Master of Science in Information Security - MIS

Short description

Information technology permeates all aspects of society and has become critical to industry, government, and individual well-being. Securing these vital services and structures and the availability of trustworthy information whenever and wherever it is required has become both an area of intensive research and also of burgeoning commercial activity. The study program is research based and focuses on most aspects in the area of information security. Course topics range from technical and practical (like System Security, Cryptology and Computational Forensics) to human and management aspects (for example Security Management Metrics and Security Risk Management). The study is setup such that all students will have a common broad basis within all important aspects of Information Security, while they specialize in the remainder of the studies. The study program has three different tracks such that students can specialize in a specific area within Information Security. The three tracks are Cyber and Information Security Technology , Information Security Management , and Digital Forensics . The first of these three tracks focuses on the technological aspects in general within Information Security, while the second focuses on the management aspects. The third track is a more specialized track to educate future digital forensic experts. 

Job possibilities
Students who have completed the MIS program qualify for positions in the following areas:

  • Secure systems engineering
  • Security modelling and analysis
  • Digital and computational forensic investigations
  • Implementation and management of risk
  • Information security management
  • Secure operations of computer systems
  • Development of secure communications
  • Research and development
  • Ph.D, e.g., in Information Security at NISlab

Duration

This is a two-year master program (120 ECTS credits). For the part time students, a 50% pensum over 4 years is recommended. The degree awarded upon completion is “Master of Science in Information Security”.

The program has three tracks: Cyber and Information Security Technology , Digital forensics , and Information Security Management . After the first semester, which is common to all the tracks (see the course structure below), the students have to choose which track they are going to pursue.

The program qualifies the students to proceed to Ph.D. studies.

Expected learning outcomes

Knowledge

  • The candidate possesses advanced knowledge in the field of information security in general and the following particular topics: computer and network security, security management, incident response, security of critical information infrastructure and legal aspects of information security. The candidate possesses special insight and expertise in information security technology, digital forensics or security management, depending on the chosen program track.
  • The candidate possesses thorough knowledge of academic theory and methods in the field of information security.
  • The candidate is capable of applying knowledge in new areas within the field of information security.
  • The candidate is familiar with current state-of-the-art in the field of information security.
  • The candidate possesses thorough knowledge of scientific methodology, needed to plan and carry out research and development projects in the field of information security.

Skills

  • The candidate is capable of analyzing existing theories, methods and interpretations of theories within the field of information security as well as solving theoretical and practical problems independently.
  • The candidate is capable of using independently relevant methods in research and development in the field of information security. These methods include literature study, logical reasoning and performing scientific experiments together with interpreting their results.
  • The candidate is capable of performing critical analysis of different information sources and applying the results of that analysis in academic reasoning and structuring and formulating scientific problems.
  • The candidate is capable of completing an independent research and development project of moderate size under supervision (example: the master thesis), adhering to the current code of ethics in scientific research.
  • The candidate is capable of carrying out a plan of a research project under supervision.

General competence  

  • The candidate is capable of analyzing academic, professional and research problems.
  • The candidate is capable of using knowledge and skills to carry out advanced tasks and projects.
  • The candidate is capable of imparting comprehensive independent work in the field of information security. The candidate also mastered the terminology in the field of information security.
  • The candidate is capable of communicating academic issues, analysis and conclusions both with experts in the field of information security and with the general audience.
  • The candidate is capable of contributing to innovation and innovation processes.

Internationalization

The students are allowed to travel abroad to do their master theses. The information security group has strong links to many of the leading international academic groups within the field, and the students are encouraged to contact their instructors in the course «Research project planning» to ask for relevant travel opportunities.

Target Group

There are three focus groups for this study program:

  • Undergraduate students entering the program as a continuation of their bachelor degree without any prior work experience.
  • Industry students (or students in the private/public sector in general) looking for a full-time or part-time master program, which is flexible and can be adapted to their employers' needs and their own individual needs.
  • International students: exchange students (arriving for a single semester only) and full-time students.

Students can follow the program both on-campus and off-campus (distance students) and can take the program both as full time (2 years) or part time (4 years).

Admission Criteria

To qualify for admission, an applicant must have a bachelor degree in computer science or another field relevant for information security (mathematics, electrical engineering, physics, etc.). The applicant must document that he/she has at least 10 ECTS credits in mathematics/statistics and at least 30 ECTS credits in computer science subjects (for example, computer programming, theory of algorithms, databases, computer networking, etc.) at the bachelor level. A grade point average (GPA) of at least C on the bachelor studies is required.

Graduate studies in information security require a somewhat different mathematical platform than the one included in most bachelor studies. To master the theoretical topics included in the master program we recommend that the students attend the consultancy sessions related to certain topics in the field of mathematics and computer science, organized occasionally during the course of the studies in the form of various seminars.

