MSIS Core Course Descriptions

Course descriptions are provided below for the Pittsburgh MSIS Core Courses and the Cyber Forensics and Incident Response Track.

Core Courses

All students are required to take the following core courses as part of the MSIS curriculum:

Management Requirement

14-782 Information Security Risk Management I

This course and its follow-on Information Security Risk Management II (14-784) examine information security as a risk management problem where the organization identifies information security risks, evaluates those risks, and makes risk mitigation and acceptance decisions given its resource constraints. In part one of this class students will learn foundational concepts in risk management and economic valuation and will be introduced standard risk management approaches for identifying, analyzing, and responding to risk, as well as the analytical tools for calculating the costs and benefits of investment security decisions.

Learning Objectives:

  • Understand and use security risk management terminology
  • Understand and apply tools for evaluating decisions under uncertainty
  • Develop critical thinking and evaluation
  • Demonstrate basic proficiency in qualitative and quantitative risk analysis methods (OCTAVE, FAIR)
  • Understand and explain risk responses, including risk transfer and insurance

14-784 Information Security Risk Management II

This course approaches information security as a risk management problem where the organization has to identify information security risks, decide how to resolve these risks, and make trade-off, economic, and investment decisions about controls, practices, and solutions to mitigate risk. Students will learn a standard risk management process for identifying, analyzing, and responding to risk, as well as the analytical tools for calculating the costs and benefits of investment security decisions. Students will perform a case study using the OCTAVE risk assessment method developed by the CERT program at the Software Engineering Institute.Additional topics covered include an introduction of how to use classical financial analysis techniques to evaluate information security security investments.  

Please note: this course uses a Harvard Business School case study. Students will be charged a fee for the course materials. The fee for these materials will be charged to the student's account.

 Learning Objectives:

  • Basic understanding of the information security risk management process and how to identify, analyze, and respond to risk.
  • Key economic concepts in uncertainty decision making and financial analysis.
  • How to calculate ROI on a security investment.

14-788 Information Security Policy and Management

Spring: 6 units. The goal of this course is to provide an overview of security marketplace, an understanding of decision making when multiple parties are involved and the role of policy making in the context of information security.

Policy is treated broadly and need not be necessarily government laws and regulations. Policy can be intra-organization. For example, it is an organization policy to disconnect an unpatched computer from its network. We will discuss the role of market and competition on security provision and then some of the key causes of market failure, namely externalities. We will then analyze how various policy tools can be applied to mitigate market failure. We will also discuss some key laws and regulation on product liability, and security standards.

The course also aims to provide an overview of security industry (that is key trends, technologies and various strategies by vendors and users) as well. By the end of the course, the students are expected to know key managerial and policy issues surrounding information security provision and when and how policy intervention is needed. Prerequisite: 95-710 Economic Analysis or equivalent coursework.

Networking and Systems Requirement

(15-641 or 14-740 or 18-756) AND (15-605 or 18-842 or 15-640 or 18-746)

15-641 Computer Networks

Fall: 12 units. This is an introductory course in computer networks with emphasis on the basic performance and engineering tradeoffs in the design and implementation of computer networks. To make the issues more concrete, the class includes several multi-week projects requiring significant design and implementation. The goal is for students to learn not only what computer networks are and how they work today, but also why they are designed the way they are and how they are likely to evolve in the future. We will draw examples primarily from the Internet. Topics to be covered include: congestion/flow/error control, routing, addressing, naming, multi-casting, switching, internetworking and network security. Evaluation is based on homework assignments, projects and two mid-term exams. Prerequisite: 15-513 Introduction to Computer Systems.

14-740 Fundamentals of Telecommunications and Computer Networks

Fall or Spring: 12 units. 14-740 is a graduate-level, first-course in computer and telecommunication networks. There is no prerequisite of an undergraduate equivalent, but basic computer, programming and probability theory background is required. The primary objective of this course is for you to learn the fundamental principles underlying computer and telecommunication networks. Using a top-down approach, we will cover topics in the application, transport, network and link layers of the protocol stack. We will also go over advanced topics, including network management, traffic engineering and router internals. Besides learning about the nuts and bolts, you will gain an understanding in engineering tradeoffs made and design principles used in computer and telecommunication networks. Another objective is for you to apply some of this knowledge in the context of systems projects. We will follow an aggressive pace in this course. Note, this class has a limited enrollment.

