Masters Studies in EMSE

I am lead professor for some courses, listed below, and direct graduate research in the general area of information security.

Theses that I have either directed or had influence on include:

  • Dirienzo, T. A Systems Analysis of U.S. Army Operations in Cyberspace (GWU, 2015)
  • Moore, S. The Impact of a Strategic Approach to Detection Activities on Incident Response (GWU, 2006)
  • Tomhave, B. The Total Enterprise Assurance Management (TEAM) Model: A Unified Approach to Information Assurance Management (GWU, 2006)
  • Gurov, M. Information Security Return on Investment (TU Delft, 2006)
  • Asmoredjo, S. A Probabilistic Model for Cyber Attacks and Protection (TU Delft, 2005)
  • Lopez de la Cruz, J. Applications of Probability Models and Expert Judgment Analysis in Information Security (TU Delft, 2004)

Information Assurance Courses:

These courses constitute the core courses for a focus in enterprise information assurance. Sample syllabi from old semesters are linked to for some of the courses.

  • EMSE 6540 Management of Information and Systems Security
    • This course introduces the systems engineering approach to understanding and managing information security in the enterprise. The three general security attributes, three security engineering phases, three policy questions, and risk management are explored in order to develop a structured approach to applying the concepts of computer security, personnel security, administrative security, physical security, and business continuity in an integrated and synergistic solution. Business decisions focused on budget and capabilities are included in the structural approach.
  • EMSE 6543 Managing the Protection of Information Assets and Systems
    • Building on EMSE 6540, this course takes the student into a deeper dive into the security engineering phase of protection. Critical protection processes and technologies are explored systemically with regards to contribution to enterprise security needs. Key topics covered in particular depth include the Common Criteria, cryptography, and physical security. Additional topics include personnel security, integrative actions, and interfaces to the other security engineering phases.
  • EMSE 6544 Auditing, Monitoring, and Intrusion Detection for Information Security Managers
    • This course continues the deep dive, this time into the security engineering phase of detect. The exploration is structured along the detection timeline, focusing on the challenges associated with detecting different types of challenges. The four classes of detection challenges are introduced and explored. The concept of audit ready architectures and the three levels of audit activity are covered as well. Time, both actual and relative, is an important part of the analysis of engineering requirements.
  • EMSE 6345 Disaster Recovery and Organizational Continuity
    • This course, offered by the faculty in the Crisis and Emergency Management focus, teaches students how to think about and structure enterprise processes for disaster recovery and organizational continuity.
  • EMSE 6545 Internet and Online Law for Security Managers
    • This course covers the sources of law, appropriate legislation and case law for information security managers, and teaches students how to understand the various types of law (private, civil, criminal, etc). Policy as a form of private law is covered in some depth, with special attention to the implications of improperly formed and enforced policy.

These courses are available for enrichment in the general area of information assurance:

  • EMSE 6537 Information Operations
  • EMES 6546 Cybercrime for Information Security Managers
  • EMSE 6549 Business and Competitive Intelligence
  • EMSE 6579 Applied Data Mining in Engineering Management
 

back to jjchryan homepage

Quick Links