Doctor of Science in Information Assurance

Credit Requirements

The Doctor of Science in Information Assurance consists of a minimum of 70 semester credits beyond a Master's degree, including 63 credits of pre-dissertation courses (consisting of 18 credits of Information Security content taken from core and specialization courses, 18 credits of research methods courses, 9 credits of comprehensive exam courses, 18 credits of research preparation courses) and 7 credits of dissertation development courses.

DIA COURSES, OBJECTIVES AND DELIVERABLES

Core Courses

  • IA7020 Information Security Systems and Organizational Awareness
  • IA7030 Legal and Ethical Practices in Information Security
  • IA8010 Business and Security Risk Analysis

Specialization Courses

  • IA8020 Security Policies, Standards and Procedures
  • IA8030 Design, Development and Evaluation of Security Controls
  • IA8190 Forensic Evaluation and Incident Response Management

Comprehensive Exam Courses:(two of the following)

  • CEX8220 Security Program Strategies and Implementation (Level I)
  • CEX8230 Legal and Ethical Management Issues in Information Security (Level I)
  • CEX8240 Strategic and Technological Trends in Information Security (Level I)

Research Methods Courses

  • RM6000 Effective Writing in Information Security Analysis
  • RM8250 Web-Based Research Methods in Information Security
  • RM8500 Research Foundations for Information Security Practitioners
  • RM9100 Qualitative and Quantitative Analysis
  • RM9150 Feasible Problem-Driven Research in Information Security
  • RM9250 Building a Knowledge-Base in the Information Security Discipline

Research Preparation Courses

  • RES8510 Research Topic Rationale
  • RES8520 Review and Synthesis of Prior Research
  • RES8530 Proposed Research Methodology
  • RES8540 Continuing PRP Development
  • RES8550 Research Design: Data Collection Plan
  • RES8560 Research Design: Results and Findings
  • RES8570 Research Design Specification
  • RES8580 Continuing RDS Development

Dissertation Development Courses

  • DST851X Data Collection and Preparation
  • DST852X Data Analysis and Findings
  • DST8530 Continuing Dissertation Development
  • DST854X Dissertation Documentation and Defense

Minimum credits required for DSc: 70

Grading Scale

Grade GPA Value Academic Designators

A

4.0 Incomplete

I

A-

3.7 Drop

W

B+

3.3 Withdrawal

W

B

3.0 Progress

P*

B-

2.7 No Progress

NP*

C+

2.3 Audit

AUD

C 2.0    

F

0.0  

 

 

CORE COURSES

IA7020 Information Security Systems and Organizational Awareness

In this course, students will familiarize themselves with the eight domains of the (ISC)2 Common Body of Knowledge (CBK) in information security as a framework to critically analyze security awareness issues and to evaluate best practices in implementing security systems within the enterprise. (3 credits)

DELIVERABLES: Best Practice Analyses

COURSE OBJECTIVES:

  • To analyze structures, transmission methods, transport formats and security measures that enable confidentiality, integrity and availability in business communications.
  • To examine best practices which serve to manage and reduce security risks associated with various frameworks, networks and technology structures of an enterprise.
  • To assess best practices used in establishing controls, within business applications, which support the security strategy of an enterprise.
  • To evaluate the impact of high level procedures, structures and standards used in defining, designing, and implementing information systems and technology.
  • To propose best practices which utilize the means and methods of disguising information through cryptography in order to protect confidentiality and integrity of data.

IA7030 Legal and Ethical Practices in Information Security

In this course, students will draw on what they learned from IA7020 to dig deeper into the eight domains of the (ISC)2 Common Body of Knowledge (CBK) in information security by evaluating information security case studies and produce real-life deliverables. (3 credits)

DELIVERABLES: Best Practice Analyses and Mock plans

COURSE OBJECTIVES:

  • To evaluate physical, procedural, and environmental risks associated with a business information technology infrastructure.
  • To recommend procedures and best practices required to preserve business in the face of major disruptions to normal operations.
  • To propose best practices for the protection and control of information technology resources.
  • To understand how to develop typical deliverables for information security programs such as an assessment plan, security policies, and implementation plan.

