Addressing the need for leadership in cybersecurity

Master of Science in Cybersecurity

Started in the fall of 2020, the Master of Science in Cybersecurity degree program incorporates real-world engagement, cybersecurity theories, and hands-on experiences for a rich educational platform to prepare for a higher-level of application and management of solutions in the cybersecurity landscape. Coursework includes activities with UMA’s Maine Cyber Range, an academic and research operation that will bring together students and faculty in counterattacking simulated cyber attacks. Students pursuing graduate education will also have opportunities to interact with numerous public and private entities.

Program Admission

To be considered for admission to the Masters program, all applicants must submit the following items:

  1. The UMA Graduate Application.
  2. Essay stating the reasons for pursuing this degree, professional goals, and how this degree will contribute to these goals. Applicants submitting all of the above listed required items will be holistically reviewed and may be invited to participate in a mandatory interview with program faculty prior to an admission decision. (Attach to the online application).
  3. Evidence of a Baccalaureate degree from a regionally accredited institution. Transcripts from all colleges or universities attended, excluding the seven campuses of the University of Maine System. (Follow instructions on application).

Student Learning Outcomes

At the completion of the course, the student should be able to:

  • Describe the fundamental concepts of the cyber security discipline;
  • Describe potential system attacks and the actors that might perform them;
  • Describe cyber defense tools, methods and components and apply cyber defense methods to prepare a system to repel attacks;
  • Describe appropriate measures to be taken should a system compromise occur;
  • Define the principles of cybersecurity and describe why each principle is important to security and how it enables the development of security mechanisms that can implement desired security policies;
  • Analyze common security failures and identify specific design principles that have been violated;
  • Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms;
  • Describe the basic security implications of modern computing environments;
  • Understand the Federal, State and Local laws and regulations relating to cybersecurity

Student Learning Outcomes
At the completion of the course, the student should be able to: Have the ability to know how to conduct valid, reliable, and ethical research.

Objectives:

  • Describe qualitative research methods
  • Describe quantitative research methods
  • Describe mixed-methods research methods
  • Describe Design Science Research (DSR) methods
  • Explain the steps in conducting research
  • Describe a literature review
  • Explain data collection methods and analysis techniques
  • Describe valid and reliable research
  • Describe ethical research and required documentation
  • Describe research outcome communication and target audiences

Subjects:

  • What is qualitative research?
  • What is quantitative research?
  • What is mixed-methods research?
  • What is DSR research?
  • How is research conducted?
  • What is a literature review?
  • Why is a literature review important?
  • How is research data collected?
  • How is research data analyzed?
  • What does valid research mean?
  • What does reliable research mean?
  • What is ethical research?
  • Why is ethical research important?
  • How is research communicated?
  • What does target audience mean?

At the completion of the course, the student should be able to:

  • Describe risk management and its role in the organization;
  • Analyze the role of teams, team building, and facilitation within a cyber security project;
  • Compare the Waterfall and Agile project management approaches;
  • Use common project management tools, such as Gantt/Pert charts and Serums frameworks;
  • Analyze common security failures and identify specific design principles that have been violated;
  • Given a specific scenario, students will be able to identify the needed design principle;
  • Compare the interaction between security and system usability and describe the importance for minimizing the effects of security mechanisms;
  • Explain strategic organizational planning for cybersecurity and its relationship to organization-wide and IT strategic planning;
  • Defend the role of effective communications and discuss· the related skills central to a cyber security project;
  • Evaluate the impact of cultural differences, global issues, processes and trends in developing sustainable cyber security projects;
  • Identify the key organizational stakeholders and their roles;
  • Describe the principal components of cybersecurity system implementation planning;
  • Identify requirements and create plans for Business Continuity I Disaster Recovery

At the completion of the course, the student should be able to:

  • Understand, apply, and evaluate the ethical and legal handling of information security in today’s IT environment;
  • Understand and create organizational goals for ethical information security;
  • Understand, implement, and evaluate the efficacy of applicable laws and policies related to cyber defense and describe the major;
  • Diagram, implement, and assess the governance of components pertaining to the network and transmission security, storage, and maintenance of data;
  • Illustrate and design organizational mapping responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues;
  • Describe, analyze, and critique how types of legal disputes (civil, criminal, private) affect the evidence used to resolve incidents;
  • Determine the factors involved in developing an ethical information security strategy;
  • Identify common attacks and describe how to safeguard against them;
  • Describe a common ethical hacking methodology to carry out a penetration test;
  • Identify and describe a comprehensive enterprise information security program;
  • Demonstrate, discriminate, and devise programs to accelerate ethical behavior appropriate to security-related technologies

At the completion of the course, the student should be able to:

