This is the preliminary (or launch) version of the 2026-2027 VCU Bulletin. Courses that expose students to cutting-edge content and transformative learning may be added and notification of additional program approvals may be received prior to finalization. General education program content is also subject to change. The final edition and full PDF version will include these updates and will be available in August prior to the beginning of the fall semester.
The Master of Science in Computer and Information Systems Security, jointly offered by the Department of Computer Science in the College of Engineering and the Department of Information Systems in the School of Business, is designed primarily for students interested in professional roles in business, industry or government. Program graduates will serve as leaders within the computer and information systems security community and as strategic partners within the enterprises in which they work. They will stay attuned to, and anticipate changes in, the computer and information systems security environment and ensure that security solutions create a sound, competitive, cost-effective advantage for the enterprise.
Graduates of the program will be prepared to take leading roles in planning, organizing, managing, designing and configuring security solutions in public and private organizations and will be familiar with state-of-the-art security technologies and best practices. The program takes a broad interdisciplinary approach to computer and information systems security that will help students develop the ability to see the larger organization and social, political, ethical and economic aspects of information security, as well as offering a unique graduate-level curriculum that is both technically and managerially oriented.
Program mission
The Master of Science in Computer and Information Systems Security provides for the scholarly and professional needs of several groups who have either accepted or are keen to take on the challenge of protecting information resources of firms and society at large.
Program goal
Graduates of this program are expected to take on leadership positions, including as chief security officer, in computer and information systems security in organizations. VCU’s program takes a broad interdisciplinary approach to computer and information systems security that will help develop the student’s ability to see the larger organizational, social, political, ethical and economic aspects of information security.
Student learning outcomes
Graduates of the program will be:
- Prepared to take leading roles in planning, organizing, managing, designing and configuring security solutions in public and private organizations
- Familiar with state-of-the-art security technologies and best practices
VCU Graduate Bulletin, VCU Graduate School and general academic policies and regulations for all graduate students in all graduate programs
The VCU Graduate Bulletin website documents the official admission and academic rules and regulations that govern graduate education for all graduate programs at the university. These policies are established by the graduate faculty of the university through their elected representatives to the University Graduate Council.
It is the responsibility of all graduate students, both on- and off-campus, to be familiar with the VCU Graduate Bulletin as well as the Graduate School website and academic regulations in individual school and department publications and on program websites. However, in all cases, the official policies and procedures of the University Graduate Council, as published on the VCU Graduate Bulletin and Graduate School websites, take precedence over individual program policies and guidelines.
Visit the academic regulations section for additional information on academic regulations for graduate students.
Degree candidacy requirements
A graduate student admitted to a program or concentration requiring a final research project, work of art, thesis or dissertation, must qualify for continuing master’s or doctoral status according to the degree candidacy requirements of the student’s graduate program. Admission to degree candidacy, if applicable, is a formal statement by the graduate student’s faculty regarding the student’s academic achievements and the student’s readiness to proceed to the final research phase of the degree program.
Graduate students and program directors should refer to the following degree candidacy policy as published in the VCU Graduate Bulletin for complete information and instructions.
Visit the academic regulations section for additional information on degree candidacy requirements.
Graduation requirements
As graduate students approach the end of their academic programs and the final semester of matriculation, they must make formal application to graduate. No degrees will be conferred until the application to graduate has been finalized.
Graduate students and program directors should refer to the following graduation requirements as published in the Graduate Bulletin for a complete list of instructions and a graduation checklist.
Visit the academic regulations section for additional information on graduation requirements.
Admission requirements
| Degree: | Semester(s) of entry: | Deadline dates: | Test requirements: |
|---|---|---|---|
| M.S. | Fall | Jul 1 | TOEFL for international students |
| Spring | Nov 1 |
Applicants must meet all general admission requirements of the VCU Graduate School.
Degree requirements
In addition to general VCU Graduate School graduation requirements, the M.S. in Computer and Information Systems Security requires 30 graduate credit hours, including a core curricular component and an elective component. The elective component consists of three courses chosen by the student and selected from CISS course offerings or, with the approval of the program co-directors, from courses offered by the departments of Computer Science, Information Systems, Criminal Justice and Forensic Science.
Curriculum requirements
Students with an accredited bachelor’s degree or post-baccalaureate certificate in fields such as computer science or information systems should be adequately prepared for the graduate curriculum. Students from other academic backgrounds may need to complete undergraduate prerequisite courses. Prerequisites are determined by the faculty adviser at the time of admission.
Prerequisite courses
| Course | Title | Hours |
|---|---|---|
| MATH 211 | Mathematical Structures | 3 |
| or CMSC 302 | Introduction to Discrete Structures | |
| CMSC 255 | Object-oriented Programming | 4 |
| or INFO 350 | Intermediate Programming | |
| CMSC 355 | Fundamentals of Software Engineering | 3 |
| or INFO 361 | Systems Analysis and Design | |
| CMSC 405 | Operating Systems | 3 |
| or INFO 370 | Network Architecture | |
| CMSC 408 | Databases | 3 |
| or INFO 364 | Database Systems | |
Curriculum
| Course | Title | Hours |
|---|---|---|
| Core component | ||
| CMSC 525 | Introduction to Software Analysis, Testing and Verification | 3 |
| CMSC 602 | Operating Systems | 3 |
| CMSC 620 | Applied Cryptography | 3 |
| CMSC 622 | Network and System Security | 3 |
| INFO 535 | Ethical, Social and Legal Issues in Computer and Information Systems Security | 3 |
| Elective component | ||
| Choose five of the following courses. Students must select a minimum of one CMSC and one INFO course | 15 | |
| Advanced Social Network Analysis and Security | ||
| Game Theory and Security | ||
| Cryptocurrency and Blockchain Techniques | ||
| Database and Application Security | ||
| Cloud Computing | ||
| Software Quality Assurance | ||
| Advanced Software Analysis, Testing and Verification | ||
| Mobile Networks: Applications, Modeling and Analysis | ||
| Memory and Malware Forensics | ||
| Introduction to Digital Forensics | ||
| Survey of Cyber Security | ||
| Data Communications | ||
| Principles of Computer and Information Systems Security | ||
| Securing Cloud Infrastructure | ||
| Security Policy Formulation and Implementation | ||
| Securing the Internet of Things | ||
| Total Hours | 30 | |
The minimum number of graduate credit hours required for this degree is 30.
Contact
Elizabeth Baker, Ph.D.
Professor, Department of Information Systems
bakerew@vcu.edu
(804) 828-7118
Additional contact
Milos Manic, Ph.D.
Professor
misko@vcu.edu
(804) 827-3999