Curriculum for MS26

For Students Starting the MSISTM/MSIS in Fall 2014 (MS26)

Students entering the MSIS in Fall 2015 should refer to the MS27 curriculum page.

The MSISTM/MSIS curriculum consists of three main components: the core courses, restricted electives and the curriculum option. The core courses establish the necessary background and a common competence level, and the restricted elective courses build upon the core. Students can choose from a wide variety of technical and management elective courses according to their interests and career needs.

Core Course Requirements
72 units
Restricted Electives
36 units
Curriculum Option
36 units
144 units

Please Note: Students that choose the Cyber Forensics and Incident Response Track do not add any additional units. The forensics track consists of 48 units, which will be fulfilled by one security elective (12 units) and the curriculum option (36 units). Additionally, students who are completing the MSIS program in 20-months are required to complete an internship.

Disclaimer: The INI cannot guarantee that courses will be offered each semester or in a specific semester as advertised below.  Students must refer to the 'Schedule of Classes' to determine course availability. The INI cannot guarantee that a student will be offered a seat in a specific course.  These apply to courses at the INI as well as other departments at Carnegie Mellon. In addition, it is the sole responsibility of the student to read and understand the following information regarding this program and its requirements. Should an individual have any further questions, they are encouraged to contact Enrollment Services at for assistance.

Core Courses - 72 units - Core Courses May Not Be Waived.

Core Management Requirements - 12 units

Students must take each of the following classes in order to fulfill the management core courses:

  • 14-786 Information Security Risk Analysis (SPRING)
    Prerequisite: Either prior coursework in probability theory or 95-796 Statistics for IT Managers.
  • 14-788 Information Security Policy and Management (SPRING)
    Prerequisite: 95-710 Economic Analysis or equivalent coursework.

Core Networking and Systems Requirements - 24 units

Students must select an option from both of the following networking and systems requirements:

15-641 Computer Networks (FALL)
Note, you must take 15-513 Introduction to Computer Systems (SUMMER or FALL) as a prerequisite to 15-641.
14-740 Fundamentals of Telecommunications and Computer Networks (FALL or SPRING)
Note, this class has a limited enrollment.

18-756 Packet Switching and
Computer Networks (FALL)
Note, you must take either prior networking coursework or 18-345 Introduction to Telecommunication Networks as a prerequisite to 18-756; 18-345 is considered overlapping with 14-740.
15-605 Operating System Design
and Implementation (FALL or SPRING) Note, you must take 15-513 Introduction to Computer Systems (SUMMER or FALL) as a prerequisite to 15-605. Students must receive at least a 'B' in 15-513 to be eligible to take 15-605, with priority given to 'A' students.
15-640: Distributed Systems (FALL or SPRING)
18-746: Storage Systems (FALL or SPRING)
18-842 Distributed Systems (SPRING)
Note, you must take one of 18-342 or 15-605, and one of 14-740, 18-756, or 15-641 as a prerequisite to 18-842.

Core Security Requirements - 36 units

Students must take each of the following three classes in order to fulfill the security core courses:

18-730 Introduction to Computer Security (FALL),
prerequisite to 18-731 Network Security, 18-732 Secure Software Systems and 18-733 Applied Cryptography.
14-741 Introduction to Information Security (FALL), prerequisite to 18-731: Network Security and 18-732: Secure Software Systems)
18-731 Network Security (SPRING)
18-732 Secure Software Systems (SPRING)
18-733 Applied Cryptography (SPRING)
One additional graduate-level security course, including
courses from another department (CS, ECE, EPP, Heinz, Tepper)
Note, course must be approved by the MSISTM/MSIS program advisor.

Here is a list (not exhaustive) of approved courses that fulfill the requirement of one additional graduate-level security course:

  • 14-735 Secure Coding
  • 14-761 Applied Information Assurance
  • 14-817 Special Topics: Network Security and Management
  • 14-819 Introduction to Software Reverse-Engineering
  • 14-822 Host Based Forensics
  • 14-823 Network Forensics
  • 14-829 Mobile Security
  • 18-731 Network Security
  • 18-732 Secure Software Systems
  • 18-733 Applied Cryptography
  • 18-739 Special Topics in Security

If you pick a course that is not listed above, you must receive prior approval from the MSISTM/MSIS academic advisor.

Restricted Electives - 36 units

Students have the opportunity to pursue a wide range of electives in which they have a special interest. Of the 36 units required, 12 units must be a course in the INI (14-XXX), ECE (18-XXX) or CS (15-XXX) that is numbered 300 or above or one of the following EPP courses (19-608, 19-682, 19-712, 19-713 or 19-784).

The remaining 24 units can be fulfilled by any approved courses in the Heinz College or Tepper School or any courses in ECE, EPP, School of Computer Science, INI or III (49-xxx) that are numbered 300 or above. Restricted electives may not be taken as pass/no pass/audit. In addition, students should select restricted electives that complement the core curriculum. Note, only up to 36 units of undergraduate courses (300-599) can be considered toward degree requirements (between core and restricted elective courses).

Please refer to the list of approved Heinz College courses for INI students.

Curriculum Option - 36 units

The curriculum option must be chosen before the end of the first fall semester. Students choose either a Professional Track or Research Track:

  • Professional Track: Either 1) course option - a set of courses that will equip students with the knowledge and skills they need to succeed in industry; 2) industry practicum - a supervised practicum that will provide students with industry experience while gaining significant knowledge; or 3) development-based project - a project that allows students to build up knowledge and skills in delivering successful solutions for industry.

  • Research Track: Thesis research paper that will allow students to delve deep into a problem and create a solution for a research-based project, providing the opportunity to gain significant knowledge and skills in a particular area.

For Students in the Cyber Forensics and Incident Response Track

The Cyber Forensics and Incident Response Track is made up of the following courses:

  • 14-761 Applied Information Assurance (prerequisite to all other track courses) (FALL and SPRING)
  • 14-822 Host-Based Forensics (SPRING)
  • 14-823 Network Forensics (FALL)
  • 14-832 Cyber Forensics and Incident Response Capstone (SPRING)

View the course descriptions.