Cybersecurity Policy & Risk Management (M.S.)

Cybersecurity Policy & Risk Management (M.S.)

Woman presenting about cyber

The online M.S. in Cybersecurity Policy and Risk Management (CPRM) cultivates strategic thinking, policy development, and risk-management skills for a more secure future. The program features expert faculty who help blend strategy and policy with preparedness, incident response, recovery, and resilience.

Credit Hours: 30   |    Program Length: 12 months  |   Tuition Cost

What is cybersecurity policy and risk management?

The University of New Hampshire’s fully online Master of Science in Cybersecurity Policy and Risk Management (CPRM) blends strategy and policy with preparedness, incident response, continuity and resilience — the heart of the security studies discipline. In as few as 12 months, you will graduate prepared to assess cybersecurity risk and to design, implement and oversee the necessary cybersecurity policies and processes for resilient, secure and successful organizations.

Why study cybersecurity policy and risk management at UNH?

The demand for master’s-level cybersecurity and risk management professionals is on the rise in the U.S. and globally. Guided by full-time faculty, practicing experts and senior executives, the CPRM degree fosters the strategic thinking, policy development and risk management skills that will set you apart in the high-demand cybersecurity field. Our highly interdisciplinary program is designed for students and working professionals with a variety of backgrounds — business, healthcare, IT, finance, homeland security, law and more — so you do not need an undergraduate degree in a technical field to be successful.

Potential careers

Technical background:

  • Cyber Risk Analyst
  • Cybersecurity Strategist
  • Product Security Strategist
  • Security Architect
  • Chief Information Security Officer

Non-Technical background:

  • Business Cyber Risk Associate
  • Security Risk and Compliance Associate
  • Cyber Policy and Strategy Planner
  • Cyber Resilience Coordinator
  • Director of Cybersecurity Business Alignment

Request Information

We use text messages to communicate important event and application information (msg and data rates may apply).



Assess Threats. Implement Policy. Secure Organizations.

Online Master of Science in Cybersecurity Policy and Risk Management blends strategy and policy with preparedness, incident response, continuity, and resilience. Learn from expert faculty and in as few as 12 months, you will graduate prepared to assess cybersecurity risk and to design, implement and oversee the necessary cybersecurity policies and processes for resilient, secure, and successful organizations.

National Security Agency Seal


National Center of Academic Excellence in Cyber Defense Education

UNH is the first institution in New Hampshire to be designated a National Center of Excellence in Cyber Defense Education by the U.S. National Security Agency and the Department of Homeland Security.

Learn more

DHS Seal


Student Spotlights & Program News

Student at desk in cybersecurity program

National Cyber Security Awareness Month

National Cyber Security Awareness Month

USNH to host virtual and in-person events...

Brett White '21G, graduate of the UNH Master of Science in cybersecurity policy and risk management

Cybersecurity Spotlight: Brett White '21G

Cybersecurity Spotlight: Brett White '21G

On a work trip to the U.S., Australia native Brett White ‘21G met up with a buddy—a UNH...

James Glennon '12, '20G, recent graduate of the cybersecurity policy and risk management program

Cybersecurity Spotlight: James Glennon '12, '20G

Cybersecurity Spotlight: James Glennon '12, '20G

James Glennon ’12, ‘20G became interested in cybersecurity as an undergraduate at UNH, where two...


Curriculum & Requirements

This program is offered online.

The M.S. in Cybersecurity Policy and Risk Management (CPRM) program cultivates strategic thinking, policy development, and risk-management skills for students interested in careers in business or government. The program features full-time faculty and industry experts who help blend strategy and policy with preparedness, incident response, recovery, and resilience – the heart of our security studies discipline.

Students may come from business, public administration, healthcare, finance, homeland defense and security, retail, law, insurance, and a myriad of technical and engineering disciplines. Prior experience or undergraduate degrees in technical fields are not required.

This is an online only program, taught over five 8-week e-terms per academic calendar year. In the Capstone-Track (non-thesis), students must take a minimum of 30 credits pursuant to the CPRM requirements. In the Thesis-Track, students take 33 - 36 credits to graduate, depending on the specific nature of the thesis project.

The M.S. CPRM program has two options: Capstone project (non-thesis) option, and Thesis option.1

For the Capstone project (non-thesis) option, students must complete 30 credits (10 courses), consisting of the eight core courses, plus the methodology course CPRM 880 Cybersecurity Metrics and Evaluation, and the concluding experience of CPRM 898 Capstone: Non-Thesis Option.

For the Thesis option, students complete 33 or 36 credits, starting with the eight core courses. Then, depending on the goals and requirements of the thesis topic, the student (in consultation with an advisor and approved by the program coordinator) takes one or both methodology courses CPRM #879 Research Methods2 and CPRM 880 Cybersecurity Metrics and Evaluation. The Thesis option concludes with the 6-credit CPRM 899 Capstone: Thesis Option. The thesis is expected to run at least two e-terms, allowing for the time needed to complete and defend a graduate-level thesis that could support potential candidacy for future doctoral work.

