Cybersecurity Analytics and Operations

The Master of Science in Cybersecurity Analytics and Operations program is designed to create a deep understanding of cybersecurity analytics and operations, by blending education relating to technology, incident response, strategic planning, and crisis management.  The program also aims to prepare the next generation of cybersecurity analysts to better protect digital information from attack through cyberdefense strategies, including incident response, strategic planning, and crisis management.  With a foundation in mathematics and computer programming, students will be prepared to recognize, analyze, defend against, and manage risks related to a wide range of threats to online information, data stores, and networks. The program will be delivered in a resident format that takes one to two years.  The total credits of the program is 30.  A one-year program starts in a Fall semester, and concludes at the end of the following Summer.

The Master of Professional Studies in Cybersecurity Analytics and Operations (MPSCY) is an innovative program that targets professionals and organizational leaders who seek a professional education and training program. The purpose of the professional master's program is to produce professionals and organizational leaders who not only can select and draw upon the necessary foundations within the cybersecurity analytics and operations technology areas, test the applicability of these foundations for addressing a given issue, and apply the resulting solutions, but also can be aware of the multitude of technological trends and environmental factors that organizations must address in the changing global economy.  The M.P.S. equips students to: understand and analyze the profound information and technological changes sweeping the world; meet challenges by developing innovative solutions using the foundations of cybersecurity analytics and operations; and have a clear advantage in today’s highly competitive and dynamic environment by continuously learning new trends, issues, and innovations.

Admission Requirements

Applicants apply for admission to the program via the Graduate School application for admission. Requirements listed here are in addition to Graduate Council policies listed under GCAC-300 Admissions Policies.

Master of Professional Studies (M.P.S.)

Applicants to the M.P.S. program are required to submit three letters of reference, and a one-three page personal statement of relevant experience and goals.

Because the M.P.S. program is multidisciplinary in nature, students from many different disciplines may be accepted for entry into the program. A bachelor's degree in a related area (e.g., engineering and science), while not necessary for admission, is helpful in the successful completion of the degree. It is expected that students will have a basic level of competency in statistics, as well as computer and information technology. Related work experience can be used to demonstrate such competency. A student may be accepted into the program with provisional status for no more than one year while work is completed to meet these expectations.

It is expected that the successful applicant will have an overall grade point average of 3.00 (on a 4.00 scale) or higher for his or her undergraduate study and/or graduate-level study.  However, accomplishments demonstrated through work experience and recommendation letters from the applicant’s academic adviser or employer will also play an important role in making the admission decision. The most qualified applicants will be accepted into the program until all spaces for new students are filled.

Master of Science (M.S.)

Applicants to the M.S. program are required to submit three letters of reference, a current resume (including present position and any publications), 1 to 3 page statement of goals related to pursuing an advanced degree and career in IST and provide a sample of the applicant's writing (e.g. technical paper, etc.).

Because cybersecurity analytics and operations career opportunities exist in many disciplines, students with a wide range of disciplinary backgrounds may be accepted into the program. A bachelor's degree in a related area (e.g., engineering and science), while not necessary for admission, is helpful in the successful completion of the degree. However, it is expected that students will have a basic level of competency in mathematics and programming. 

Entrance Requirement regarding Programming: Applicants must complete two introductory-level programming courses where both courses used the same language. If an applicant believes his/her work experience satisfies the background, he/she should include a recommendation letter from a technical colleague describing the applicant’s coding contributions at work. In addition, students who meet all other academic requirements, but need to improve identified gaps in specific programming skills areas, will have access to educational bridge materials to help improve certain knowledge domains

It is expected that the successful applicant will have an overall grade point average of 3.50 (on a 4.00 scale) or higher for his or her undergraduate study and/or graduate-level study. However, accomplishments demonstrated through work experience and recommendation letters from the applicant’s academic adviser or employer will also play an important role in the admission decision as well. The most qualified applicants will be accepted into the program until all spaces for new students are filled.

Degree Requirements

Master of Professional Studies (M.P.S.)

Requirements listed here are in addition to Graduate Council policies listed under GCAC-700 Professional Degree Policies.

