Graduate Course Catalog 2007-2009

General Information

Faculty/Staff Directory





Total Credit Hours: 35 - 41


The Master of Science in Information Security (MS InfoSec) program provides students with background and insights into the key managerial and technical issues of information security. It is an interdisciplinary program administered by the Management Information Systems Department in the College of Business and the Mathematics and Computer Science Department in the College of Arts and Sciences.

The managerial concentration focuses on the impact of information security on individual lives and personal privacy, the growing information security risks facing business and government, strategies for securing information, and the influence of laws and public policy on how information is secured. The technical concentration examines how information systems can be made secure. It discusses information processing systems, secure operating systems and applications, network security, cryptography, security protocols, and other issues that confront those charged with securing information networks.

The managerial concentration is an attractive option for IT analysts, managers and directors who are responsible for, and interested in, defining, auditing, or examining IT security policies and procedures. The technical concentration is a handson option that is attractive to IT professionals who are interested in identifying security breaches, implementing security policies and procedures, and resolving security problems when and where they arise.

To accommodate the needs of working professionals, the program is structured for parttime students with courses offered in the evenings. All courses are offered in an eight-week format.


To be accepted for admission into the program, a student must present the following credentials:

1. A baccalaureate degree from an accredited institution of higher education.

2. A minimum undergraduate GPA of 3.0 on a 4.0 scale.

3. Application form with a non-refundable fee.

4. Professional resumé.

5. Official transcripts from all educational institutions attended.

6. Two-page statement of purpose.

7. Three letters of recommendation.

8. Prior coursework from an accredited collegiate institution in computer science or management information systems.


Under certain circumstances, students who do not meet one or more of the requirements for full admission may be admitted to the program with provisional status. These include:

1. Students with an undergraduate GPA less than 3.0 but greater than or equal to 2.25.

2. Students who lack prior coursework in computer science or management information systems from an accredited collegiate institution.

Students admitted with provisional status will be considered for full admission after they have earned nine credit hours in the program with a GPA of 3.0 out of 4.0. Additionally, students who lack prior coursework in computer science or management information systems are required to take two foundation courses in the major to gain background in computer programming, organization, and applications.


International students should consult General Information in this catalog for acceptable scores on TOEFL as well as other pertinent information regarding information.


A student with a baccalaureate degree who wants to take certain graduate courses with the intention of becoming a degree candidate may be admitted as a student-at-large by meeting the following requirements:

1. Submit official documentation of a baccalaureate degree from a regionally accredited institution of higher education; and

2. Complete an application form, accompanied by a non-refundable application fee.

Should a student-at-large seek full admission status, he or she must have attained a minimum GPA of 3.0 in his/her at-large coursework. Nine semester hours completed as a student-at-large is the maximum credit toward an advanced degree that can be granted.

A student with a baccalaureate degree who wants to take certain courses but does not seek a full degree endorsement may likewise be admitted as a student-at-large and is subject to the same admission requirements.


A maximum of nine semester hours of graduate level work earned from a regionally accredited institution of higher education within the last five years may be accepted toward a degree in the Master of Science in Information Security program. Only courses in which the student received a grade of B or higher will be eligible for transfer credit.

Students who wish to take courses elsewhere after matriculation at Lewis must receive prior written approval from the Program Director. In approving the proposal to transfer credit from another institution, the Program Director may, at his or her discretion, require that the student pass a proficiency exam for the corresponding course to qualify to transfer the credit.


A student must complete all requirements within seven years from the completion of his or her first graduate course at Lewis University.


Any student admitted to the MS InfoSec program whose cumulative GPA falls below 3.0 will automatically be placed on academic probation. The student must achieve a GPA of 3.0 or better during the subsequent semester to remain a student in the MS InfoSec program. If a student does not meet the requirement to come off probation, he or she may petition the Program Director in writing to resume studies after a one-semester hiatus. The Program Director, in consultation with the appropriate Graduate Council or Educational Policies Committee, will make the final decision on whether to allow the student to resume studies. If the right to resume studies in the MS InfoSec program is granted, the student will resume studies with probationary status.

Only grades attained in Lewis University graduate courses will be used to determine the GPA. A grade of D will not count toward degree requirements. A 3.0 cumulative GPA is required for graduation.


Students must complete at least 35 graduate credits in the program beyond the two foundation courses to complete the MS InfoSec degree. Students must choose one of two tracks of specialization: the Management Concentration or the Technical Concentration. Each student is required to complete eighteen credit hours of core coursework, nine credit hours of track-specific coursework, three credit hours of elective coursework which may or not be in their chosen track, two credit hours of seminar coursework, and a three-credit-hour capstone course. The total number of credits to fulfill the requirements ranges from 35 to 41 credit hours, depending on whether the student was required to take two three-hour foundation courses because of insufficient academic background in computer science or management information systems.

I. Foundation Courses (6)
    68-500 Computer Organization (3)
    68-501 Principles of Programming (3)

II. Core Courses (18)
    68-505 Introduction to Information Security (3)

OR the following three courses:

68-506               Overview of Information Security (1)

68-507               Security Algorithms (1)

68-508               Security Infrastructure (1)

    68-510 Data Network: Hardware, Protocols, and Architecture (3)
    68-515 Operating Systems and Distributed Systems (3)
    68-520 Intrusion Detection, Response and Recovery (3)
    68-525 Encryption and Authentication Systems (3)
    68-530 Legal and Ethical Issues in Information Security (3)

III. Electives (12)

Four courses from the following two concentrations, with at least three courses from your chosen specialization:

Management Concentration (College of Business)
    68-523 Computer Forensics (3)
    68-550 Operational and Organizational Security (3)
    68-551 Information Security Strategies and Risk Management (3)
    68-555 Security Assurance Principles (3)
    68-557 Project Management and Information Security (3)
    68-563 Database Management and Security (3)

Technical Concentration (College of Arts and Sciences) (3)
    68-523 Computer Forensics (3)
    68-560 Securing Windows (3)
    68-561 Securing Linux (3)
    68-563 Database Management and Security (3)
    68-565 Secure Coding (3)

IV. Seminar Courses (2)

Two credit hours of seminar coursework. Seminars are designed to present specific topics that are more appropriate for short workshop-style courses than for full-length courses. The Program Director determines which seminar courses fulfill this requirement. At the time of this writing, the approved seminar courses include 68-596, 68-597, and 68-598.

IV. Capstone Experience (3)
    68-595 Information Security Project (3)


The capstone experience may involve a project in which the student applies what he or she has learned during the program, or an original research effort in which the student explores a topic in information security to greater depth. A faculty member in the MS InfoSec program will mentor the student as he or she completes the work. The final outcome of the project is a publication-ready original paper with appropriate citations in any of the standard formats. The student is also required to personally present his or her work to faculty and students of the MS InfoSec program before credit will be awarded.


Credit for the capstone experience (68-595) will be deferred until the project has been completed to the satisfaction of both the student and the mentor. Until the project has been completed, a grade of I will appear on the student’s record for that course. For all other courses in which the student receives a grade of I, he or she has until the sixth week of the following semester to complete the requirements for the course. If the student fails to complete the requirements of the course before the six-week cutoff, the incomplete grade will be converted to a grade of “IF”, which is equivalent to a failing grade.