Introduction to Information Security Management

Location: Pittsburgh

Semester Offered: Fall, Spring, Summer

Cross listed Courses:

Course Number Department Units
95-752 Heinz College 12
14-741 Information Networking Institute 12
18-631 Software and Societal Systems Department 12
95-565 Heinz College 9

This course is intended to give students an introduction to a variety of information and cyber security topics.  As an introductory course, it will cover foundational technical concepts as well as managerial and policy topics.  The purpose of the course lectures, assignments, reading, in-class presentations, and examinations are to ensure students have sufficient technical awareness and managerial competence that will enable them to pursue advanced study in information security policy and management as they progress through their program.  There is no prerequisite for this course, however successful students will have fundamental knowledge of information and computer systems, and a general awareness of security issues in these systems.


Class format

Lecture and project-based

Home department


Target audience

Students in the Master of Information Systems Management program.

Background required


Learning objectives

  • Foundational concepts of cyber and information security and the key practices and processes for managing security effectively.
  • Basic network fundamentals – including (but not limited to) topologies, protocols, address conservation, and services, and the security issues that affect networks.
  • Basic cryptology and why it is fundamental to computer and information security.
  • Software program deficiencies and the vulnerabilities associated with them.
  • Access controls and authentication as they are used to secure systems and how they can be mitigated.
  • Security vulnerabilities that affect operating systems and how they can be mitigated.
  • The use of risk management to plan, implement, and administer security programs and processes.
  • The key elements of incident management; detection, remediation, and recovery.
  • How to translate security into a business driver that is critical to meeting the organization’s mission.
  • Legal, ethical, and regulatory issues that shape policy development and the ways in which organizations implement and administer security.
  • The organizational and societal costs of insecurity software.

Faculty and instructors who have taught this course in the past

Randall Trzeciak, Hanan Hibshi, Limin Jia