MSISPM Curriculum

With a focus on analytical methods, technical foundations, management competency, and innovation, the skills you’ll gain from the MSISPM curriculum will equip you to define, execute, and implement effective security strategies and policies for any organization. The interdisciplinary nature of Carnegie Mellon allows you to focus your curriculum on the business, technology, strategy, policy, or risk management aspects of cybersecurity and information assurance.

Our curriculum is unique from other schools in that it helps student frame cybersecurity as a business problem, translating how cybersecurity and technology challenges affect the organization’s viability and resilience. We use a management and policy focus to help students understand and frame cybersecurity challenges in the real constructs and constraints of operating and growing an organization.

Below is the core curriculum for the MSISPM program which provides students with the foundations for success. From this core, students can branch out into more technical courses—such as those in network security analysis and forensics—or focus on management challenges—such as those in ethics, privacy, and policy—or a combination of both. Your curriculum will vary based on discussions you’ll have with your faculty advisors and program directors, all of whom will be there to guide your academic experience toward the role you want to play in cybersecurity.

Core Curriculum

Because of the multi-disciplinary nature of information security management, the core curriculum comprises a Security Core, a Management and Policy Core, and an Experiential Learning Core. Outside of these core courses, students also take a variety of different electives to round out their skills in specific areas.

Management and Policy Core

Management and policy core courses provide for development and application of managerial and analytical skills that are essential to meeting the challenges of information security management and policy development.

Course Number Course Title Units
94-700 Organizational Design and Implementation 6
94-702 Professional Writing 6
95-723 Managing Disruptive Technologies 12
95-710 Economic Analysis 6
95-718 Professional Speaking 6
95-760 Decision Making Under Uncertainty 6
95-796 Statistics for IT Managers 6
95-719 Accounting and Finance Foundations 6
  Total Management and Policy Core 54

Security Core

Security core courses are aimed at providing foundational knowledge of information security concepts and challenges and developing technical competency.

Course Number Course Title Units
94-806 Privacy in the Digital Age 6
95-752 Introduction to Information Security Management 12
95-755 Information Security Risk Management I 6
95-758 Network and Internet Security 12
95-748 Software and Security 6
95-749 Cryptography 6
95-743 Information Security Compliance and Training 6
95-744 Information Security Policy and Governance 6
  Total Security Core 60

Experiential Learning Core

Course Number Course Title Units
95-720 Information Security Project or Thesis 24
Required Summer Internship
  Total Experiential Learning Core 24


Featured Course: Introduction to Information Security Management
This course introduces you to material essential for effectively managing or consulting on an organization's computer and network security. Explore topics in: computer system vulnerabilities; effective cryptographic techniques and protocols; access control policies and mechanisms; and implications of security technology in the realm of risk management.

You'll learn how to design and implement computer security policies and standards, formulate disaster recovery plans, and analyze system security architectures and physical security controls. Additional material covers the legal aspects of computer system auditing in a secure environment, and how to structure the management of a site's computer security on a daily basis.

  • Browse a list of other courses you'll be taking.