Ask The Expert Free DOD Security Clearance Handbook
 
Academic Programs
Faculty
INFOSEC Projects
Virtual Library
Schedule
Course Descriptions
 
  
  More information
Apply Now
About Us
Academics
Your Career Path
Community
Contact Us
Certification
Training Center
 
Academics
Home » Academics : Doctorate Curriculum Overview

Doctorate in Information Assurance (DIA)

CURRICULUM OVERVIEW

Doctorate in Information Assurance (DIA)
This degree program prepares students for senior policy, executive, teaching, or research positions in Information Assurance in government, industry, or academia.

Program Objectives:

  • To gain expertise in a specialized field of study based upon theory, concepts and skills relevant to Information Assurance practitioners.
  • To apply critical thinking and problem-solving skills in the exploration of a specialized field of study relevant to Information Assurance practitioners.
  • To develop primary field research competencies that can result in a contribution to knowledge in a specialized field of study relevant to Information Assurance practitioners.
  • To demonstrate expertise in a specialized topic relevant to Information Assurance practitioners.
Learning Outcomes
Upon completion of this degree program, graduates will be able to:
  • Establish the rationale and objectives for conducting primary research in a specialized area of Information Assurance.
  • Demonstrate knowledge and synthesis of the current body of literature with respect to a specialized area of Information Assurance.
  • Apply appropriate methodologies and analysis techniques in conducting primary field research in a specialized area of Information Assurance
  • Contribute to the body of knowledge through the documentation of research methods and findings in a specialized area of Information Assurance.



SEQ # COURSES, OBJECTIVES AND DELIVERABLES
1 IA7020 Information Security Systems and Organizational Awareness
  In this course, students utilize a subset of five of the ten domains of the (ISC)2 Common Body of Knowledge (CBK) in information security as a framework to critically analyze security awareness issues and to evaluate best practices in implementing security systems within the enterprise. (3 credits)

DELIVERABLES: Best Practice Analyses

COURSE OBJECTIVES:
  • To compare and contrast the mechanisms and procedures used by management to influence behavior, use, and content of an information system.
  • To propose best practices which utilize the means and methods of disguising information through cryptography in order to protect confidentiality and integrity.
    • To evaluate the impact of high level procedures, structures and standards used in defining, designing, and implementing information systems and technology.
  • To analyze structures, transmission methods, transport formats and security measures that enable confidentiality, integrity and availability in business communications.
  • To assess best practices used in establishing controls, within business applications, that support the security strategy of the enterprise.
2 IA7030 Legal and Ethical Practices in Information Security
  In this course, students utilize a subset of five of the ten domains of the (ISC)2 Common Body of Knowledge (CBK) in information security as a framework to critically analyze ethical decision-making and to evaluate the best practices employed in security operations planning and management. (3 credits)

DELIVERABLES: Best Practice Analyses

COURSE OBJECTIVES:
  • To assess associated security risks of various frameworks, policies, and structures of enterprise information assets.
  • To evaluate physical, procedural, and environmental risks associated with a business information technology infrastructure.
  • To recommend procedures and best practices required to preserve business in the face of major disruptions to normal operations.
  • To propose best practices for the protection and control of information technology resources.
  • To evaluate ethical investigative measures and techniques used to identify and retain evidence of security incidents within the constraints of general computer crime legislation and regulations.
3 RM6000 Effective Writing in Information Security Analysis
  In this course, students utilize secondary research to analyze a current best practice or process in one of the ten domains of Information Security. Students write and present a white paper providing a rationale for research to evaluate the effectiveness of that practice or process. (3 credits)

DELIVERABLE: A research white paper related to one of the ten domains.