18-756 Packet Switching and Computer Networks

Fall: 12 units. This class is designed to provide graduate students an understanding of the fundamental concepts in computer networks of the present and the future. In the past, the scarce and expensive resource in communication networks has been the bandwidth of transmission facilities. Accordingly, the techniques used for networking and switching have been chosen to optimize the efficient use of this resource. These techniques have differed according to the type of information carried: circuit switching for voice and packet switching for data. It is expected that elements of circuit and packet switching will be used in the integrated networks. This course focuses on packet switching for computer networks and protocol design. Topics in the course include: computer networks over-view; OSI layers, queueing theory; data link protocol; flow control; congestion control; routing; local area networks; transport layer. The current networks and applications will be introduced through the student seminars in the last weeks of the course. Prerequisite: 18-345 Introduction to Telecommunication Networks and graduate standing.

15-605 Operating System Design and Implementation

Fall or Spring: 12 units. Operating System Design and Implementation is a programming-intensive OS class. It is a rigorous hands-on introduction to the principles and practice of operating systems. The core experience is writing a small Unix-inspired OS kernel, in C with some x86 assembly language, which runs on a PC hardware simulator (and on actual PC hardware if you wish). Work is done in two-person teams, and "team programming" skills (source control, modularity, documentation) are emphasized. The size and scope of the programming assignments typically result in students significantly developing their design, implementation, and debugging abilities. Core concepts include the process model, virtual memory, threads, synchronization, and deadlock; the course also surveys higher-level OS topics including file systems, interprocess communication, networking, and security. Students must be able to must be able to write a storage allocator in C, use a debugger, understand 2's-complement arithmetic, and translate between C and x86 assembly language. The instructor may require you to complete a skills assessment exercise before the first week of the semester in order to remain registered in the class.

Prerequisites: Achieve at least a "B" in 15-513 Introduction to Computer Systems with priority given to those who achive an "A".

18-842 Distributed Systems

Spring: 12 units. The primary objective of this class is to learn the fundamental principles underlying distributed systems, and apply some of this knowledge in developing a real system in a course project (such as a networked multimedia system or a groupware system with built-in mechanisms for supporting high availability). Topics include: models of distributed systems, distributed transactions, distributed filesystems, infrastructures for building distributed systems, distributed algorithms, cryptography and distributed security, overview of distributed multimedia applications, systems and networking support for distributed multimedia systems, distributed real-time systems. Prerequisite: You must take one of 18-342 Fundamentals of Embedded Systems or 15-410 Operating System Design and Implementation; and one of 14-740 Fundamentals of Telecommunications, 18-756 Packet Switching and Computer Networks or 15-441 Computer Networks as a prerequisite to 18-842.

Security Requirement

14-741 or 18-730 -AND- one advanced security course (18-731 or 18-733 or 18-732) -AND- one additional security course (must be approved by advisor)

14-741 Introduction to Information Security

1st Fall: 12 units. The growing importance of information systems, and their use to support safety-critical applications, has made information security a central issue for modern systems. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective. Topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; digital rights management; policy and export control law; privacy; management and assurance; and special topics in information security. Prerequisites: The course assumes a basic working knowledge of computers, networks, C and UNIX programming, as well as an elementary mathematics background, but does not assume any prior exposure to topics in computer or communications security.

18-730 Introduction to Computer Security

Fall: 12 units. This course provides a principled introduction to techniques for defending against hostile adversaries in modern computer systems and computer networks. Topics covered include operating system security; network security, including cryptography and cryptographic protocols, firewalls and network denial-of-service attacks and defenses; user authentication technologies; security for network servers; web security; and security for mobile code technologies, such as Java and Javascript. More advanced topics will additionally be covered as time permits, such as: intrusion detection; techniques to provide privacy in Internet applications; and protecting digital content (music, video, software) from unintended use.

18-731 Network Security

Spring: 12 units. Some of today's most damaging attacks on computer systems involve the exploitation of network infrastructure, either as the target of attack or as a vehicle to advance attacks on end systems. This course provides an in-depth study of network attack techniques and methods to defend against them. Topics include firewalls and virtual private networks; network intrusion detection; denial of service (DoS) and distributed denial-of-service (DDoS) attacks; DoS and DDoS detection and reaction; worm and virus propagation; tracing the source of attacks; traffic analysis; techniques for hiding the source or destination of network traffic; secure routing protocols; protocol scrubbing; and advanced techniques for reacting to network attacks. Prerequisites: 18-730 Introduction to Computer Security or 14741 Introduction to Information Security.