  • Describe the key concepts in network defense (defense in depth, minimizing exposure, etc.);
  • Explain how network defense tools (firewalls, IDS, etc.) are used to defend against attacks and mitigate vulnerabilities;
  • Develop, analyze, and evaluate how security policies are implemented on network to protect enterprise data;
  • Evaluate how various network operational procedures could improve or reduce network security;
  • Describe different types of network attacks, their characteristics, and their countermeasures;
  • Describe how risk relates to an enterprise network security policy;
  • Evaluate and categorize risk with respect to technology, individuals, and the enterprise, and recommend appropriate responses;
  • Develop and assess the effectiveness of a network security program, identifying goals, objectives and metrics;
  • Analyze problems, recommend solutions, products, and technologies to meet business objectives;
  • Recommend best security practices to achieve stated business objectives based on risk assumptions;
  • Actively protect information technology assets and infrastructure from external and internal threats;
  • Monitor systems for anomalies, proper updating, and patching;
  • Assist In Incident responses for any breaches, Intrusions, or theft;
  • Evaluate and perform planning, testing, and Implementation of software and hardware deployed;
  • Describe and evaluate personnel security planning as it pertains to network management

At the completion of the course, the student should be able to:

  • Examine how the internet is used for cybercrime, cyber-stalking, and other abusive behaviors;
  • Evaluate the effectiveness of applications of cybersecurity in preventing crime and abuse;
  • Discuss the rules, laws, policies, and procedures that affect digital forensics;
  • Use one or more common DF tools, such as EnCase, FTK, ProDiscover, X ways, SleuthKit;
  • Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings;
  • Describe methods for the acquisition/analysis of widespread, non-PC devices;
  • Explain the legal issues related to non-PC device forensic activities;
  • Describe what can/cannot be retrieved from various Operating Systems;
  • Describe the methodologies used in host forensics;
  • Describe the methodologies used in network forensics;
  • Analyze and decipher network traffic, identify anomalous or malicious activity, and provide a summary of the effects on the system

At the completion of the course, the student should be able to:

  • Apply technical knowledge and critical thinking skills to plan and implement effective database and application security;
  • Describe and implement the use of database management systems and software to control the organization, storage, retrieval, security~ and integrity of data;
  • Use theoretical concepts of secure database and application design, defense in-depth knowledge, and cybersecurity operation skills to protect enterprise information and assets;
  • Carry out research on new database and application security technologies to develop methods to detect and respond to emerging threats;
  • Understand fundamentals and state of the art of today’s cyber technology In order to assess vulnerabilities of database and application design and implementations;
  • Study commonly used cybersecurity tools and acquire hands-on experience through directed exercise;
  • Describe the synthesis of data and information for risk (vulnerability) assessment for the cyber infrastructure;
  • Integrate evidence-based practice into system reviews to design, implement, and evaluate database and application security;
  • Design and implement access control rules to assign privileges and protect data in databases;
  • Describe and implement various access control theories and techniques including mandatory access control, discretionary access control, role-based access control

At the completion of the course, the student should be able to:

  • Describe the laws that provide US entities the authority to perform cyber operations;
  • Identify specific phases of a cyber operation in network traffic;
  • Detect, identify, resolve and document host or network intrusions;
  • Use tools and algorithms to detect various types of malware and unauthorized devices on a live network;
  • Configure IDS/IPS systems to reduce false positives and false negatives .. Deploy reactive measures to respond to detected intrusion profiles;
  • Analyze and decipher network traffic, identify anomalous or malicious activity, and provide a summary of the effects on the system;
  • Apply tools and techniques for identifying vulnerabilities;
  • Apply techniques to trace a vulnerability to its root cause;
  • Propose and analyze countermeasures to mitigate vulnerabilities

In addition to the above coursework, a student will have to complete either a Capstone Project proposal and presentation, or a Thesis proposal and presentation.

Both are similar in that they are a scholarly effort for students to synthesize their knowledge gained and apply that to a research and problem solving activity that will benefit the industry and society. The major difference is that a Capstone is geared for those students that will answer a question or solve a problem specific to the professional practice and the industry. The Thesis is for those students that would like to answer a research question that requires research methodology activities, but more importantly an Institutional Review Board (IRB) review. Again, both would work to solve a problem and involve a review of the existing literature.

The aspects of how to think critically and know what is needed for quality cybersecurity in different environments are important abilities for anyone in the cybersecurity workforce. Performing the research and creation processes for a project ensures that students learn research, project management, communication, and personal development skills that are required to be successful in a cybersecurity career.

The aspects of how to think critically and know what is needed for quality cybersecurity in different environments are important abilities for anyone in the cybersecurity workforce. Performing the research and creation processes for a project ensures that students learn research, project management, communication, and personal development skills that are required to be successful in a cybersecurity career.

The aspects of how to think critically and know what is needed for quality cybersecurity in different environments are important abilities for anyone in the cybersecurity workforce. Performing the research and creation processes for a project ensures that students learn research, project management, communication, and personal development skills that are required to be successful in a cybersecurity career.

This program resides under the UMA College of Professional Studies.