COURSE OBJECTIVES:
  • To demonstrate effective written and oral communication skills.
  • To demonstrate knowledge of the secondary research process.
  • To develop a rationale for applied research in Information Security using literature review.
  • To demonstrate knowledge of APA requirements for format, source identification and citations in research writing.
4 IA7040 Information Security and Organizational Change
  In this course, students analyze the principles of change management as they apply to the requirements and regulations of information security. Students evaluate the factors which affect corporate decision-making
when implementing security programs and the ability of the manager to translate corporate needs into information security projects. (3 credits)

DELIVERABLE: Change Management Plan

COURSE OBJECTIVES:
  • To analyze the factors influencing the need for change and the imperatives for managing information security change initiatives in the workplace.
  • To evaluate the need for a specific Information Security change initiative at the group and
    organizational level.
  • To evaluate how the proposed change aligns with corporate leadership goals and culture.
  • To develop a change strategy and identify potential resistance factors to be managed.
  • To apply appropriate models to implement a sustainable Information Security change initiative.
5 IA8010 Business and Security Risk Analysis
  This course provides students with an overview of risk management principles. Methods to identify, quantify, and qualify internal and external risks to the organization are examined. Students apply these principles and methods to the current business and risk environment. (3 credits)

DELIVERABLES: Case Study Analyses; Business Risk Assessment Report

COURSE OBJECTIVES:
  • To evaluate the role of business and technical risk analysis within the context of Information Security.
  • To identify and analyze prevalent threats and vulnerabilities facing businesses today.
  • To identify and analyze business and technical threats to an organization. To analyze and evaluate Information Security methods used to address business threats and vulnerabilities.
  • To identify and evaluate the controls necessary to address business and technical threats.
6 PM8100 Information Security Project Management
  In this course, students utilize PMI's Project Management Body of Knowledge (PMBOK) as a framework to apply project management concepts in the information security arena. Each student develops a project plan for a security assessment which incorporates the technical and behavioral characteristics of high performance teams. (3 credits)

DELIVERABLES: Project Charter; Work Breakdown Schedule (WBS); Project Plan

COURSE OBJECTIVES:
  • To evaluate the role of project management in improving the success of information technology and information assurance projects.
  • To demonstrate and apply knowledge of key project management terms and techniques.
  • To gain experience in the use of project management methodologies and techniques.
  • To develop skills in creating project management documentation.
7 IA8250 Knowledge Management in Information Security
  In this course, students utilize secondary research competencies to identify and evaluate industry-relevant sources of information in the context of an emerging technology trend in information security. (3 credits)

DELIVERABLES: Source Analysis; Comparative Analysis of Sources

COURSE OBJECTIVES:
  • To differentiate and classify secondary research sources based on their salient characteristics.
  • To critically examine the validity and credibility of industry relevant information sources used in identifying an emerging technology trend in information security.
  • To evaluate and synthesize alternative information sources relating to an emerging technology trend in information security.
  • To critically analyze the applicability and relevance of specific information sources to an emerging technology trend.
8 RM9200 Strategic Analysis in Information Security
  In this integrative course, students assess the information security risk associated with an identified management problem. Students then develop a risk mitigation strategy which integrates principles and techniques of risk analysis, project planning, and change management. (3 credits)

DELIVERABLE: Strategic Risk Mitigation Plan

COURSE OBJECTIVES:
  • To assess the level of risk in an organization with respect to an identified Information Security management problem.
  • To formulate a strategy to mitigate the identified Information Security risk while limiting liability exposure.
  • To evaluate the defined strategy to ensure that it either reduces, mitigates, or transfers risk, or results in an acceptable residual risk.
  • To develop a project plan for implementing the chosen strategy that addresses resources, schedules, and organizational change management requirements.
9 IA8020 Security Policies, Standards and Procedures
  In this course, students examine the role of security policies, standards and procedures in addressing business and technical risks and develop a security governance report to evaluate compliance across the enterprise. (3 credits)

DELIVERABLES: Enterprise Security Critique; Security Governance Report

COURSE OBJECTIVES:
  • To examine the role of security policies, standards and procedures in supporting information security and assurance across the enterprise.
  • To examine the management of security policy review and implementation projects.
  • To demonstrate how to effectively address business and technical risks to the enterprise through appropriate policies, standards and procedures.
  • To develop a security governance report to evaluate compliance across the enterprise.
10 IA8030 Design, Development and Evaluation of Security Controls
  In this course, students transform high-level policies and procedures into quantifiable and measurable controls and mechanisms that enforce data and process integrity, availability and confidentiality. (3 credits)