Core Courses (All Required)
CPRM 810Foundations of Cybersecurity Policy3
CPRM 820Policy Development and Communication3
CPRM 830Security Measures I3
CPRM 840Cybersecurity Standards, Regulations, and Laws3
CPRM 850Security Measures II3
CPRM 860Incident Response and Investigation3
CPRM 870Cybersecurity Risk Management3
CPRM 890Organizations, Change Management, and Leadership3
Methodology Courses (select at least one)
CPRM 880Cybersecurity Metrics and Evaluation3
CPRM #879Research Methods 23
Concluding Experience
CPRM 898Capstone: Non-Thesis Option 33
or CPRM 899 Capstone: Thesis Option

Note that in particular circumstances, the program coordinator may approve CPRM 895 to substitute for a required course in this program. This is by approval of the program coordinator only, and is intended for those rare circumstances that may be necessary due to work or family situations. CPRM 895 may be used no more than twice (up to 6 credits).


Depending on availability and approval by the Education program and the CPRM program coordinator, the online section of EDUC 882 Introduction to Research Methods may substitute for (is an equivalent for) CPRM Research Methods.


The capstone (non-thesis) project is custom-designed by each student (in cooperation with an advisor) and requires that students synthesize, apply, and evaluate their knowledge to address real-world or work-related challenges in cybersecurity. The project also requires research into the chosen challenge / problem.

  • Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity Describe & explain the conceptual framework of cybersecurity and its role in risk management; and discuss the history and various approaches to cybersecurity.
  • Analyze the conceptual framework of cybersecurity, and identify & integrate the standards and other resources for the professional development, implementation, and management of cybersecurity policies and methods.
  • Reflect on the organizational structures, information, and skillsets required for ongoing evaluation & revision of cybersecurity in a variety of real-world organizations.
  • Communicate professionally and effectively with upper management, regulators, partners, colleagues, clients, and other end-users regarding cybersecurity planning and incident management.
  • Explain & justify the needs for cybersecurity policy development, implementation, and management (within or across businesses, agencies, other organizations, industries, sectors, and nations).
  • Strategize & customize cybersecurity risk management policies and processes for private or public organizations, with balanced consideration of organizational goals, regulatory mandates, industry best practices, and professional ethics.


Applicants must hold a baccalaureate degree from an accredited college or university, but a specific major is not required. For example, students may come from business, public administration, healthcare, finance, homeland defense and security, retail, law, insurance, and a myriad of technical and engineering disciplines.

Current UNH undergraduates may apply for accelerated admission before completion of the baccalaureate degree. Read more information about this below.

The admissions committee uses a portfolio approach: applications are reviewed and decisions are made based on past academic performance, letters of recommendation, professional experience, civic engagement, and other qualities expressed via your personal statement.


Applications must be completed by the following deadlines in order to be reviewed for admission:

  • Fall: July 1
  • Spring: December 1
  • Summer: N/A

For current UNH undergraduates seeking accelerated admission (see below), you must apply and be admitted to the program during the admissions cycle before the senior-year semester during which you want to enroll in courses for graduate credit.

Application fee: $65

Campus: Online

New England Regional: No

Accelerated Masters: Yes (for more details see the accelerated masters information page)


If you attended UNH or Granite State College (GSC) after September 1, 1991, and have indicated so on your online application, we will retrieve your transcript internally; this includes UNH-Durham, UNH-Manchester, UNH Non-Degree work and GSC. 

If you did not attend UNH, or attended prior to September 1, 1991, then you must upload a copy (PDF) of your transcript in the application form. International transcripts must be translated into English.

If admitted, you must then request an official transcript be sent directly to our office from the Registrar's Office of each college/university attended. We accept transcripts both electronically and in hard copy:

  • Electronic Transcripts: Please have your institution send the transcript directly to Please note that we can only accept copies sent directly from the institution.
  • Paper Transcripts: Please send hard copies of transcripts to: UNH Graduate School, Thompson Hall- 105 Main Street, Durham, NH 03824. You may request transcripts be sent to us directly from the institution or you may send them yourself as long as they remain sealed in the original university envelope.

Transcripts from all previous post-secondary institutions must be submitted and applicants must disclose any previous academic or disciplinary sanctions that resulted in their temporary or permanent separation from a previous post-secondary institution. If it is found that previous academic or disciplinary separations were not disclosed, applicants may face denial and admitted students may face dismissal from their academic program.

Letters of Recommendation: 2 Required

Two letters of recommendation are required. Recommendations should support your application with professional and academic confirmation of your suitability for this particular program. Recommendations submitted by relatives or friends, as well as letters older than one year, will not be accepted.

