in the industry as well as a depth of specialized knowledge. That’s why the program features a core curriculum with broad-based courses in protecting information and security, follows with courses that concentrate in one of two specialization tracks, and then finishes with a project-based CISA or CISSP preparatory capstone course.

Specific questions about courses or the program’s curriculum? Get answers from a member of the IT Auditing and Cyber-Security department.

Contact Us

Curriculum

Core Courses
IT Governance

Understanding how IT organizations are structured and managed is essential to effective IT auditing. In this course, students will learn how IT organizations are managed, issues that have the potential to make IT management challenging, and how strategic planning is performed within IT organizations. A number of tools, techniques, and frameworks like COBIT that help make the auditor effective in this environment will also be discussed.

Protection of Information Assets

Information is an organization’s most precious asset. Inadvertent disclosure of sensitive information can have significant operational and financial impact on the organization. Loss of information or access to it can also have serious adverse impacts on the organization. In this course, students learn the importance of managing the information assets of the organization including business continuity, disaster recovery, and logical IT security, physical, and environmental security.

Security Architecture

Examines the methodology by which an organization aligns its business strategy with its security operations. Both current and desired future states of security efforts will be described so that students may learn which resources to direct to supporting the business through the most-needed security efforts.

Business Skills for IT Professionals

In this course students practice a variety of business skills that are necessary to be effective as an ITACS professional (e.g. IT Auditor, Information Security Analyst, Cyber Security Analyst). These skills include managerial communications and public speaking skills, interviewing skills, negotiation and personal selling skills, business writing, industrial psychology and behavioral science skills, project/time management and team building skills. The course is delivered through a series of workshops and simulations and include observations of business practices at host IT companies. The practicum will be scheduled for fall (1.5 credits) and spring (1.5 credits) semester to allow for optimal development of business skills.

IT Audit Courses
IT Audit Process

This course introduces students to the essential concepts of IT auditing. Students will learn standards and guidelines for performing an IT audit. Topics will include concepts of internal controls. Students will learn to plan and manage an audit as well has how to report on evidence collected during the audit.

Enterprise Resource Planning Systems

This course introduces students to the essential concepts of an Enterprise Resource Planning (ERP) system, e.g. SAP. The course looks at how a business’ key transactions are executed and accounted for in an ERP. Students will learn how transaction processing transform data for management analysis and legal entity reporting, and gain an understanding of Information system and accounting controls to assure confidentiality, integrity and authenticity.

Systems and Infrastructure Lifecycle Management

This course introduces students to the methods used as organizations builds an enterprise information system architecture within an environment of internal control. Topics include information system planning, management and usage, the development, acquisition and maintenance of these technologies and their impact on the organization’s business processes.

IT Service Delivery and Support

This course examines the operational aspects of an IT organization and how it delivers on its value proposition while assuring the IT infrastructure provides a reliable and secure platform for applications. Students learn about service center management and how teams are utilized to deliver value to the organization.

Data Analytics for IT Auditors

This course examines the emerging approach of continuous-audit through data analysis automation within audit and security controls. Students learn and apply security data analysis concepts in the context of practical security and audit problems.

Business Skills for IT Auditors

In this course students practice a variety of business skills that are necessary to be effective as an ITACS professional (e.g. IT Auditor, Information Security Analyst, Cyber Security Analyst). These skills include managerial communications and public speaking skills, interviewing skills, negotiation and personal selling skills, business writing, industrial psychology and behavioral science skills, project/time management and team building skills. The course is delivered through a series of workshops and simulations and include observations of business practices at host IT companies. The practicum will be scheduled for fall (1.5 credits) and spring (1.5 credits) semester to allow for optimal development of business skills.

IT Auditing Capstone

In this course students are given the opportunity to demonstrate the capabilities they have gained throughout the ITACS program through case studies and role-playing exercises. Students explore a comprehensive case study which exposes them to each of the CISA domains covered in the curriculum.

Cyber-Security Courses
Operating System Security

This course introduces students to operating system security and tools to secure operating systems. Methods of securing operating systems are explored in theory and through hands on exercises securing Linux and Microsoft Windows based computers and information systems. Knowledge of and experience with computer programming is required.

Network Security

This course helps students understand information security controls over wide area and local area communication networks. Students learn about network operations practices and control software for authorizing and restricting access, audit trails, access monitoring, balancing workloads, encrypting data traffic and restricting access to sensitive devices and services.

Organizational Forensics

This course introduces students to the field of cyber forensics and how technology and law interact to form this forensic science. Students learn about investigating digital data, gathering evidence relating to criminal or other legal events/incidents, preserving evidence and documenting findings which may be used in court.

Securing the Digital Infrastructure

This course introduces students to methods for securing information system components supporting an organization’s computer infrastructure. Network, firewall, and basic operating system security issues are explored through conceptual and hands-on in-class and homework exercises. Knowledge of and experience with computer programming is required.

Introduction to Ethical Hacking

This course introduces student to the hacking strategies and tactics used by ethical or “White Hat” hackers. Methods of vulnerability exploitation to be used primarily in the process of security penetration are explored in theory and in hands on exercises. The course requires simple programming using Open Source scripting languages and hacking tool kits. For that reason, knowledge of and experience with computer programming is required

Penetration Testing

This introduces student to penetration testing methods of vulnerability assessment and exploitation as a means to identify areas requiring improved security and develop recommendations for improvements. Ethical, business governance and legal implication of penetration testing are examined as students gain a practical understanding of how penetration tests are conducted through laboratory-based exercises.

Intrusion Detection and Response

This course examines tools and techniques that enable businesses to work as secure as possible. Students learn techniques for preventing attacks, quickly identifying successful attacks, detecting advanced persistent threats and monitoring systems activity to deter intrusions.

Cyber-Security Capstone

This course helps students review what they have learned and gain an integrated understanding of the eight cyber security knowledge domains while preparing to pass the CISSP exam. Students conduct a practical research project focused on an emerging topic in the field of information systems security.

Elective Courses
Special Topics

Special topics in current developments in the field of information systems security.

Independent Study

This course enables the student to work under the guidance of an instructor and focus on an information systems security topic of interest.

Systems and Infrastructure Lifecycle Management

This course introduces students to the methods used as organizations builds an enterprise information system architecture within an environment of internal control. Topics include information system planning, management and usage, the development, acquisition and maintenance of these technologies and their impact on the organization’s business processes.

Timeline & Schedule

The Master of Science in IT Auditing and Cyber-Security offers the option to pursue your degree on a full-time or part-time basis. Two program start dates deliver additional flexibility to support your personal and professional goals.

Program Start
Multiple entry points:
Fall semester (August)
Spring semester (January)

Course Times
Full-time students enroll in daytime courses on weekdays; part-time students take weekend or weekday evening courses.

Program Duration
Full-time students may complete the program in one year; part-time students may complete the program in as little as one and a half years or flex to suit their schedules.

Capstone Course
All students complete the capstone course, which is based around a research project and features built-in study modules for the CISA or CISSP exam.