Course Structure

The MIS program will focus for the main part on Information Security related courses, with some courses building up necessary background knowledge. The majority of the courses will be 7.5 ECTS, hence there will be four courses per semester for the full-time students. The main properties of the program are:

  • The MIS program has three tracks: Information Security Management (M), Digital Forensics (DF), and Cyber and Information Security Technology (T). The first semester is a mixture of courses within these three tracks. The reason for this is to give all students (independent of the track they choose) the needed minimal background information from the other two tracks. Also it will give the students a better understanding of the content of each of the tracks such that they can make an informed decision on which track to choose.
  • The 2nd and 3rd semester are track specific, with some overlap between tracks. For example is the System Security course common between the T and DF track, but within this course there are, towards the end of the course, different foci, depending on the tracks that the students have selected.
  • A possibility for specialization is the course Research Program Planning in the 3rd semester and the Master Thesis project in the 4th semester.
  • The Master Thesis project needs to be related to the chosen track.

Study environment
The Master of Information Security program is one of the master programs offered by the Faculty of Computer Science and Media Technology (IMT) at NTNU in Gjøvik. The program is linked to the Norwegian Information Security Laboratory (NISlab). NISlab mainly consists of research intensive professors and associate professors who are internationally respected in their field. NISlab hosts the National Research School for Computer and Information Security (COINS) and is a partner of the Center for Cyber and Information Security (CCIS). NISlab works closely together with the Norwegian Centre for Information Security (NorSIS). Students are offered excellent conditions for studying, e.g., modern lecture halls, study rooms, and computer and focus labs. Students will meet a highly international and multi-cultural environment at the IMT Faculty.

Pedagogical methods
Students will experience a broad range of teaching and working methods to give them the best possible preparation for the job after their studies. These methods include:

  • Regular class teaching (including distance teaching)
  • Independent study
  • Exercise sessions (including practical lab exercises)
  • Individual and group project works
  • Essay/Article writing
  • Individual and group supervision

In addition to the classical study methods requiring presence by the students, the Master program in information security makes extensive use of flexible distance study methods. Every course contains the whole study material in digital form available online, via a special system available to the students once enrolled in the program. Audio recordings of the lectures are available online in most subjects contained in the program and the number of subjects that use video recording of the lectures is increasing very fast as technical possibilities make this form of presentations possible. Video streaming of the lectures is also used, whenever technical possibilities allow this. 

Off-campus students

Off-campus students are required to attend at least one mandatory seminar on campus during the startup of a semester. Off-campus students also need to take the written exams on campus. The exam schedule is made available during the beginning of the semester to allow off-campus students to plan their visits to Gjøvik. Some courses also require or highly recommend the students to do mandatory work on campus, or that the students participate in excursions or seminars, more information is to be found in each course descriptions. Course material will be made available in a Learning Management System. Students are advised to meet at the first class of each course to receive relevant information on practical issues related to that course. In case in-person meeting is not possible, then students should check the Learning Management System or contact the course responsible for this information.

Technical Prerequisites

We base our activities on the fact that each student has their own computer with access to a broadband Internet connection. Software that is needed is mostly freely available on the Internet. In some courses, commercial products such as MatLab, are required. Such software is provided via NTNU in Gjøvik.
As for the practical computer skills, it is expected that the students are capable of using any contemporary operating system (Microsoft Windows, GNU/Linux, MacOS, etc.) both with a graphical user interface and a command line interface.

Table of subjects

Master of Science in Information Security - Cyber and Information Security Technology full-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S)
IMT4113 Introduction to Cyber and Information Security Technology C 7,5      
IMT4114 Introduction Digital Forensics C 7,5      
IMT4115 Introduction to Information Security Management C 7,5      
IMT4110 Scientific Methodology and Communication C 7,5      
IMT4123 System Security C   7,5    
IMT4124 Cryptology C   7,5    
IMT4125 Network Security C   7,5    
IMT4126 Biometrics C   7,5    
IMT4203 Critical Infrastructure Security C     7,5  
IMT4204 Intrusion Detection in Physical and Virtual Networks C     7,5  
IMT4205 Research Project Planning C     7,5  
Elective, 7.5 ECTS E     7,5  
IMT4904 Master's Thesis C       30
Sum: 30 30 30 30
*) C - Compulsory course, E - Elective course