IA8010 Business and Security Risk Analysis

This course provides students with an overview of risk management principles. Methods to identify, quantify, and qualify internal and external risks to the organization are examined. Students apply these principles and methods to the current business and risk environment. (3 credits)

DELIVERABLES: Business Risk Assessment Report

COURSE OBJECTIVES:

  • To evaluate the role of business and technical risk analysis within the context of Information Security.
  • To identify and analyze prevalent threats and vulnerabilities facing businesses today.
  • To identify and analyze business and technical threats to an organization.
  • To analyze and evaluate Information Security methods used to address business threats and vulnerabilities.
  • To identify and evaluate the controls necessary to address business and technical threats.

SPECIALIZATION COURSES

IA8020 Security Policies, Standards and Procedures

In this course, students examine the role of security policies, standards and procedures in addressing business and technical risks and develop a security governance report to evaluate compliance across the enterprise. (3 credits)

DELIVERABLES: Enterprise Security Critique; Security Governance Report

COURSE OBJECTIVES:

  • To examine the role of security policies, standards and procedures in supporting information security and assurance across the enterprise.
  • To examine the management of security policy review and implementation projects.
  • To demonstrate how to effectively address business and technical risks to the enterprise through appropriate policies, standards and procedures.
  • To develop a security governance report to evaluate compliance across the enterprise.

IA8030 Design, Development and Evaluation of Security Controls

In this course, students transform high-level policies and procedures into quantifiable and measurable controls and mechanisms that enforce data and process integrity, availability and confidentiality. (3 credits)

DELIVERABLES: General IT Controls Review; Application Controls Review

COURSE OBJECTIVES:

  • To analyze and evaluate the interrelationship between risk management objectives and the application of effective business and IT controls.
  • To identify, define and evaluate key business and IT processes, requirements and performance metrics used by management to monitor and control risk..
  • To identify, analyze and evaluate organizational, administrative, network, and application-specific controls and risk mitigation strategies to meet business and technical objectives.
  • To demonstrate knowledge of the management of business and IT controls assessment projects.
  • To transform high-level business and technical objectives into quantifiable and measurable controls and mechanisms which enforce data and process integrity, availability and confidentiality.

IA8190 Forensic Evaluation and Incident Response Management

In this course, students explore the essentials of electronic discovery and analyze issues related to cyber evidence. Using this evidence, students identify and analyze the nature of security incidents, the source of potential threats and the methods used in incident management and mitigation. Students also analyze the technical and business issues which affect the actions of the enterprise in responding to a security incident. (3 credits)

DELIVERABLE: Forensic Evaluations; Incident Response Plan

COURSE OBJECTIVES:

  • To identify and analyze the nature of computer security incidents and the source of potential threats.
  • To demonstrate knowledge of a methodology for end-to-end incident management and mitigation.
  • To analyze and evaluate the technical issues associated with incident management and in the identification of criminal actions using network trace back and computer forensics.
  • To identify, analyze and evaluate the business and non-technical drivers associated with incident management such as legal issues as well as to demonstrate knowledge of the application of the rules of evidence to electronic security incidents.

COMPREHENSIVE EXAM COURSES
(two of the following)

CEX8220 Security

Program Strategies and Implementation (Level I) In this course, students explore the components of a security program for an enterprise and develop a strategy for its implementation. Students must complete a written exam paper which demonstrates mastery of literature-based research skills and American Psychological Association, 6th edition (APA) format and citation requirements. (3 credits)

DELIVERABLES: Security Program Review; Research Paper

COURSE OBJECTIVES:

  • To evaluate the role the security program plays in defining the security posture of the enterprise.
  • To demonstrate knowledge of the approaches taken in implementation of a security program.
  • To develop an implementation plan to meet compliance requirements of an identified security program.
  • To develop a plan for implementing the chosen strategy that addresses resources, schedules, and organizational change management requirements.

CEX8230 Legal and Ethical Management Issues in Information Security (Level I)

In this course, students explore issues with respect to the legal and regulatory environment of security and the challenges faced in developing and managing policy related to enterprise security. Students must complete a written exam paper which demonstrates mastery of literature-based research skills and APA format and citation requirements. (3 credits)

DELIVERABLES: Regulatory Analysis; Research Paper

COURSE OBJECTIVES:

  • To analyze how legislation influences specific corporate or institutional environments.
  • To identify legal and ethical issues that arise within a given legal or regulatory environment.
  • To investigate best practices that address specific issues within a given legal or regulatory environment.

