Information assurance refers to the protection of data, online or otherwise, from those who wish to procure it for themselves. In a world of growing cybercrime and cyberwarfare, where data is an incredibly valuable commodity, cybersecurity and information assurance professionals remain in high demand. A master's degree in information security leads to an exciting and lucrative career on the forefront of technology.
While many cybersecurity positions only require a bachelor's degree, a master's degree helps you stand out in an increasingly popular field. If you already work in the field, a master's can help you transition to leadership positions. If you work in an adjacent field, the degree helps you strengthen your skillset or move into cybersecurity. This guide provides an idea of what such a degree entails and helps you decide where to pursue the degree.
Should I Get a Master's in Information Assurance?
Only you know if getting a master's degree in information security is the right choice for you. If you're interested in the field, review the examples below. If you already work in the field, consider what you will gain by earning the degree. Master's degrees allow students to hone their skills beyond a bachelor's degree, often with a specialization that makes them a subject expert. While this can come with work experience, a master's degree speeds up the process. Many programs require a capstone, such as a practicum, thesis, or other large project. These projects allow students to illustrate their skills to potential employers.
Enrolling in a master's program offers many benefits, including networking with established professionals, peers, and potential employers. Some programs also help with job placement, either through services or connections made. Many master's programs are offered online, allowing you to schedule your courses and studies around your existing schedule. Online programs also provide an opportunity for accelerated or intensive courses, which take less time than normal college classes. This allows you to finish your degree sooner and proceed with your career.
What Can I Do With a Master's in Information Assurance?
A master's degree in information security prepares you for a variety of careers, whether you are entering the field or looking to shift your career. This section contains five examples of such careers, along with relevant data about income and employment. Browse these examples and remember that job titles vary by organization. Many professionals work in multiple positions with differing demands over the course of their career.
- Information Security Analyst
These professionals carry out plans for the security of networks and computers, often working for specific organizations. As cybercrime increases, this position continues to grow rapidly. Though not generally required, a master's degree sets you above the competition, especially for mid-level positions.
Median Annual Salary: $95,510*
- Computer and Information Research Scientist
These professionals research, invent, and design new technology or new uses for existing technology. Generally requiring a master's degree in the private sector, professionals enjoy a personalized career, with most individuals specializing in one or more areas, such as information assurance or computer forensics.
Median Annual Salary: $114,520*
- Computer and Information Systems Manager
These professionals handle the planning and implementation of an organization's various computer or network-related projects. They consider the organization's IT needs and goals to determine the best technology and tools.
Median Annual Salary: $139,220*
- Computer Network Architect
Combining several skill sets, these professionals design and implement network solutions for organizations. With the increase in cybercrime in recent years, these professionals need a keen understanding of information assurance in order to design secure networks, especially for smaller companies which cannot afford separate security professionals.
Median Annual Salary: $104,650*
Source: Bureau of Labor Statistics
How to Choose a Master's Program in Information Assurance
You may find it challenging deciding where to get a master's degree in information security. If you're already working or have a family and can't attend school on campus or full time, research how you can schedule online programs around your existing commitments. Some online programs offer accelerated or intensive courses, allowing you to complete your classes faster and proceed with your career.
Cost remains a big factor for many students. Online programs generally cost less than on-campus programs. If you want the brick-and-mortar experience, research schools in your area. Most schools charger lower tuition to students who reside in the same state, and some offer a similar rate to students from neighboring states.
Find a program that aligns with your interests or strengths. Read up on the professors, past graduates, and current students. If you desire to specialize in a certain area, find a program that offers that concentration or allows you to design your own. You might find programs that don't require a thesis or other big final project tempting, but a big, original project shows future employers your capabilities. This is especially useful if you aren't already working in the field.
Programmatic Accreditation for Master's Programs in Information Assurance
Accreditation remains an important part of the academic process. Degrees earned from unaccredited schools are often not recognized by employers. Institutions can earn accreditation through regional and national boards.
Many professional organizations offer programmatic accreditation, meaning that a particular program has been verified to meet certain standards. This isn't required, either for a degree or for a good education, but it indicates a worthwhile program. In the case of information assurance, students should look for accreditation from the Accreditation Board of Engineering and Technology.
