Information Security Policy and Management

Study mode:On campus Study type:Full-time Languages: English
Local:$ 68.8 k / Year(s) Foreign:$ 68.8 k / Year(s) Deadline: Jan 10, 2025
28 place StudyQA ranking:7090 Duration:

Photos of university / #carnegiemellon

Advances in technology drive the success of modern organizations. With these advances comes an increasing cyber threat that must be adeptly managed by the organization. Our Master of Science in Information Security Policy and Management (MSISPM) program prepares future leaders to manage cybersecurity challenges through a strategic vision, utilizing not only technical defenses, but also leveraging sound risk management practices, deploying effective policy, and creating innovative ways to make the organization more resilient to threat and disruption.

Designated as a National Center of Academic Excellence in Information Assurance Education (CAEIAE), which is jointly sponsored by the National Security Agency and the Department of Homeland Security, Heinz College plays a vital role in advancing the state of the practice in cybersecurity.

Unique Features & Benefits

  • Access to CERT: MSISPM students can connect to the world-famous CERT—providing access to over 25 years of experience and knowledge in cybersecurity as part of CMU’s Software Engineering Institute—as well as cybersecurity leaders through the joint CERT/Heinz College Chief Information Security Officer (CISO) certificate program.
  • Managing Cyber Threats: As threats to digital information and privacy evolve, so must the technology manager. Our students channel their undergraduate and work experience—in areas such as accounting, engineering, computer science, and information technology—into a multi-disciplinary approach to managing cybersecurity.
  • Quantitative management and technology:  Our students establish themselves as valuable assets that can link management and technology in a collaborative approach to cybersecurity.
  • Innovation Driven: Students innovate in the world of cybersecurity by learning how to synthesize technical, managerial, financial, and policy considerations toward organizational solutions that improve mission assurance and organizational value.
  • Leadership development: Students advance their leadership potential by taking on unique cybersecurity roles and responsibilities in such areas as software assurance, security operations, security program management, knowledge management, and security analysis
  • Exceptional alumni and employer networks: Our graduates work in Fortune 500 companies, top consulting firms, government agencies, and across critical infrastructure sectors such as banking and finance, energy, and healthcare.

With a focus on analytical methods, technical foundations, management competency, and innovation, the skills you’ll gain from the MSISPM curriculum will equip you to define, execute, and implement effective security strategies and policies for any organization. The interdisciplinary nature of Carnegie Mellon allows you to focus your curriculum on the business, technology, strategy, policy, or risk management aspects of cybersecurity and information assurance.

Our curriculum is unique from other schools in that it helps student frame cybersecurity as a business problem, translating how cybersecurity and technology challenges affect the organization’s viability and resilience. We use a management and policy focus to help students understand and frame cybersecurity challenges in the real constructs and constraints of operating and growing an organization.

Below is the core curriculum for the MSISPM program which provides students with the foundations for success. From this core, students can branch out into more technical courses—such as those in network security analysis and forensics—or focus on management challenges—such as those in ethics, privacy, and policy—or a combination of both. Your curriculum will vary based on discussions you’ll have with your faculty advisors and program directors, all of whom will be there to guide your academic experience toward the role you want to play in cybersecurity.

Core Curriculum

Because of the multi-disciplinary nature of information security management, the core curriculum comprises a Security Core, a Management and Policy Core, and an Experiential Learning Core. Outside of these core courses, students also take a variety of different electives to round out their skills in specific areas.

Management and Policy Core

Management and policy core courses provide for development and application of managerial and analytical skills that are essential to meeting the challenges of information security management and policy development.

Course Number Course Title Units
94-700 Organizational Design and Implementation 6
94-702 Professional Writing 6
95-723 Managing Disruptive Technologies 12
95-710 Economic Analysis 6
95-718 Professional Speaking 6
95-760 Decision Making Under Uncertainty 6
95-796 Statistics for IT Managers 6
95-719 Accounting and Finance Foundations 6
  Total Management and Policy Core 54

Security Core

Security core courses are aimed at providing foundational knowledge of information security concepts and challenges and developing technical competency.

Course Number Course Title Units
94-806 Privacy in the Digital Age 6
95-752 Introduction to Information Security Management 12
95-755 Information Security Risk Management I 6
95-758 Network and Internet Security 12
95-748 Software and Security 6
95-749 Cryptography 6
95-743 Information Security Compliance and Training 6
95-744 Information Security Policy and Governance 6
  Total Security Core 60

Experiential Learning Core

Course Number Course Title Units
95-720 Information Security Project or Thesis 24
  Required Summer Internship  
  Total Experiential Learning Core 24

Featured Course: Introduction to Information Security Management
This course introduces you to material essential for effectively managing or consulting on an organization's computer and network security. Explore topics in: computer system vulnerabilities; effective cryptographic techniques and protocols; access control policies and mechanisms; and implications of security technology in the realm of risk management.

You'll learn how to design and implement computer security policies and standards, formulate disaster recovery plans, and analyze system security architectures and physical security controls. Additional material covers the legal aspects of computer system auditing in a secure environment, and how to structure the management of a site's computer security on a daily basis.

  1. Online Application Form
  2. Transcripts
  3. Standardized Test Scores (GRE or GMAT)
  4. English Language Proficiency (TOEFL or IELTS)
  5. Recommendations
  6. Résumé
  7. Required Essay
  8. Optional essay
  9. Video interview or video essay (optional, but strongly recommended). The submission of a video interview or video essay is extremely important for applicants to the MSISPM program, especially non-native English speakers or individuals unable to visit campus prior to the application deadline. The video interview is the preferred option for applicants to the MSISPM program.
  10. Verification Requirement (applicable only if you are admitted!)


  • MSISPM Program Scholarships
  • Scholarship for Service
  • Information Systems in the Community Program Fellowship
  • Heinz College Strategic Partners Scholarships
Similar programs:
Study mode:On campus Languages: English
Local:$ 85.9 k / Year(s) Foreign:$ 85.9 k / Year(s)
Deadline: Jan 15, 2025 8 place StudyQA ranking: 14532
Study mode:On campus Languages: English
Local:$ 23.2 k / Year(s) Foreign:$ 38.4 k / Year(s)
Deadline: Feb 15, 2025 401–500 place StudyQA ranking: 6020