The M.P.S. program requires a minimum of 33 credits at the 400, 500, or 800 level, 24 of which must be earned at Penn State. A maximum of 9 transfer credits of high-quality graduate work may be applied toward the requirements for the degree, subject to restrictions outlined in GCAC-309 Transfer Credit. At least 18 credits must be courses at the 500 or 800 level, with at least 6 credits at the 500 level.

The 33 credits are distributed among the following requirements. A student first takes 18 credits of core courses. The student then takes 12 credits of electives. Lastly, the student must complete a culminating experience.

Elective Courses

The elective courses for the M.P.S. will be selected from a list maintained by the program office.

Culminating Experience

The student may choose one of two culminating experiences for the degree: either the capstone project guided by the student’s adviser and completed while enrolled in IST 594, or the capstone course IST 894.

Course List

Code	Title	Credits
Required Courses
IST 543	Foundations of Software Security	3
IST 554	Network Management and Security	3
IST 815	Foundations of Information Security and Assurance	3
IST 820	Cybersecurity Analytics	3
IST 825	Technologies for Web and E-Commerce Application Security	3
IST 830	Cybersecurity Project Management	3
Electives
Select 12 credits of electives from a list of approved electives available from the program office.		12
Culminating Experience
Choose one of the following:		3
IST 594	Research Topics (Capstone Project)
IST 894	Capstone Experience (Capstone Course)
Total Credits		33

Master of Science (M.S.)

Requirements listed here are in addition to Graduate Council policies listed under GCAC-600 Research Degree Policies.

The M.S. in Cybersecurity Analytics and Operations requires a minimum of 30 credits at the 400, 500, 600, or 800 level, with at least 18 credits in the 500 or 600 series combined; 27 of the 30 credits must be earned at Penn State (refer to GCAC-309 Transfer Credit). Students will be able to complete the proposed Master’s program in one calendar year (including summer) or two academic years. All of the courses listed below are three credit hour courses, unless otherwise noted. Students pursuing the one-year format must adhere to the following conditions:

• A research adviser must be assigned to students in their first semester, as selection and discussion of the student’s research topic must begin as soon as possible.
• Students who need more time to complete the final paper must be allowed to complete the paper, and have it reviewed and approved after the third semester (Summer) has ended. Students are not required to remain in residence while they complete the final paper. However, extensions granted to students in this program must comply with the Graduate Council policy on deferred grades.

These 30 credits are distributed among the following requirements:

Course List

Code	Title	Credits
Required Courses
IST 543	Foundations of Software Security	3
IST 554	Network Management and Security	3
IST 815	Foundations of Information Security and Assurance	3
IST 820	Cybersecurity Analytics	3
IST 825	Technologies for Web and E-Commerce Application Security	3
Electives
Select 9-12 elective credits from a list available from the program office.		9-12
Culminating Experience
Choose one of the following:
IST 584	Cyber Simulation Event and Analysis	3
IST 594	Research Topics (Scholarly Paper)	3-6
IST 600	Thesis Research	6
Total Credits		30

Thesis, Scholarly paper, or Capstone course (3-6 credits)

Students may choose a thesis, scholarly paper or capstone course option. Students who choose the thesis option must register for 6 credits of IST 600 or IST 610, write a satisfactory thesis accepted by the master’s committee, the head of the graduate program, and the Graduate School, and pass a thesis defense. The thesis should focus on a well-defined problem relevant to the information sciences. Students who choose the thesis option must also complete IST 505. Student who choose the scholarly paper option must register for 3 credits of IST 594 and complete the scholarly paper. The scholarly paper will be a focused piece of technical work that applies the student’s expertise and knowledge base, and that is documented and presented as a scholarly paper report. Students who choose the capstone course option must register for IST 584 to complete the capstone course requirement. Students who choose the scholarly paper option or capstone course option must complete at least 18 credits at the 500 level.

Integrated Undergrad-Grad Programs

Integrated B.S. in Cybersecurity Analytics and operations and M.S. in Cybersecurity Analytics and Operations

Undergraduate Degree

• Abington
• Altoona
• Beaver
• Berks
• Brandywine
• Greater Allegheny
• Harrisburg
• Lehigh Valley
• Schuylkill
• Shenango
• University Park
• World Campus
• York

Graduate Degree

• University Park

Admission Requirements

Applicants apply for admission to the program via the Graduate School application for admission. Requirements listed here are in addition to Graduate Council policies listed under GCAC-300 Admissions Policies.

