Academics

Learn how to design, implement and manage cybersecurity policies and risk-management methods for resilient, secure, and successful organizations. Graduates will have the knowledge and skills to:

  • Develop policy for managing risks to the data and infrastructure that business and society rely on.
  • Construct cybersecurity frameworks that support regulatory-reporting, insurance auditing, and other corporate or legal requirements.
  • Create methodologically-sound procedures for measuring the effectiveness of cybersecurity.
  • Design strategies that promote an organizational culture of cybersecurity.
  • Influence executive decision-making by effectively communicating organizational impacts of cybersecurity risks.
  • Justify cybersecurity efforts within the structure, function, and mission of any organization (private or public).
  • Integrate cybersecurity into enterprise risk management strategies and policy.

The online Master of Science in Cybersecurity Policy and Risk Management (CPRM) degree requires students complete 30-36 credits via a minimum of 10 courses. Read more about the courses below, and see some sample schedules for completing this degree in as little as 12 months!
 

Accelerated Master’s Program

Diligent students in any UNH undergraduate program on the Durham or Manchester campuses have the opportunity to earn a bachelor’s degree and master’s in CPRM in as little as five years by taking graduate-level courses during senior year.

 

Sample Schedules

Our program has five 8-week e-terms per academic calendar year. In the Capstone-Track (non-thesis), students who successfully complete two courses per e-term, as outlined below, earn their degrees in 12 months. In the Thesis-Track, students taking two courses per e-term earn their degrees in 18 months. Taking fewer courses per term will extend the completion timeframe.

Capstone-Track (30 credits)

  Fall Semester (12 credits) Spring Semester (12 credits) Summer Semester (6 credits)

Year 1

e-Term 1 (Aug - Oct)

  • CPRM 810 - Foundations of Cybersecurity
  • CPRM 820 - Policy Development and Communications

e-Term 2 (Oct - Dec)

  • CPRM 830 - Security Measures I
  • CPRM 840 - Cybersecurity Standards, Regulations, and Laws

e-Term 3 (Jan - Mar)

  • CPRM 850 - Security Measures II
  • CPRM 860 - Incident Response and Investigation

e-Term 4 (Mar - May)

  • CPRM 870 - Cybersecurity Risk Management
  • CPRM 880 - Cybersecurity Metrics and Evaluation

e-Term 5 (May - Jul)

  • CPRM 890 - Organizations, Change Management, and Leadership
  • CPRM 898 - Capstone
  Spring Semester (12 credits) Summer Semester (6 credits) Fall Semester (12 credits)

Year 1

e-Term 3 (Jan - Mar)

  • CPRM 810 - Foundations of Cybersecurity
  • CPRM 820 - Policy Development and Communications

e-Term 4 (Mar - May)

  • CPRM 830 - Security Measures I
  • CPRM 840 - Cybersecurity Standards, Regulations, and Laws

e-Term 5 (May - Jul)

  • CPRM 850 - Security Measures II
  • CPRM 860 - Incident Response and Investigation

 

    e-Term 1 (Aug - Oct)

    • CPRM 870 - Cybersecurity Risk Management
    • CPRM 880 - Cybersecurity Metrics and Evaluation

    e-Term 2 (Oct - Dec)

    • CPRM 890 - Organizations, Change Management, and Leadership
    • CPRM 898 - Capstone

      Thesis-Track (33-36 credits)

        Fall Semester (12 credits) Spring Semester (12 credits) Summer Semester (9 credits)

      Year 1

      e-Term 1 (Aug - Oct)

      • CPRM 810 - Foundations of Cybersecurity
      • CPRM 820 - Policy Development and Communications

      e-Term 2 (Oct - Dec)

      • CPRM 830 - Security Measures I
      • CPRM 840 - Cybersecurity Standards, Regulations, and Laws

      e-Term 3 (Jan - Mar)

      • CPRM 850 - Security Measures II
      • CPRM 860 - Incident Response and Investigation

      e-Term 4 (Mar - May)

      • CPRM 870 - Cybersecurity Risk Management
      • CPRM 879 - Research Methods

      e-Term 5 (May - Aug)