DELIVERABLES: General IT Controls Review; Application Controls Review

COURSE OBJECTIVES:
  • To analyze and evaluate the interrelationship between risk management objectives and the application of effective business and IT controls.
  • To identify, define and evaluate key business and IT processes, requirements and performance metrics used by management to monitor and control risk.
  • To identify, analyze and evaluate organizational, administrative, network, and application-specific controls and risk mitigation strategies to meet business and technical objectives.
  • To demonstrate knowledge of the management of business and IT controls assessment projects.
  • To transform high-level business and technical objectives into quantifiable and measurable controls and mechanisms which enforce data and process integrity, availability and confidentiality.
11 IA8040 Incident Response Management
  In this course, students identify and analyze the nature of security incidents, the source of potential threats and the methods used in incident management and mitigation. Students also evaluate technical and business issues which affect the actions of the enterprise in responding to a security incident. (3 credits)

DELIVERABLE: Incident Response Plan

COURSE OBJECTIVES:
  • To identify and analyze the nature of computer security incidents and the source of potential threats.
  • To demonstrate knowledge of a methodology for end-to-end incident management and mitigation.
  • To analyze and evaluate the technical issues associated with incident management such as network trace back and computer forensics.
  • To identify, analyze and evaluate the business and non-technical drivers associated with incident management such as legal issues.
  • To gain knowledge of resources available for utilization in the event of a security incident.


Dissertation Preparation and Development Courses

The steps for producing the dissertation are incorporated into the coursework deliverables as students work to achieve major milestones toward a defensible dissertation, as outlined below:

PHASE I Identifying a Dissertation Topic
Step 1 Understanding the Research Process
  Orientation to the University of Fairfax Dissertation Process
  During this orientation, an advisor facilitates a review of the Dissertation Handbook with doctoral students.

ORIENTATION OBJECTIVE:
  • To help students understand and prepare for the requirements of the dissertation process.
  • To familiarize students with the Dissertation Handbook as a resource to utilize throughout the DPP.
  RM9300 The Research Paradigm
  In this course, students utilize a published research study as a model to review and analyze the research paradigm and the components of empirical research. Students then create a prototype of a field research study which replicates the research design of the model. (3 credits)

DELIVERABLE: A prototype field research design.

COURSE OBJECTIVES:
  • To understand the research paradigm in order to utilize it in the field research process.
  • To understand the factors determining the feasibility of a field research project.
  • To produce a prototype of a researchable (non-trivial, feasible) field research project.
Step 2 Understanding Research Principles and Techniques
  ORM6000 Effective Writing in Information Security Analysis
 
  • Completed in sequence #3
  IA8250 Knowledge Management in Information Security
 
  • Completed in sequence #7
  RM9100 Qualitative and Quantitative Analysis
  In this course, students compare, contrast, and evaluate qualitative and quantitative methods of data analysis for solving information assurance problems and conducting information security-related field research. (3 credits)

DELIVERABLES: Qualitative and Quantitative Analyses of Cases Studies

COURSE OBJECTIVES:
  • To evaluate the applicability of qualitative versus quantitative analysis methods.
  • To determine when parametric versus non-parametric statistics should be used.
  • To utilize qualitative and quantitative analytical methods in evaluating Information Security case studies.
Step 3 Obtaining Approval for a Feasible Problem-Driven Research Topic
  RES9100 Feasible Problem-Driven Research in Information Security
  In this course, students apply the concept of problem-driven research in order to identify feasible topic areas for their field research study. Students also identify a research site and utilize problems occurring there as a basis for selecting a researchable (feasible, non-trivial) research topic. Finally, they
identify the dependent variable to be studied. (3 credits)

DELIVERABLES: Research Project Feasibility Analysis; Executive Overview of Proposed Research