The first two to three years of undergraduate course work follow the same undergraduate curriculum that other students follow in the Cybersecurity Analytics and Operations major. Cybersecurity Analytics and Operations undergraduates may apply for admission to the IUG program no earlier than February 15th of their second undergraduate year and no later than February 15 of their third undergraduate year after completing a minimum of 60 credits, if they meet the following admission requirements:

1. Must be enrolled in a College of IST undergraduate degree program.
2. Must have completed entrance to their undergraduate major and must have completed 60 credits of an IST undergraduate degree program. Transfer students must have completed at least 15 credits at Penn State to enroll in an IUG.
3. Must apply to the IUG program by February 15 of their third undergraduate year.
4. Must apply to and be accepted without reservation into the Graduate School and M.S. program in Cybersecurity Analytics and Operations. Students must complete the Graduate School application. Admission requirements for the M.S. in Cybersecurity Analytics and Operations are listed on the Admissions Requirements tab.
5. Must have an overall GPA of 3.5 (on a 4.0 scale) in undergraduate course work and a minimum GPA of 3.5 in all course work completed for the major.
6. Must present an approved plan of study. The plan should cover the entire time period of the integrated program, and it should be reviewed periodically with an adviser.
7. Must present two letters of recommendation from faculty members.
8. Must meet with both the Director of Undergraduate Academic Affairs and the Graduate Program Coordinator to declare interest and receive information about the IUG program.

Degree Requirements

Students must fulfill all degree requirements for each degree to be awarded that degree, subject to the double-counting of credits as outlined below. Degree requirements for the Bachelor of Science in Cybersecurity Analytics and Operations are listed in the Undergraduate Bulletin. Students must sequence their courses, so all undergraduate degree requirements are fulfilled before taking courses to count solely towards the graduate degree. Students are expected to complete the undergraduate degree requirements within the typical time to degree for the undergraduate major. In the semester in which the undergraduate degree requirements will be completed, IUG students must apply to graduate, and the undergraduate degree should be conferred at the next appropriate Commencement. If students accepted into the IUG program are unable to complete the M.S. degree, they are still eligible to receive their undergraduate degree if all the undergraduate degree requirements have been satisfied.

Up to 12 credits may be double-counted towards the degree requirements for both the graduate and undergraduate degrees; a minimum of 50% of the double-counted credits must be at the 500 or 800 level. Independent study courses and credits associated with the culminating experience for the graduate degree cannot be double-counted. Students
may choose 12 credits to double-count for both the undergraduate and graduate degrees from the following:

Course List

Code	Title	Credits
Courses Eligible to Double Count for Both Degrees
IST 432	Legal and Regulatory Environment of Information Science and Technology	3
IST 451	Network Security	3
IST 454	Computer and Cyber Forensics	3
IST 456	Information Security Management	3
IST 504	Foundations of Theories and Methods of Information Sciences and Technology Research	3
IST 554	Network Management and Security	3
IST 815	Foundations of Information Security and Assurance	3
IST 820	Cybersecurity Analytics	3

Integrated B.S. in Cybersecurity Analytics and operations and M.P.S. in Cybersecurity Analytics and Operations

Undergraduate Degree

• Abington
• Altoona
• Beaver
• Berks
• Brandywine
• Greater Allegheny
• Harrisburg
• Lehigh Valley
• Schuylkill
• Shenango
• University Park
• World Campus
• York

Graduate Degree

• World Campus

Admission Requirements

Applicants apply for admission to the program via the Graduate School application for admission. Requirements listed here are in addition to Graduate Council policies listed under GCAC-300 Admissions Policies.