Master of Science in Information Security - Information Security Management full-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S)
IMT4110 Scientific Methodology and Communication C 7,5      
IMT4113 Introduction to Cyber and Information Security Technology C 7,5      
IMT4114 Introduction Digital Forensics C 7,5      
IMT4115 Introduction to Information Security Management C 7,5      
IMT4127 Security Management Metrics C   7,5    
IMT4128 Socio-technical Systems Enabled Crime C   7,5    
IMT4129 Risk Management for Information Security C   7,5    
Elective, 7.5 ECTS E   7,5    
IMT4206 Theory and Practise of Legal, Privacy, and Organizational Requirements C     7,5  
IMT4207 Security Privacy and Risk Management Case Study C     7,5  
IMT4205 Research Project Planning C     7,5  
Elective, 7.5 ECTS E     7,5  
IMT4904 Master's Thesis C       30
Sum: 30 30 30 30
*) C - Compulsory course, E - Elective course

Master of Science in Information Security - Digital Forensics full-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S)
IMT4110 Scientific Methodology and Communication C 7,5      
IMT4115 Introduction to Information Security Management C 7,5      
IMT4114 Introduction Digital Forensics C 7,5      
IMT4113 Introduction to Cyber and Information Security Technology C 7,5      
IMT4130 Cybercrime Investigation C   7,5    
IMT4133 Data Science for Security and Forensics C   7,5    
IMT4123 System Security C   7,5    
IMT4125 Network Security C   7,5    
IMT4204 Intrusion Detection in Physical and Virtual Networks C     7,5  
IMT4210 Computational Forensics C     7,5  
IMT4205 Research Project Planning C     7,5  
Elective, 7.5 ECTS E     7,5  
IMT4904 Master's Thesis C       30
Sum: 30 30 30 30
*) C - Compulsory course, E - Elective course

Master of Science in Information Security - Cyber and Information Security Technology part-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S) S5(A) S6(S) S7(A) S8(S)
IMT4113 Introduction to Cyber and Information Security Technology C 7,5              
IMT4115 Introduction to Information Security Management C 7,5              
IMT4124 Cryptology C   7,5            
IMT4123 System Security C   7,5            
IMT4114 Introduction Digital Forensics C     7,5          
IMT4110 Scientific Methodology and Communication C     7,5          
IMT4125 Network Security C       7,5        
IMT4126 Biometrics C       7,5        
IMT4203 Critical Infrastructure Security C         7,5      
IMT4204 Intrusion Detection in Physical and Virtual Networks C         7,5      
IMT4205 Research Project Planning C         7,5      
Elective, 7.5 ECTS E           7,5    
IMT4904 Master's Thesis C             15 15
Sum: 15 15 15 15 22,5 7,5 15 15
*) C - Compulsory course, E - Elective course

Master of Science in Information Security - Information Security Management part-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S) S5(A) S6(S) S7(A) S8(S)
IMT4113 Introduction to Cyber and Information Security Technology C 7,5              
IMT4115 Introduction to Information Security Management C 7,5              
IMT4127 Security Management Metrics C   7,5            
IMT4129 Risk Management for Information Security C   7,5            
IMT4114 Introduction Digital Forensics C     7,5          
IMT4110 Scientific Methodology and Communication C     7,5          
IMT4128 Socio-technical Systems Enabled Crime C       7,5        
Elective, 7.5 ECTS E       7,5        
IMT4207 Security Privacy and Risk Management Case Study C         7,5      
IMT4206 Theory and Practise of Legal, Privacy, and Organizational Requirements C         7,5      
IMT4205 Research Project Planning C         7,5      
Elective, 7.5 ECTS E           7,5    
IMT4904 Master's Thesis C             15 15
Sum: 15 15 15 15 22,5 7,5 15 15
*) C - Compulsory course, E - Elective course

Master of Science in Information Security - Digital Forensics part-time track

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S) S3(A) S4(S) S5(A) S6(S) S7(A) S8(S)
IMT4113 Introduction to Cyber and Information Security Technology C 7,5              
IMT4114 Introduction Digital Forensics C 7,5              
IMT4130 Cybercrime Investigation C   7,5            
IMT4123 System Security C   7,5            
IMT4115 Introduction to Information Security Management C     7,5          
IMT4110 Scientific Methodology and Communication C     7,5          
IMT4133 Data Science for Security and Forensics C       7,5        
IMT4125 Network Security C       7,5        
IMT4210 Computational Forensics C         7,5      
IMT4204 Intrusion Detection in Physical and Virtual Networks C         7,5      
IMT4205 Research Project Planning C         7,5      
Elective, 7.5 ECTS E           7,5    
IMT4904 Master's Thesis C             15 15
Sum: 15 15 15 15 22,5 7,5 15 15
*) C - Compulsory course, E - Elective course

Electives

Coursecode Course name C/E *) ECTS each. semester
  S1(A) S2(S)
IMT4894 Advanced Project Work E 7,5 7,5
IMT4116 Reverse Engineering and Malware Analysis E   7,5
Sum: 0 0
*) C - Compulsory course, E - Elective course