Information Security Leadership

The information security industry is high stakes and always changing. There is immense responsibility to protect information in an ever-changing landscape of cyber security risk, and leaders know that an event could be catastrophic to companies, customers, and careers.  

A Brandeis MS in Information Security Leadership empowers you with the confidence of a top-tier master’s to lead through any cybersecurity challenge, and to influence decisions for risk prevention.

Build your leadership savvy and skill in leveraging technical know-how as you learn alongside cybersecurity leaders from many industries. In small seminar-style classes with no more than 12 students, your exposure to cyber security threats of all kinds will be significantly expanded.

The program will equip you to:

• Develop a business case for investing in cybersecurity and risk management.
• Inform and influence senior executives to commit to obtaining and maintaining this investment.
• Oversee the planning, acquisition and evolution of secure infrastructures.
• Assess the impact of security policies and regulatory requirements on complex systems and organizational objectives.

• Topics covered: Fundamental security technologies and concepts in the areas of access control, cryptography, telecommunications and network security, application development security, and physical (environmental) security
• Skills gained:
  • Categorize security attacks, threats, and vulnerabilities
  • Analyze access control models and differentiate among authentication methods such as passwords, tokens, and biometrics
  • Assess and illustrate encryption processes
  • Identify, manage, and defend against IT network threats and vulnerabilities
  • Identify and analyze software-related threats and vulnerabilities

• Topics covered: Security strategy and execution plans; security operations; security architecture and design; information security governance and risk management; business continuity and disaster recovery planning; topics in legal, regulations, investigations and compliance
• Skills gained:
  • Evaluate security controls and operations; create sustainable operational security
  • Evaluate security policies, procedures, baselines, and guidelines
  • Develop strategies for assessing risks, perform risk analysis and tradeoff analysis
  • Analyze business continuity strategies and disaster recovery plans
  • Assess the role of laws, regulations, and compliance in the context of security and privacy protection

• Topics covered: Vulnerabilities and countermeasures; disaster recovery planning; risk assessment; security policies and procedures; testing and rehearsals; recovery to insure continuity
• Skills gained:
  • Build an incident response plan that addresses preparation, organization, prevention, detection, notification, reaction, recovery, and maintenance
  • Build a disaster recovery plan that addresses preparation, implementation, operation, and maintenance.
  • Assess enterprise-level risks related to disaster recovery
  • Develop disaster recovery policies and procedures
  • Prepare a business continuity plan addressing preparation, implementation, operation, and maintenance

• Topics covered: Information security risk assessment frameworks; communication of risk data; quantifying uncertainties related to business decisions about information security
• Skills gained:
  • Assess the relationship between risk management and business & information security
  • Analyze US and international legal/regulatory obligations and their impact on risk management practices
  • Perform practical risk assessments and quantify uncertainties of business decisions
  • Apply assessment methodologies and describe their outcomes

• Topics covered: Cost vs. risk balancing; risk-based decision-making; administrative and technical methods for security, privacy, and compliance; privacy regulations and IT compliance; soft skills essential for information security executives
• Skills gained:
  • Evaluate an enterprise’s posture on the drivers for information security, privacy, and compliance
  • Develop a risk-based approach to information security, privacy strategies, and a compliance regime
  • Analyze threats to security and privacy and identify methods, tools, and techniques to remedy the threats
  • Write effective security policies
  • Assess current privacy and compliance regulations and future directions
  • Build effective security, privacy, and compliance practices that address personnel and budgetary issues

• Topics covered: C-Suite and Board communication  strategies and skills; security risk management and data privacy; IT policy and regulatory matters; budget and financial impact analysis; qualitative and quantitative risk metrics
• Skills gained:
  • Express and translate complex matters clearly, writing and presenting to executives or Board audiences with the appropriate professional and persuasive communications
  • Provide critical assessment of IT security needs within an organization and convey solutions with budget context and requirements
  • Assess key success factors in assembling and leading risk analysis and risk management teams
  • Articulate generally accepted IT risk management and audit practices