 The first two to three years of undergraduate course work follow the same undergraduate curriculum that other students follow in the Cybersecurity Analytics and Operations major. Cybersecurity Analytics and Operations undergraduates may apply for admission to the IUG program as early as the end of their second undergraduate year after completing a minimum of 60 credits, if they meet the following admission requirements:

1. Must be enrolled in a College of IST undergraduate degree program.
2. Must have completed entrance to their undergraduate major and must have completed 60 credits of an IST undergraduate degree program. Transfer students must have completed at least 15 credits at Penn State to enroll in an IUG.
3. Must apply to and be accepted without reservation into the Graduate School and M.P.S. program in Cybersecurity Analytics and Operations. Students must complete the Graduate School application. Admission requirements for the M.P.S. in Cybersecurity Analytics and Operations are listed on the Admissions Requirements tab.
4. Must have an overall GPA of 3.5 (on a 4.0 scale) in undergraduate course work and a minimum GPA of 3.5 in all course work completed for the major.
5. Must present an approved plan of study. The plan should cover the entire time period of the integrated program, and it should be reviewed periodically with an adviser.
6. Must present two letters of recommendation from faculty members.
7. Must meet with both the Director of Undergraduate Academic Affairs and the Graduate Program Coordinator to declare interest and receive information about the IUG program.

Degree Requirements

Students must fulfill all degree requirements for each degree to be awarded that degree, subject to the double-counting of credits as outlined below. Degree requirements for the Bachelor of Science in Cybersecurity Analytics and Operations are listed in the Undergraduate Bulletin (http://bulletins.psu.edu/undergraduate/). Students must sequence their courses, so all undergraduate degree requirements are fulfilled before taking courses to count solely towards the graduate degree. Students are expected to complete the undergraduate degree requirements within the typical time to degree for the undergraduate major. In the semester in which the undergraduate degree requirements will be completed, IUG students must apply to graduate, and the undergraduate degree should be conferred at the next appropriate Commencement. If students accepted into the IUG program are unable to complete the M.S. degree, they are still eligible to receive their undergraduate degree if all the undergraduate degree requirements have been satisfied.

Up to 12 credits may be double-counted towards the degree requirements for both the graduate and undergraduate degrees; a minimum of 50% of the double-counted credits must be at the 500 or 800 level. Independent study courses and credits associated with the culminating experience for the graduate degree cannot be double-counted. Students may choose12 credits to double-count for both the undergraduate and graduate degrees from the following:

Course List

Code	Title	Credits
Courses Eligible to Double Count for Both Degrees
IST 432	Legal and Regulatory Environment of Information Science and Technology	3
IST 451	Network Security	3
IST 454	Computer and Cyber Forensics	3
IST 456	Information Security Management	3
IST 554	Network Management and Security	3
IST 815	Foundations of Information Security and Assurance	3
IST 820	Cybersecurity Analytics	3

Integrated B.S. in Enterprise Technology Integration and M.S. in Cybersecurity Analytics and Operations 

Undergraduate Degree

• Harrisburg
• University Park
• World Campus

Graduate Degree

• University Park

The graduate portion of this IUG is currently offered as face-to-face residential instruction. While the undergraduate curriculum for this IUG may be completed at multiple campuses, the ease and feasibility of completing the integrated program may be heavily dependent upon the location of the graduate instruction. Please discuss the feasibility of completing the IUG with a representative for the graduate program before beginning the application process.

Admission Requirements

Applicants apply for admission to the program via the Graduate School application for admission. Requirements listed here are in addition to Graduate Council policies listed under GCAC-300 Admissions Policies.

 The first two to three years of undergraduate course work follow the same undergraduate curriculum that other students follow in the Enterprise Technology Integration major. Enterprise Technology Integration undergraduates may apply for admission to the IUG program no earlier than February 15th of their second undergraduate year and no later than February 15 of their third undergraduate year after completing a minimum of 60 credits, if they meet the following admission requirements:

1. Must be enrolled in a College of IST undergraduate degree program.
2. Must have completed entrance to their undergraduate major and must have completed 60 credits of an IST undergraduate degree program. Transfer students must have completed at least 15 credits at Penn State to enroll in an IUG.
3. Must apply to the IUG program by February 15 of their third undergraduate year.
4. Must apply to and be accepted without reservation into the Graduate School and M.S. program in Cybersecurity Analytics and Operations. Students must complete the Graduate School application. Admission requirements for the M.S. in Cybersecurity Analytics and Operations are listed on the Admissions Requirements tab.
5. Must have an overall GPA of 3.5 (on a 4.0 scale) in undergraduate course work and a minimum GPA of 3.5 in all course work completed for the major.
6. Must present an approved plan of study. The plan should cover the entire time period of the integrated program, and it should be reviewed periodically with an adviser.
7. Must present two letters of recommendation from faculty members.
8. Must meet with both the Director of Undergraduate Academic Affairs and the Graduate Program Coordinator to declare interest and receive information about the IUG program.