COURSE OBJECTIVES:
  • To understand what constitutes an acceptable research site.
  • To identify an accessible site at which to conduct research.
  • To determine the nature and degree of access to the potential subjects to be studied.
  • To understand the constraints and limitations of the identified research site.
  • To understand the role of a mentor /advocate at the research site.
  • To select a researchable topic area (site, problem, Information Security domain).
  • To identify the dependent variable that can be studied at the research site.
  RES900X3 Continuing Feasibility Analysis (If Required)
  Students needing more time to identify an approved topic or research site must enroll in this course, and must repeat the course until the topic is approved. (3 credits)
  Bootcamp I - Presentation of Dissertation Topic
  Students present their topic selections and feasibility analyses to the Program Director and invited faculty. This presentation includes the context of the study, the feasibility of the research site, and the topic to be researched. If the topic is approved, a Dissertation Committee Chair is appointed prior to the start of the next course.

BOOTCAMP OBJECTIVE:
  • To obtain approval of the research topic.
PHASE II Achieving Candidacy
Step 4 Developing the Proposed Research Plan (PRP)
  RES9110 Research Topic Rationale
  In this course, students articulate the problem statement and conduct a preliminary research literature review in Information Security to develop the rationale for their research. In addition, students identify and review other relevant bodies of research to be examined. (3 credits)

DELIVERABLE: Research Rationale (Chapter 1).

COURSE OBJECTIVES:
  • To identify the problem to be addressed by the field research study.
  • To conduct a preliminary review of literature to substantiate that the problem has relevance beyond the research site.
  • To establish the rationale and research objective(s) for conducting the proposed research.
  • To formulate a preliminary research question.
  RES9120 Review and Synthesis of Prior Research
  In this course, students expand the literature review and synthesize relevant empirical research in order to provide justification for the proposed research. In so doing, students narrow the focus of the proposed topic, formulate the final research question, identify the opportunity to contribute to knowledge in the Information Security arena, and describe the theoretical foundation for their research study. (3 credits)

DELIVERABLE: Literature Review and Synthesis (Chapter 2)

COURSE OBJECTIVES:
  • To conduct a review of empirical research with respect to the proposed research topic.
  • To synthesize the findings of the reviewed literature to serve as the theoretical foundation for the proposed research.
  • To articulate the final research question and the justification for the proposed research.
  • To identify all variables (dependent, independent, parameters) relevant to the proposed research.
  • To identify hypotheses relevant to the proposed research.
  RES9130 Information Security Research Design: Theory and Methodology
  In this course, students define the theoretical framework and select a research design approach (exploratory or hypothesis-testing). In addition, they evaluate the feasibility of standard research design types within the context of the proposed research site and document resource requirements for the proposed research project. (3 credits)

DELIVERABLE: Proposed Research Plan (PRP) (Chapters 1, 2, and 3.1 through 3.4)

COURSE OBJECTIVES:
  • To define the theoretical framework for the proposed research.
  • To evaluate and select the appropriate approach to the research (exploratory or hypothesis-testing).
  • To select at least one feasible design type that can be implemented at the proposed research site.
  • To identify a research hypothesis and assess the plausibility of rival hypotheses (if applicable to the research design).
  • To identify the context of the study including setting, population and sample.
  • To document the project resource requirements for the proposed research (people, cost, time, materials, support services).
  RES913X3 Continuing Methodology Development (If Required)
  Students needing more time to complete the PRP must enroll in this course, and must repeat the course until the PRP is approved. (3 credits)
Step 5 Attaining Doctoral Candidacy Status
  Bootcamp II - Presentation of the PRP
  Students present the PRP to the Candidacy Committee. If approved, students achieve Candidacy status
and may begin to develop the Research Design Specification (RDS).