18-732 Secure Software Systems

Spring: 12 units. Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace - particularly in the context of Web technologies and digital rights management - system designers are increasingly faced with protecting hosts from foreign software and protecting software from foreign hosts running it. This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Topics covered include the software design process; choices of programming languages, operating systems, databases and distributed object platforms for building secure systems; common software vulnerabilities, such as buffer overflows and race conditions; auditing software; proving properties of software; software and data watermarking; code obfuscation; tamper resistant software; and the benefits of open and closed source development. Prerequisites: 18-730 Introduction to Computer Security or 14741 Introduction to Information Security.

18-733 Applied Cryptography

Spring: 12 units. A wide array of communication and data protections employ cryptographic mechanisms. This course explores modern cryptographic (code making) and cryptanalytic (code breaking) techniques in detail. This course emphasizes how cryptographic mechanisms can be effectively used within larger security systems, and the dramatic ways in which cryptographic mechanisms can fall vulnerable to cryptanalysis in deployed systems. Topics covered include cryptographic primitives such as symmetric encryption, public key encryption, digital signatures, and message authentication codes; cryptographic protocols, such as key exchange, remote user authentication, and interactive proofs; cryptanalysis of cryptographic primitives and protocols, such as by side-channel attacks, differential cryptanalysis, or replay attacks; and cryptanalytic techniques on deployed systems, such as memory remanence, timing attacks, and differential power analysis. Prerequisites: 18-730 Introduction to Computer Security.

Courses Under the Cyber Forensics and Incident Response Track

MSIN and MSIS students located in Pittsburgh can pursue the Cyber Forensics and Incident Response Track. In the forensics track, students devote a security elective (12 units) and their curriculum option (36 units) to developing skills in both host/network computer forensics and digital investigations. Students are taught by faculty from the CERT Program and trained on state-of-the-art software. All courses progressively build on one another, providing concrete skills along the way.

By pursuing the forensics track, students will be able to perform digital forensic investigations based on a solid understanding of the fundamental nature of digital evidence and an ability to apply the analytic and investigative tools in a forensically sound manner.

14-761 Applied Information Assurance

Fall or Spring: 12 units. This course focuses on practical applications of Information Assurance (IA) policies and technologies in enterprise network environments. The course will include lecture and demonstrations, but is designed around a virtual lab environment and scenario that provides for robust and realistic hands-on experiences in dealing with a range of information assurance topic areas. Students will be provided numerous practical opportunities to apply information security practices and technologies to solve real-world IA problems.

14-822 Host-Based Forensics

Spring: 12 units. Host-Based Forensics provides a systematic introduction to the field of digital forensics. The course aims to familiarize students with the forensic process and to apply forensic principles with many tools of the trade. Upon completion of this course, a student should feel confident in participating in a digital forensic investigation. This course focuses on the forensic process (planning, acquisition, analysis, reporting) as it relates to host system forensics. Class periods will consist of lecture and exercises. Pre-requisite: 14-761 Applied Information Assurance.

14-823 Network Forensics

Fall: 12 units. Network Forensics concentrates on the collection and analysis of evidence left on the network. Upon completion of this course, and its complement 14-822, a student will feel comfortable with the full scope of a digital forensic investigation. Class periods will consist of lecture and exercise. Students will learn about the data types that may have forensic value and will be introduced to several techniques for capturing data off the network and how each option impacts the data that is available. Students will be further presented with several incident response challenges on live networks and be tasked with determining and proving what happened. They will have to collect various logs, network traffic, create timelines and draw conclusions. Pre-requisite: 14-761 Applied Information Assurance.

14-832 Cyber Forensics and Incident Response Capstone

Spring: 12 units. The CyFIR concentration capstone course challenges students by placing them in a series of hands-on exercises based on real world scenarios. Students will work together in groups to respond to and investigate large-scale corporate and government intrusions. Instructors will teach advanced event correlation and reconstruction techniques as well as emerging data collection and analysis approaches. Using both host-based and network-based forensics techniques, students will learn to effectively synthesize data, utilize problem solving skills to draw investigative conclusions, and document their analysis. Additionally, students will be required to follow sound forensic methodologies to protect and prepare digital evidence throughout their mock investigations. Furthermore, students will learn to effectively summarize and communicate their forensic analysis through technical report writing and communication best practices. Upon completion of this course, students will be prepared to participate in and guide enterprise cyber security incident response and forensic operations for large organizations.

Please note, the CyFIR Capstone is a requirement for the Cyber Forensics and Incident Response Track that has replaced the three mini-courses (14-824, 14-825, and 14-826).