Students must fulfill all degree requirements for each degree to be awarded that degree, subject to the double-counting of credits as outlined below. Degree requirements for the Bachelor of Science in Enterprise Technology Integration are listed in the Undergraduate Bulletin. Students must sequence their courses, so all undergraduate degree requirements are fulfilled before taking courses to count solely towards the graduate degree. Students are expected to complete the undergraduate degree requirements within the typical time to degree for the undergraduate major. In the semester in which the undergraduate degree requirements will be completed, IUG students must apply to graduate, and the undergraduate degree should be conferred at the next appropriate Commencement. If students accepted into the IUG program are unable to complete the M.S. degree, they are still eligible to receive their undergraduate degree if all the undergraduate degree requirements have been satisfied.

Up to 12 credits may be double-counted towards the degree requirements for both the graduate and undergraduate degrees; a minimum of 50% of the double-counted credits must be at the 500 or 800 level. Independent study courses and credits associated with the culminating experience for the graduate degree cannot be double-counted. Students
may choose 12 credits to double-count for both the undergraduate and graduate degrees from the following:

Course List

Code	Title	Credits
Courses Eligible to Double Count for Both Degrees
ETI 435	Enterprise Analytics	3
ETI 461	Database Management and Administration	3
ETI 463	Distributed Database Management Systems	3
IST 402	Emerging Issues and Technologies	3
IST 423	Enterprise Information Management and Storage Architecture	3
IST 440W	Information Sciences and Technology Integration and Problem Solving	3
IST 504	Foundations of Theories and Methods of Information Sciences and Technology Research	3
IST 505	Foundations of Research Design in Information Sciences and Technology	3
IST 543	Foundations of Software Security	3
IST 815	Foundations of Information Security and Assurance	3

Integrated B.S. in Human-Centered Design and Development and M.S. in Cybersecurity Analytics and Operations 

Undergraduate Degree

• Harrisburg
• University Park

Graduate Degree

• University Park

The graduate portion of this IUG is currently offered as face-to-face residential instruction. While the undergraduate curriculum for this IUG may be completed at multiple campuses, the ease and feasibility of completing the integrated program may be heavily dependent upon the location of the graduate instruction. Please discuss the feasibility of completing the IUG with a representative for the graduate program before beginning the application process.

Admission Requirements

Applicants apply for admission to the program via the Graduate School application for admission. Requirements listed here are in addition to Graduate Council policies listed under GCAC-300 Admissions Policies.

 The first two to three years of undergraduate course work follow the same undergraduate curriculum that other students follow in the Enterprise Technology Integration major. Enterprise Technology Integration undergraduates may apply for admission to the IUG program no earlier than February 15th of their second undergraduate year and no later than February 15 of their third undergraduate year after completing a minimum of 60 credits, if they meet the following admission requirements:

1. Must be enrolled in a College of IST undergraduate degree program.
2. Must have completed entrance to their undergraduate major and must have completed 60 credits of an IST undergraduate degree program. Transfer students must have completed at least 15 credits at Penn State to enroll in an IUG.
3. Must apply to the IUG program by February 15 of their third undergraduate year.
4. Must apply to and be accepted without reservation into the Graduate School and M.S. program in Cybersecurity Analytics and Operations. Students must complete the Graduate School application. Admission requirements for the M.S. in Cybersecurity Analytics and Operations are listed on the Admissions Requirements tab.
5. Must have an overall GPA of 3.5 (on a 4.0 scale) in undergraduate course work and a minimum GPA of 3.5 in all course work completed for the major.
6. Must present an approved plan of study. The plan should cover the entire time period of the integrated program, and it should be reviewed periodically with an adviser.
7. Must present two letters of recommendation from faculty members.
8. Must meet with both the Director of Undergraduate Academic Affairs and the Graduate Program Coordinator to declare interest and receive information about the IUG program.