      • CPRM 890 - Organizations, Change Management, and Leadership
      • CPRM 899 - Thesis

      Year 2

      e-Term 1 & 2 (Aug - Dec)

      • CPRM 899 - Thesis

       

       

       
        Spring Semester (12 credits) Summer Semester (6 credits) Fall Semester (15 credits)

      Year 1

      e-Term 3 (Jan - Mar)

      • CPRM 810 - Foundations of Cybersecurity
      • CPRM 820 - Policy Development and Communications

      e-Term 4 (Mar - May)

      • CPRM 830 - Security Measures I
      • CPRM 840 - Cybersecurity Standards, Regulations, and Laws

      e-Term 5 (May - Jul)

      • CPRM 850 - Security Measures II
      • CPRM 860 - Incident Response and Investigation

      e-Term 1 (Aug - Oct)

      • CPRM 870 - Cybersecurity Risk Management
      • CPRM 880 - Cybersecurity Metrics and Evaluation

      e-Term 2 (Oct - Dec)

      • CPRM 890 - Organizations, Change Management, and Leadership
      • CPRM 899 - Thesis

      Year 2

      e-Term 3 (Jan - Mar)

      • CPRM 899 - Thesis

       

       

       

        Master of Cybersecurity Policy and Risk Management Courses

        Capstone-Track, non-thesis (30 Credits)

        3
        credits

        CPRM 810 - Foundations of Cybersecurity Policy

        This course introduces the role of cybersecurity policy within organizations and society. Students explore the components of information systems and control systems and review the history and development of cybersecurity. Together we examine societal and organizational impacts of cybersecurity policy in our interconnected world that is increasingly dependent on advanced technologies and systems for communications and control. Students gain an appreciation of policy as one tool for managing risk, and start to consider the managerial and communications challenges of cybersecurity policy-making.

        3
        credits

        CPRM 820 - Policy Development and Communications

        Discover the fundamental concepts and practices for developing and drafting organizational policy, including related documents to support implementation. Explore how to communicate policies to internal and external audiences (in both written and oral communications). Learn how to incorporate organizational priorities and mandates into managerial policies. Case studies are primarily based in security studies, but other professional fields are welcomed. 

        3
        credits

        CPRM 830 - Security Measures I

        This course introduces common technological and organizational measures for cybersecurity, with a focus on protection concepts. Students assess the organizational impacts of these security measures, and explore how best practices and standards can help manage such protection measures. Topics include identity management, authentication, and access control; data security (at rest and in transit); encryption; integrity mechanisms; data and system availability; and system maintenance and continuity of operations. Note that we do not focus on how to technically implement these security measures. 

        3
        credits

        CPRM 840 - Cybersecurity Standards, Regulations, and Laws

        This course surveys the laws, regulations, and standards for cybersecurity in the United States, including “soft law” and self-regulation. Students consider the challenges of matching rules-based solutions to the problems trying to be remedied, and the scope of potential effects resulting from the chosen solutions. Other topics include the pros and cons of regulatory solutions and market solutions; the different approach to data protection regulation in the European Union; and the particular cybersecurity concerns and regulatory authorities in U.S. industries and sectors (e.g., health and finance industries; defense industrial base and intelligence community contractors; consumer protection entities). Students become familiar with key standards bodies involved in cybersecurity, and explore organizational processes for remaining current with industry best practices. 

        3
        credits

        CPRM 850 - Security Measures II

        This course continues surveying common technological and organizational measures for cybersecurity, with a focus on detection and organizational relationships. Topics include auditing and log records; monitoring and testing for threat detection; vulnerability scans; and the security of external services (e.g., cloud providers) and supply chains. We do not focus on how to technically implement these measures. Students assess organizational impacts and explore how best practices and standards can help manage such measures. 

        3
        credits

        CPRM 860 - Incident Response and Investigation

        This course fosters incident response and investigative knowledge, from both the organizational and system perspective. Material includes laws, standards, codes of behavior and best practices for incident response, including the management of relationships (e.g., regulators, clients, vendors). Case studies are presented and discussed in light of organizational resource limitations, legal mandates, and jurisdictional boundaries. 