Personal Statement

This is your opportunity to personalize the application and help us better understand who you are and how well this programs suits your background, current situation, and future goals. Your well-crafted statements should range from 700 to 1,800 words. Applicants must provide a personal statement responsive to all four of these prompts:

  1. Describe some examples of professional, personal, or academic experiences that helped develop your interest in cybersecurity policy and risk management.
  2. Explain your career objectives. Discuss your expectations as to how this program could impact these objectives.
  3. Identify and explain any important aspects of your professional or academic background that may not be reflected in your resume or undergraduate degree transcripts. (For example, if your past college grades do not reflect your current learning abilities, please explain. Also, if there is any additional information which you feel should be considered by the Admissions Committee, please explain.)
  4. Please indicate your prior experience and levels of comfort and competence in online learning, and also describe the support (from work, family, or others) and plans you have to fit this time requirement in your life. Generally, online learners must be self-motivated, comfortable interacting through technologies, and confident in expressing their ideas in writing and orally. Time management is also important, since each 3 credit graduate course requires about 9 hours of study time a week.

Statements must be included with your submitted application.


A current resume is required with your submitted application.

New Hampshire Residents

Students claiming in-state residency must also submit a Proof of Residence Form. This form is not required to complete your application, but you will need to submit it after you are offered admission or you will not be able to register for classes.

International Applicants

Prospective international students are required to submit TOEFL, IELTS, or equivalent examination scores. English Language Exams may be waived if English is your first language. If you wish to request a waiver, then please visit our Test Scores webpage for more information.

We welcome international applicants, but please note that this is an online program. Any program that is conducted primarily online is not eligible for a student visa for study, but students may enroll at a distance or study under a different eligible visa type. 


If you have questions about the application or admissions process, please contact the UNH Online Student Success Coaches at: or +1 (855) 250-6699

Accelerated Masters

Isaah Gray | Cybersecurity Policy and Risk Management

One thing that I truly value when it comes to this program is the flexibility it allows towards my ability to work full-time while simultaneously earning an advanced degree. My UNH education has prepared me for the next steps in my career by constructing the confidence needed to support any organization’s cybersecurity initiatives. Throughout the CPRM program, I developed an understanding and root causes of complex, cybersecurity-related issues, while also gaining exposure to industry tools and solutions needed to mitigate those issues. In five years, I see myself as a leader within the cybersecurity risk management field. I hope to one day support an organization’s decision-making process at a high level by strategically aligning necessary business objectives with cybersecurity risk.

Isaah Gray Headshot


Explore Program Details

Tuition & Fees:

The University of New Hampshire’s online graduate tuition and fees information is available on the UNH Business Services Website. Program costs and technology fees are subject to change.

Course Fees: Specific courses may have additional course fees. Visit the course schedule for more information. 


Financial Aid:

Federal Unsubsidized Direct Loans are a form of federal financial aid available to Graduate Students. To apply, you must complete the Free Application for Federal Student Aid (FAFSA).


The CPRM degree prepares you to develop strategy and policy for managing risks to the data and infrastructure that businesses and society rely on, building a skillset that can help you advance or change your career trajectory in a variety of fields. In this program, you will learn the skills:

  • To develop policy and plans for managing risks to the data and infrastructure that business and society rely on.
  • To construct cybersecurity frameworks that support regulatory reporting, insurance auditing and other corporate or legal requirements.
  • To create methodologically sound procedures for measuring the effectiveness of cybersecurity.
  • To design strategies that promote an organizational culture of cybersecurity.
  • To influence executive decision-making by effectively communicating organizational impacts of cybersecurity risks.
  • To justify cybersecurity efforts within the structure, function and mission of any organization (private or public). 
  • To integrate cybersecurity into enterprise risk-management strategies and policy.

Our CPRM courses are offered asynchronously and 100% online, giving you the flexibility to complete the degree at your own pace. You also have the choice between a capstone or a thesis track:

  • The capstone is a work-based project, internship experience or other appropriate activity that integrates the skills and knowledge you developed during the degree program, along with your past experiences, areas of specialization and professional goals. In consultation with an advisor, each student develops a project plan and prepares and delivers a final project agreed upon by the student and advisor.
  • The thesis requires you to research, write, and defend a publishable-quality, graduate-level paper. This track is designed for students who are interested in pursuing further studies (i.e., a doctoral experience).

The capstone track consists of 10 interdisciplinary courses (30 credit hours). The thesis track requires a minimum of 33 credit hours.

Our program has five 8-week terms per academic calendar year. In the Capstone-Track (non-thesis), students who successfully complete two courses per term, as outlined below, earn their degrees in 12 months. In the Thesis-Track, students taking two courses per term earn their degrees in 18 months. Taking fewer courses per term will extend the completion timeframe.

Capstone-Track Sample Schedule

Thesis-Track Sample Schedule