CEX8240 Strategic and Technological Trends in Information Security (Level I)

In this course, students assess and evaluate technical trends and emerging technologies in information assurance and examine their impact on the implementation of security programs. Students must complete a written exam paper which demonstrates mastery of literature-based research skills and APA format and citation requirements. (3 credits)

DELIVERABLES: Technology Review; Research Paper

COURSE OBJECTIVES:

  • To gain knowledge of new and emerging technologies available to address initiatives identified in the security program of an enterprise.
  • To gain exposure to technologies currently used in the implementation of the security program.
  • To assess trends in technology and their impact on the implementation of the security program.

RESEARCH METHODS COURSES

RM6000 Effective Writing in Information Security Analysis (Qualifying Exam)

In this course, students utilize secondary research to analyze a current best practice or process in one of the ten domains of Information Security. Students write and present a position paper providing a rationale for research to evaluate the effectiveness of that practice or process. (3 credits)

DELIVERABLE: Annotated Bibliography; Best Practice Research Recommendation

COURSE OBJECTIVES:

  • To demonstrate effective written and oral communication skills.
  • To demonstrate knowledge of the secondary research process
  • To formulate a rationale for applied research in Information Security based on review of current literature.
  • To demonstrate knowledge of APA requirements for format, source identification and citations in research writing.

RM8250 Web-Based Research Methods in Information Security

In this course, students acquire information retrieval skills and research competencies to identify and evaluate industry-relevant sources of information for the purposes of analysis and research information security. Students compare and contrast the utility of publicly-available and subscription-based information sources for the purposes of meeting academic and professional requirements. (3 credits)

DELIVERABLE: Source Analysis, Comparative Analysis of Sources

COURSE OBJECTIVES:

  • To differentiate and classify secondary research sources based on their salient characteristics.
  • To critically examine the validity and credibility of industry relevant information sources used in information security.
  • To evaluate and synthesize information sources relating to a topic relevant to information security.
  • To critically analyze the applicability and relevance of specific information sources for the purposes of meeting academic and professional requirements.

RM8500 Research Foundations for the InfoSec Practitioner

In this course, doctoral students are introduced to the purpose and nature of primary research in Information Security. Students explore the foundations and concepts of applied field research.The Qualifying Exam is administered at the end of this course.(3 credits)

DELIVERABLE: Research Practice Sets

COURSE OBJECTIVES:

  • To understand the research paradigm and how it applies to the field research process
  • To assess what constitutes a non-trivial and feasible research problem
  • To formulate appropriate research questions for field research studies
  • To distinguish the characteristics of dependent and independent variables
  • To construct testable hypotheses appropriate for field research

RM9100 Qualitative and Quantitative Analysis

In this course, students compare, contrast, and evaluate qualitative and quantitative methods of data analysis for solving information assurance problems and conducting information security-related field research. (3 credits)

DELIVERABLES: Questionnaire Quality Assessment; Data Collection and Analysis Report

COURSE OBJECTIVES:

  • To evaluate the applicability of qualitative versus quantitative analysis methods.
  • To determine when parametric versus non-parametric statistics should be used.
  • To utilize qualitative and quantitative analytical methods in evaluating Information Security case studies.

RM9150 Feasible Problem-Driven Research in Information Security

In this course, students identify a research site and utilize problems occurring there in order to identify feasible topic areas for their field research study. Students apply the concept of problem-driven research as the basis for selecting a feasible and non-trivial research topic or problem assessment. (3 credits)

DELIVERABLES: Research Site Access Plan

COURSE OBJECTIVES:

  • To understand what constitutes an acceptable research site.
  • To select an accessible site at which to conduct research.
  • To determine the nature and degree of access to the potential subjects to be studied.
  • To understand the constraints and limitations of the identified research site.
  • To understand the role of a mentor / advocate at the research site.

RM9250 Building a Knowledge-Base in the Information Security Discipline

In this course, doctoral students enrolled in the DSc program continue to evaluate the feasibility of their proposed research site, the research topic identified, and the potential dependent variables to be studied. Students present their proposed project at the Dissertation Boot Camp at the end of this course. (3 credits)
DELIVERABLE: Research Project Feasibility Analysis
COURSE OBJECTIVES:

  • To identify potential problems affecting the research population.
  • To recognize potential dependent variables that can be studied.
  • To formulate an acceptable research question applicable to the problem being studied.
  • To articulate a problem statement that will be addressed by the proposed study.
  • To select a researchable topic area (site, problem, Information Security domain).