        3
        credits

        CPRM 870 - Cybersecurity Risk Management

        This course establishes foundations for addressing cybersecurity as a risk management concept and process, and as a component of overall risk management within an organization. Students will become familiar with theories of risk and methods of risk management, as well as frameworks / models for applying these theories and methods to cybersecurity. 

        3
        credits

        CPRM 880 - Cybersecurity Metrics and Evaluation

        This course provides an overview of analytical techniques for the documentation and evaluation of security metrics, and the incorporation of such assessments in organizational risk management. Students will become familiar with methods for cybersecurity evaluation and the translational impacts to function and mission success of an organization (business, public administration, homeland security, etc.); as well as processes for security measurements, comparisons, and reassessments for purposes of risk management. 

        3
        credits

        CPRM 890 - Organizations, Change Management, and Leadership

        This course examines both private and public institutions as systems whose effectiveness depends on how an organization adapts to opportunities, threats, and demands (external and internal). Students explore the design and leadership of ethical and socially responsible organizations. In course examples and exercises, students will apply this knowledge to their respective research interests (e.g., cybersecurity, analytics, criminal justice, public health, etc.). 

        3
        credits

        CPRM 898 - Capstone

        In this course, students synthesize, apply, and evaluate their knowledge to address real-world or work-related challenges in cybersecurity. The capstone provides the opportunity to integrate all disciplines and competencies that have been learned in this degree program, plus the student’s past experiences, areas of specialization, and professional goals, into a single work-based project, internship experience, or other appropriate activity. In cooperation with an advisor, each student designs, researches, and implements a project that is comprehensive in nature and that addresses, to the extent feasible, all core areas of knowledge around which the program has been built. In consultation with an advisor, each student develops a project plan; establishes goals and objectives; collects and analyzes information; and prepares and delivers a final product agreed upon by the student and advisor. 

         

        Thesis-Track, (33-36 Credits)

        When following the thesis track, students take the same courses as the Capstone Track, except for two changes:

        • Depending on the topic and goals of the thesis, the student (in consultation with an advisor), may elect to take CPRM 879 Research Methods in addition to or instead of CPRM 880 Cybersecurity Metrics and Evaluation.
        • Instead of the final 3-credit Capstone (non-thesis) course, the student enrolls in a 6-credit CPRM 899 Capstone: Thesis course. The thesis is expected to run at least two e-terms, allowing for the time needed to complete and defend a graduate-level thesis that could support potential candidacy for future doctoral work.
        3
        credits

        CPRM 879 - Research Methods

        This course helps students understand and apply research methods and planning processes for accomplishing a graduate-level thesis. Students will survey a variety of research approaches and select those most applicable to each student’s research project. Within those approaches, students will explore planning and management skills as well as academic components (e.g., literature review, critical analyses) in preparation for applying these skills and knowledge in a Capstone: Thesis Option course. 

        3
        credits

        CPRM 880 - Cybersecurity Metrics and Evaluation

        This course provides an overview of analytical techniques for the documentation and evaluation of security metrics, and the incorporation of such assessments in organizational risk management. Students will become familiar with methods for cybersecurity evaluation and the translational impacts to function and mission success of an organization (business, public administration, homeland security, etc.); as well as processes for security measurements, comparisons, and reassessments for purposes of risk management.

        6
        credits

        CPRM 899 - Capstone: Thesis

        This course assists students in pursuing further graduate level work (i.e., a doctoral experience) through completion of a thesis. The thesis option is designed to integrate applied experiences with the cross-disciplinary knowledge constructed during this degree program. In cooperation with an advisor, each student researches and writes a publishable quality, graduate-level thesis meant to be the culminating academic experience of the course of study. Students synthesize and evaluate the knowledge acquired in the program with their respective life and professional experiences. In consultation with an advisor, each student develops a project plan; establishes goals and objectives; collects and analyzes information; and prepares and delivers a final product agreed upon by the student and advisor.