Master's in Information Assurance Program Admissions
After deciding where you would like to attend, the next step is applying to a master's degree in information security. Brainstorm a list of several schools you would like to attend, just in case you don't get accepted to some of them. Most students apply to three to five schools, as it allows options but keeps the work to a minimum. Once you know where you want to apply, take your time and prepare your materials. Request recommendation letters, transcripts, and test scores early. Just as each school is unique, your applications should also be unique. Don't use form letters or mix up the requirements, and make sure that you not only explain why you're a good choice, but why you chose that particular school.
- Bachelor's Degree: You need a bachelor's degree to enter a master's program, but not all schools require a specific degree to do so. Requirements are clearly stated.
- Professional Experience: Online programs are more likely to require specific job experience, but having worked in the field makes you a better candidate even it is not required.
- Minimum GPA: Students must usually maintain a 3.0 or 3.5 GPA, with some schools differentiating between overall and major GPAs. Some offer options for students with a lower GPA.
- Application: Most applications are completely online as one of the first tasks students must complete. An application includes basic student information, such as address and birthdate.
- Transcripts: These show your previous classes and grades, and can be sent directly from your past institutions for a small fee.
- Recommendation Letters: Get these done early, and give the people writing them plenty of time to do so, especially if you are asking professors who already have a lot on their plate.
- Test Scores: You will likely need to submit GRE scores, which can be done directly from the testing site. Programs list score requirements, but not all require them.
- Application Fee: These are almost never waived or refunded, and serve to prove that you're serious about applying and to cover the cost of handling the application.
What Else Can I Expect From a Master's Program in Information Assurance?
Every program is unique, which you'll discover as you look for the one that is best for you. The following section introduces common themes, such as concentrations or course descriptions, to provide an idea of what you can expect from the degree.
|Cybersecurity||Students in this concentration focus on actively performing cybersecurity, whether through monitoring networks, testing systems, or developing responses. Courses cover computer forensics, malware analysis, and the basics of cyber law.||Computer and information research scientist, information security analyst|
|Policy Management||Students in this concentration take a broader view of information assurance, learning how to develop plans and systems to deal with threats network wide. Courses cover auditing systems, planning and implementation of security systems, and cybersecurity legal issues.||Computer and information systems manager, computer network architect|
|Digital Forensics||This concentration focuses on investigating breaches and other threats after they have happened in order to determine who caused them or how they did it. This information helps professionals develop better security or response systems. Sometimes it serves as courtroom evidence.||Computer and information research scientist, information security analyst|
|Healthcare Security||Healthcare presents its own unique needs both for data storage and protection, and this concentration focuses on the kinds of threats faced by healthcare data systems as well as ways to protect them. The growing and aging population has resulted in an ever-expanding healthcare industry, making this a growing concentration.||Computer and information systems manager, computer network architect, computer and information research scientist, information security analyst|
|Network Defense||Students in this concentration hone their skills at protecting networks, both in designing secure systems and in responding to breaches and other threats. Advanced systems such as cloud computing fall into this category, and as interconnected networks and data storage continue to develop, they remain appealing targets to hackers.||Computer and information systems manager, computer network architect, computer and information research scientist, information security analyst|
Courses in a Master's in Information Assurance Program
The courses required for a master's in information security vary by program, but certain subjects remain essential at every school. Even within a given program, topics and other course aspects vary from one term to the next. Below, is a list of courses you may take in an information assurance program.
- Risk Management
In these courses, students discuss risk levels different organizations face, and how this risk impacts not only the organization's operation, but how it protects its data. These courses include scenarios where students assess risks to fictional organizations.
- Cyber Law
In these courses, students discuss laws, ordinances, and regulations related to cybersecurity or cyberwarfare and compliance with those laws. This may include topics such as the Patriot Act or freedom of information, as well as compliance with public and private requests for information.
Information assurance and security measures sometimes fail, after which those systems have to be further improved upon to prevent similar breaches. In courses like this, students discuss how to go about gathering the data needed to prevent future breaches and even apprehend those responsible for the crime.
- Ethical Hacking
In order to prevent breaches in the first place, many professionals turn to the concept of ethical hacking. By using the techniques of hackers, these professionals test systems for existing or potential weaknesses. Students learn the basics of how to do this.