RESEARCH PREPARATION COURSES

RES8510 Research Topic Rationale

In this course, students articulate the business problem and problem statement, refine their research question, and develop the rationale for the research project by clearly identifying and specifying the needs and requirements which justify a proposed improvement in professional practice. (3 credits)

PREREQUISITE: RM9200

RES8520 Review and Synthesis of Prior Research

In this course, students conduct a literature review in Information Security and other relevant bodies of research to identify a proposed solution to the business problem. Using this literature review, they present support for the selection of the proposed solution and identify criteria to be used in assessing its feasibility. (3 credits)

RES8530 Proposed Research Methodology

In this course, students finalize the operational requirements of the proposed research study and specify their proposed improvement in professional practice. Students document the methodology to be utilized in the proposed project in the Feasibility Study Specification (FSS) which is the final course deliverable. (3 credits)

RES8540 Continuing PRP

Doctoral students requiring additional time to produce an approved Feasibility Study Specification (FSS) enroll in this course until the document is approved by the Candidacy Committee. (1 credit)

Research Design: Data Collection Plan

In this course, students develop the data collection plan based upon the selected research approach and design type. This plan specifies the methods to be utilized for measuring the variables as well as the data collection procedures to be followed. (3 credits)

DELIVERABLE: Research Design, Data Collection Plan (Chapter 3.5 through 3.6)COURSE OBJECTIVES:

  • To specify the design of the study using an established model.
  • To identify or produce reliable, valid instrument(s) for use in data collection.
  • To specify the detailed data collection procedures to be used.
  • To describe the pilot test of the selected instrument(s).

RES8560 Research Design: Results and Findings

In this course, students develop the data analysis plan based upon the selected research approach and design type. This plan specifies the data analysis methods and procedures to be utilized in the research. (3 credits)

DELIVERABLE: Data Analysis Plan (Chapter 4.1)
COURSE OBJECTIVES:

  • To specify the methods to be used in analysis of the data.
  • To explain the rationale of the selection of the identified methods of analysis.
  • To describe the treatment for missing data.

RES8570 Research Design Specification

In this course, students finalize the operational requirements of the proposed research study by producing the Research Design Specification (RDS). (3 credits)

DELIVERABLE: Research Design Specification (RDS) (Chapters 1, 2, 3, and 4.1)
COURSE OBJECTIVES:

  • To integrate all previous work into the final specifications of the research design.
  • To obtain IRB approval of the Data Collection Plan and instruments.

RES8580 Continuing RDS Development

Doctoral students requiring additional time to produce an approved Research Design Specification (RDS) enroll in this course until the document is approved by the Candidacy Committee. (1 credit)

DISSERTATION DEVELOPMENT COURSES

DST851X Data Collection and Preparation

In this course, doctoral candidates implement the approved research design by collecting data and preparing data for analysis, including cleaning the data set, providing data variable names and coding. (1-6 credits)

DELIVERABLE: Data Collection Methods (Chapter 3.6 revisions)
COURSE OBJECTIVES:

  • To collect data from the identified research subjects following procedures identified in the approved RDS.
  • To document methods and procedures performed.

PREREQUISITE: Approved RDS

DST852X Data Analysis and Findings

In this course, doctoral candidates implement the approved data analysis plan and review findings with advisors.(1-6 credits)

DELIVERABLE: Results and Findings (Chapter 4.2 through 4.3)
COURSE OBJECTIVES:

  • To analyze the data collected using the analysis methods identified in the approved RDS.
  • To draw conclusions and identify implications from the findings.
  • To document the procedures, analyses, findings and conclusions.

DST8530 Dissertation Documentation and Defense

Doctoral candidates requiring additional time to produce an approved dissertation enroll in this course until the dissertation is approved for defense. (1 credit)

DST854X Dissertation Documentation and Defense

In this course, doctoral candidates present their findings to the Dissertation Committee at the defense. (1-3credits)

PREREQUISITE: Approval to Defend

» Take the next step. Submit an inquiry of interest.

 

Join the Cybersecurity Elite
U of F Cybersecurity Education Path

Education Path
Distinguish yourself and advance your cybersecurity career by following the University of Fairfax Online Cybersecurity Education Path. No matter which graduate program you pursue, all of your courses will explore relevant cybersecurity policy and management issues, and you will complete a cybersecurity project in each course. You can apply what you learn and make significant contributions in your workplace right away.
» Download PDF or register for a