Concordia University of Edmonton
Master of Information Systems Security Management
Edmonton, Canada
Master degree
DURATION
2 years
LANGUAGES
English
PACE
Full time
APPLICATION DEADLINE
EARLIEST START DATE
Sep 2026
TUITION FEES
CAD 49,159 *
STUDY FORMAT
On-Campus
* total estimated fees
Key Summary
In all sectors of the economy, there is an increasing demand for skilled professionals with expertise in information security. The Master of Information Systems Security Management (MISSM) meets these needs by providing in-depth education in security protocols, design, software, and management. Students explore protection strategies, including the planning, design, implementation, and management of complete network security solutions in multiple operating-system environments and configurations. Graduates will be able to assess and implement necessary safeguards to ensure the security of information systems. Program content includes network security policies, standards, and management; building and maintaining security firewalls; cryptography; information security laws and ethics; disaster and recovery planning; risk management and analysis; and digital forensics.
The MISSM program (a) allows students to meet their educational goals in an efficient and timely manner and (b) enables students who possess a more general IT or business-related degree to focus on the specific knowledge and skills required in the emerging field of information systems security. The program is open to both full- and part-time students.
A Mature Forward-Thinking Program
Concordia University of Edmonton is proud to bring you a unique, mature and much-needed Information Systems Security program.
The need for security professionals is growing along with the increasing reliance of businesses and governments on IT. The employer demand for information systems security professionals shows no end in sight. The program maintains a sharp focus on the needs of employers and changes in the industry.
Objectives
- To identify sources of risk for the loss of enterprise information and to develop methods of minimizing the identified risks based on the priorities established by senior management and the financial resources available to mitigate these risks.
- To understand the role of information systems security in relation to the other business processes in an enterprise.
- To develop a plan for the enterprise to recover from disasters where information ceases to be available to users. They will also have the skills to test the plan and to ensure that the plan is ready to be implemented when needed.
- To investigate information systems security incidents and develop and implement solutions to recover or minimize the loss of information.
- To securely install operating system software and to use this software to build login servers and application servers which are highly resistant to penetration by unauthorized users (both internal and external).
- To securely install servers on different operating environments.
- To develop an appropriate information security framework for an enterprise, including plans and policies which reflect recognized standards for implementing security policy (based on identifying stakeholders, security teams and infrastructure, data resource owners, and auditing used to ensure compliance).
- To determine legal issues involved in information systems security policy and architecture, and to know when to seek advanced legal help and/or help from law enforcement authorities.
- To manage projects involving cryptographic architectures for security and to implement a variety of solutions involving cryptography.
- To develop strategies for all methods of access control to an organization’s information systems and media containing organizational information (physical methods and network methods).
- To ensure that an organization meets the appropriate federal or provincial privacy legislation.
- Network Security
- Application and Cloud Security
- Cryptology and Secure Network Communications
- System and Virtualization Security
- Incident Response and Digital Forensics
- Research Methods & Communications
- Disaster Recovery and Business Continuity
- Governance, Risk and Compliance, and
- one of
- Research track consisting of:
- Research Methods II)
- Research Methods III
- Research track consisting of:
or
- Capstone track consisting of:
- Capstone I
- Capstone II
- Analyze and identify sources of risk for the loss of enterprise information. Understand methods of minimizing the identified risks based on the priorities established by senior management and the resources available to mitigate these risks in a way which contributes to enterprise value. Understand the recent ERM best practices (post 2008), based on COSO and COBIT frameworks. (Risk)
- Understand the role of information systems security in relation to the other business processes in an enterprise and how this adds to enterprise value. Understand how to align business to IT (BITA) and the need to understand how business goals drive IT and information security goals. (Security Business).
- Understand the phases of disaster recovery planning. Understand the various considerations, risk factors and challenges related to the successful planning, implementation and maintenance of an effective organizational disaster recovery and business continuity plan. (DRP)
- Investigate information systems security incidents. Including methods of analysis employed in incident response digital forensics, including forensic duplication, and file system, memory, and network forensic analysis. (Investigations)
- Apply operation-level security, including security to information in processing, at rest and in transition. Know the main types of encryption, including symmetric, asymmetric, public key, block, and stream ciphers. (Operations)
- Create an appropriate information security framework for an enterprise, including IT security-related plans and policies. Comprehend the theory and practice of project management and demonstrate knowledge of project management terms and techniques. (Framework)
Graduates work in many technical, policy and management areas. Technical areas often involve server installation, testing, network design and penetration testing of servers and networks and network and security administration. Policy involves many areas such as implementing security policies, privacy policies and performing risk assessments. Management involves working at all levels to gain acceptance for security policies and procedures and the overall information security strategy.
At times, this can involve implementing policies and practices based on ISO standards, ISACA standards and many other industry standards for security. Recently, the legal requirement for information technology security risk audits has created an ongoing and unfulfilled demand that alone will last for a predicted 8-10 more years (this is a worldwide by-product of the Sarbanes-Oxley legislation passed in the United States).
The MISSM program is a 33-credit 2-year program normally completed in 4 terms (Fall, Winter, Fall, Winter) of 9, 9, 9, and 6 credits, including a research or capstone component, consisting of 10 courses. The capstone track is suitable for students who are gearing themselves for professional careers in information security management. The research track is suitable for students who are gearing themselves for a research career in information security management, including students who may consider pursuing PhD programs in the field.