BOOTCAMP OBJECTIVE:
  • To obtain Candidacy.
PHASE III Planning the Research
Step 6 Developing the Data Collection Plan
  RES9140 Information Security Research Design: Data Collection Plan
  In this course, students develop the data collection plan based upon the selected research approach and design type. This plan specifies the methods to be utilized for measuring the variables as well as the data collection procedures to be followed. (3 credits)

DELIVERABLE: Data Collection Plan (Chapters 3.5.1 through 3.5.5)

COURSE OBJECTIVES:
  • To describe how the context of the study will affect data collection.
  • To specify the methods to be used to measure each variable.
  • To identify or produce reliable, valid instrument(s) for use in data collection.
  • To specify the detailed data collection procedures to be used.
  • To conduct a pilot test of the selected instrument(s).
  • To develop appropriate displays of data including charts, tables and graphs using illustrative data.
Step 7 Developing the Data Analysis Plan
  RES9150 Information Security Research Design: Data Analysis Plan
  In this course, students develop the data analysis plan based upon the selected research approach and design type. This plan specifies the data analysis methods and procedures to be utilized in the research. (3 credits)

DELIVERABLE: Data Analysis Plan (Chapters 4.1 through 4.2)

COURSE OBJECTIVES:
  • To describe how the context of the study will affect data analysis.
  • To specify the methods to be used to analyze the relationships among the variables.
  • To identify appropriate analytical methods to be used to generate or test the hypothesis.
  • To specify the detailed data analysis procedures to be used.
  • To develop appropriate displays of results using illustrative data.
Step 8 Obtaining IRB Approval
  Prior to the completion of the RDS, doctoral candidates must submit the IRB Research Application to the IRB for approval. (See Appendix C.)
Step 9 Developing the Research Design Specification (RDS)
  RES9160 Research Design Specification
  In this course, students finalize the operational requirements of the proposed research study. (3 credits)

DELIVERABLE: Research Design Specification (RDS)

COURSE OBJECTIVES:
  • To integrate all previous work into the final specifications of the research design.
  • To obtain IRB approval of the Data Collection Plan and instruments.
  • To understand copyright requirements of a published research study.
  RES916X3 Continuing Research Design Specification (If Required)
  Students needing more time to finalize the operational requirements of the proposed research must enroll in this course, and must repeat the course until the RDS is approved. (3 credits)
PHASE IV COMPLETING THE DISSERTATION
Step 10 Obtaining Approval to Conduct Research
  Upon approval of their Chair, doctoral candidates present the RDS to the Candidacy Committee and invited faculty, to demonstrate readiness to conduct research. After the RDS is approved, the Dissertation Committee is appointed.

OBJECTIVE:
  • To obtain approval of the RDS and initiate research.
Step 11 Implementing the Research Plan
  DST9200 Data Collection and Analysis
  In this course, doctoral candidates implement the approved research design by collecting and analyzing data. (1-6 credits)
Step 12 Documenting the Research Findings
  DST9210 Dissertation Documentation and Defense
  In this course, candidates produce and submit the final draft of the dissertation for approval. Once the document has been approved by the Dissertation Committee Chairperson, candidates present their findings to the Dissertation Committee at the defense. (1-6 credits)
PHASE V Obtaining Approval to Defend
Step 13 Obtaining Approval to Defend
  Doctoral candidates submit a final draft of the dissertation document to the Chair for review and feedback from the Dissertation Committee. Upon approval by the Chair, the defense is scheduled.

OBJECTIVE:
  • To obtain approval to defend the dissertation.
Step 14 Obtaining Final Approval of Dissertation
  At the defense, doctoral candidates present their findings and respond to questions posed by Dissertation Committee members.

OBJECTIVE:
  • To obtain final approval of the dissertation.
PHASE VI Publishing the Dissertation



1Programs of study and course descriptions are subject to change without notice. Unless otherwise indicated all courses are three semester credits.
2Students seeking the DIA degree who do not hold a Master's degree are required to complete consecutive degrees. Please refer to the University of Fairfax Catalog for detailed program requirements for consecutive degrees.
3 This course must be repeated until deliverables are approved.




 

 

 

 

 
Site Index Privacy Legal
  © University of Fairfax