脚本的替代内容 纯文本版本跳到主要内容


Rosemont's Master of Science in 全球网络安全 is built as a series of three stackable professional certificates that result ultimately in completion of a Master’s 学位.


This certificate focuses on the foundations of information security, the geopolitical 威胁景观,信息安全的心理学和社会学. 它提供了 an overview of how organizations implement security or how security impacts an organization. 类包括:

Foundations of Information Security provides the framework and language to understand 什么被认为是信息安全问题. 这包括理解 essential properties of information security -- confidentiality, integrity, and availability -- as well as ways to implement controls that ensure the application of those properties. 的re are several control frameworks in use around the world that provide easy starting 确保保护措施到位的地方. 本课程将帮助学生评估 这些控制框架在其环境中的适用性. (3学分)

的 threat landscape in the world today is poorly understood, often being diluted to easy and pithy words and phrases that do not adequately explain what is happening 也不知道袭击者是谁. 本课程是关于清楚地识别威胁行为者和 their motivations, including the geopolitical and economic reasons for their actions. Misunderstanding the adversary can lead to missing the best approaches to circumventing attacks, as well as opportunities to think more broadly about how to address security-related issues globally rather than using only local controls at each individual business. (3学分)

信息安全与人有关. 人是第一线、最后一线和最好的一线 国防. 攻击者经常利用这种理解,花费大量的 time thinking about how to best manipulate people into performing actions against 他们的最大利益. 很多时候,安全从业者认为他们可以需要人 以特定的、严格限制的方式行事. 他们错过了人类将继续存在的事实 作为人类,所以最好与他们合作而不是与他们作对. 理解 not only the attacker mindset but also the diverse mindsets of people within the organization 能否帮助确定要实施的最佳控制. (3学分)

Appropriate security must start with business needs, since the business defines what 他们可以在这方面投入必要的资源. 这要从政策开始 继续通过标准和流程. 这些都不能孤立地发展, however, nor can they remain stagnant since attacker techniques are continuing to 进化以对抗控制. 这就是为什么威胁情报和有效 与员工和外部利益相关者的沟通都是必不可少的. (3学分)


This certificate is  is more technical in nature, centered on identifying vulnerabilities 制定安全策略.  课程作业包括:

确定防御策略的一个常见方法是采取进攻. 的 theory is, if a friendly entity identifies vulnerabilities, they can be remediated 在攻击者识别它们之前. 然而,其中一些做法只是结果 对组织有一种虚假的安全感. 学生们会远离这个 course with an understanding of what types of offensive security practices would be 对他们的组织最有利. (3学分)

Offensive security can be helpful to identify vulnerabilities that need to be addressed, 但你不可能包罗万象. 组织需要保持警惕 the necessary visibility to notice when attackers are attempting to compromise systems. This requires appropriate architectures that enable extensive logging and the ability 使用这些日志并对其进行操作. 同样,这需要威胁情报部门知道 what is happening in the world with respect to threat groups and their activities, as well as an understanding of business requirements to identify attempts to compromise 关键信息资产. (3学分)

Logging and alerting are important to get visibility into activities within the business systems but as soon as an alert happens, the organization needs to be able to respond. Often, there is a focus on the purely technical investigation when people look at 事件响应. 这完全忽略了在构建时所需要的规划 the 事件响应 plan and framework, since there are a variety of legal, management, 监管和沟通方面的考虑. 这些都不是需要考虑的问题 that should be considered in the middle of a crisis when an attacker is in the environment, 因为这是一个奢侈的时间,没有任何组织在那个时候拥有. (3学分)


This certificate focuses on creating holistic security practitioners, able to assess the security landscape, develop strategies to prevent intrusion, and analyze breaches with an eye toward resolving and deepening protection and detection capabilities. 类包括:

Learning to program is an essential practice, since it forces a structured, logical way of thinking, while also encouraging a level of creativity in problem solving. Languages like C have been used to teach programming for decades, but C has been enabling 自20世纪60年代末以来非常糟糕的编程实践. 像Rust这样的新语言鼓励这样做 better programming practices, focusing on solid exception handling, in addition to 良好的内存管理技术. 本课程是Rust编程入门, without the expectation of anyone coming out an expert in programming but having had an understanding of the approach to problem solving necessary for programming tasks. (3学分)

漏洞通常始于软件. 这并不完全正确,因为最大的 source of vulnerabilities is the human element, but to the extent possible, vulnerabilities 是否可以通过可靠的软件测试和验证来控制. 本课程将构建 on the programming skills from the Programming in Rust course, introducing testing practices and principles used against software, including native as well as web-based 应用程序. (3学分)

的 software industry is undergoing a major shift in the delivery of functionality 致最终用户. 许多传统的本机应用程序(在web上运行的应用程序) local system) are moving to a web-based delivery model, where a uniform interface 与应用程序无关——web浏览器. 这种转变带来了很多 more control back in the hands of the company developing the software and has the potential to enhance security, by reducing vulnerabilities and enabling better resilience 以一种更划算的方式. 本课程在软件的早期介绍安全性 development lifecycle, identifying ways to inject security practices in the requirements, 开发、测试和部署阶段. 了解如何保护信息 from the start of the development process all the way through deployment of software 会让获取信息资产变得更加困难吗. (3学分)