- Security Standards:
These courses cover the standards and best practices of information assurance, creating a baseline knowledge of what is required to protect data. Students often discuss current events such as recent malware examples or significant breaches and how they change the landscape of information assurance.
How Long Does It Take to Get a Master's in Information Assurance?
Most students complete a master's degree in two to three years, and most of these degrees take 36-54 credits to complete. While students can't typically negotiate the number of credits, they can explore ways to shorten the time they spend on their degree.
Accelerated or intensive programs allow you to pack more courses into a shorter time frame, as can taking extra credits each term. These options come at the cost of more work and more stress at one time. Students benefit by thinking ahead to possible thesis topics. Making sure that you never have to wait for a class you want means not wasting time, and getting ahead of the game on research reduces the chances of a thesis taking longer than expected.
How Much is a Master's in Information Assurance?
Tuition, which varies by school, remains the biggest factor in determining the cost of your master's degree in information security. Residing in the state of the school you attend or taking courses online is generally cheaper than studying as an out-of-state student. Students can save money on tuition by researching schools with lower tuition rates, which isn't always easy. Luckily, lower tuition doesn't have to mean a less valuable education.
Keep in mind other expenses that sneak up on students. On-campus students often face hard-to-avoid fees. Books and other supplies add up fast, so buying used books, renting books, getting materials from the library, and selling your unneeded books can save you money.
Students must also factor in housing expenses. Living on the campus itself usually costs more than living elsewhere. Graduate students don't usually need to live on campus. Finding affordable housing if you have to move away for your program can be a hassle, but with proper research, you can find housing within your budget.
Certifications and Licenses a Master's in Information Assurance Prepares For
- Certified Ethical Hacker
This certificate verifies that the holder is familiar with the tools and tactics of the malicious hacker, but uses those tools to test systems for potential weaknesses, allowing architects and developers to improve security. This certification is a step toward making white hat hacking a recognizable, self-regulating profession.
- Certified Information Security Manager
A top credential intended for established professionals, the CISM verifies that the holder is qualified not only as an information assurance professional, but as a manager, able to handle the planning and execution of top-down, large-scale projects while guiding the people working on those projects.
CompTIA's Security+ is an early-career credential that verifies the holder's baseline abilities as an information assurance professional. Most employers require this kind of minimum certification from anyone interested in an entry-level position, and certainly for any higher position which requires experience.
- Certified Information Systems Security Professional
The CISSP credential is an advanced credential which verifies not only the holder's skills and knowledge, but their dedication to information assurance as a career. It is intended for those who wish to take an established career to the next level.
- GIAC Security Essential Certification
GIAC Security Essentials Certification is another early-career credential, though more expensive than Security+. It verifies that the holder is familiar with the fundamental tools, techniques, and knowledge required for a career in information assurance. The credential's high status helps you stand out against other applicants.
Resources for Graduate Information Assurance Students
This website contains numerous links to definitions, incident examples, and other useful resources for students of information assurance and related fields. Students pursuing CISCO certifications find it especially helpful.
This site offers a wealth of free professional development and continuing education courses for individuals in a variety of cybersecurity and related fields, with some geared toward specific certifications.
Learners can take this free training course in ethical or white hat hacking, namely to test the defenses of a given network in order to prevent breaches.
Since 2004, this podcast has offered weekly episodes on current events, conference reviews, and legal issues in information security.
Brian Krebs, a prolific and renowned journalist and writer on infosec issues, writes this personal blog.
Professional Organizations in Information Assurance
Students who earn an information security master's degree take a big step toward advancing their career, but it's not the only step they can take. Joining a professional organization, even before you enter the workforce, can help propel your career forward by providing networking and professional development opportunities, discounts on certifications, and degree funding. Browse the five organizations below for a small sample of the available options.
Focused on the best practices of information assurance in cloud storage and computing, the Cloud Security Alliance offers certifications and promote research into cloud security.
The Executive Women's Forum on Information Security, Risk Management and Privacy is the largest such organization in the world and dedicated to helping women in related fields build their careers.
The CSIA was formed in 2011 to help facilitate information sharing between industry and government in order to bolter information assurance and security.
The IASAP is a corporate membership nonprofit founded in 2012 to foster best practices in the field and help develop stronger professionals.
The IACR unites professionals from around the world to promote research and development in computer and communications systems security.