Students must fulfill all degree requirements for each degree to be awarded that degree, subject to the double-counting of credits as outlined below. Degree requirements for the Bachelor of Science in Human-Centered Design and Development are listed in the Undergraduate Bulletin. Students must sequence their courses, so all undergraduate degree requirements are fulfilled before taking courses to count solely towards the graduate degree. Students are expected to complete the undergraduate degree requirements within the typical time to degree for the undergraduate major. In the semester in which the undergraduate degree requirements will be completed, IUG students must apply to graduate, and the undergraduate degree should be conferred at the next appropriate Commencement. If students accepted into the IUG program are unable to complete the M.S. degree, they are still eligible to receive their undergraduate degree if all the undergraduate degree requirements have been satisfied.

Up to 12 credits may be double-counted towards the degree requirements for both the graduate and undergraduate degrees; a minimum of 50% of the double-counted credits must be at the 500 or 800 level. Independent study courses and credits associated with the culminating experience for the graduate degree cannot be double-counted. Students
may choose 12 credits to double-count for both the undergraduate and graduate degrees from the following:

Course List

Code	Title	Credits
Courses Eligible to Double Count for Both Degrees
IST 402	Emerging Issues and Technologies	3
IST 411	Distributed-Object Computing	3
IST 412	The Engineering of Complex Software Systems	3
IST 504	Foundations of Theories and Methods of Information Sciences and Technology Research	3
IST 543	Foundations of Software Security	3
IST 815	Foundations of Information Security and Assurance	3
IST 820	Cybersecurity Analytics	3

Minor

A graduate minor is available in any approved graduate major or dual-title program. The default requirements for a graduate minor are stated in Graduate Council policies listed under GCAC-600 Research Degree Policies and GCAC-700 Professional Degree Policies, depending on the type of degree the student is pursuing:

• GCAC-611 Minor - Research Doctorate
• GCAC-641 Minor - Research Master's
• GCAC-709 Minor - Professional Doctorate
• GCAC-741 Minor - Professional Master's

Student Aid

Refer to the Tuition & Funding section of The Graduate School's website. Students in this program are not eligible for graduate assistantships.

World Campus students in graduate degree programs may be eligible for financial aid. Refer to the Tuition and Financial Aid section of the World Campus website for more information.

Courses

Graduate courses carry numbers from 500 to 699 and 800 to 899. Advanced undergraduate courses numbered between 400 and 499 may be used to meet some graduate degree requirements when taken by graduate students. Courses below the 400 level may not. A graduate student may register for or audit these courses in order to make up deficiencies or to fill in gaps in previous education but not to meet requirements for an advanced degree.

Information Sciences and Technology (IST) Course List

Learning Outcomes

Master of Professional Studies (M.P.S.)

1. KNOW: Recognize, understand, identify and assess potential threats, vulnerabilities, and consequences in a context from local to global environments.
2. APPLY/CREATE: Integrate the use of disciplinary methods, techniques, and knowledge to solve practical, real-world problems.
3. COMMUNICATE: Present scientific evidence and best practice to inform and improve practical, real-world decisions.
4. THINK: Search, evaluate, and synthesize literature to integrate cyber security principles into disciplines and professional fields.
5. PROFESSIONAL PRACTICE: Make use of ethical standards and principles of integrity as a foundation in decision-making.

Master of Science (M.S.)

1. KNOW: Demonstrate appropriate breadth and depth of interdisciplinary knowledge and comprehension of the major issues in cybersecurity analytics and operations.
2. APPLY/CREATE: Use interdisciplinary knowledge and methods of cybersecurity analytics and operations to plan and conduct a research thesis or scholarly paper.
3. COMMUNICATE: Communicate the major issues of cybersecurity analytics and operations effectively.
4. THINK: Demonstrate analytical and critical thinking within cybersecurity analytics and operations, including across discipline.
5. PROFESSIONAL PRACTICE: Know and conduct themselves in accordance with the highest ethical standards, values, and, where these are defined, the best practices of cybersecurity analytics and operations (as expressed in SARI training modules).

Contact