AZSecure Curriculum


The Eller College’s MIS Department is an elite program ranked in the top five MIS programs in the country (U.S. News & World Report) since the rankings began in 1989—an achievement matched only by MIT and Carnegie-Mellon.

Eller College is fully accredited by the AACSB. In addition to completing coursework in MIS, Electrical and Computer Engineering or Computer Science and receiving a Master’s or Ph.D. degree, students in the AZSecure SFS Fellowship program are required to take a rigorous set of core and elective cybersecurity courses. The University of Arizona is designated by the National Security Agency and the Department of Homeland Security as a CAE-IAE (first designated in 2009 and renewed in 2014).

Completion of MIS 515, MIS 516 and MIS 517 entitles students to receive an Enterprise Security Certificate from The University of Arizona. Students take these and several additional cybersecurity courses which, combined with their research, uniquely positions them to tackle the cutting edge cybersecurity challenges of today and tomorrow. The 33-credit core curriculum for the MIS program is shown in below. Students take an additional 12-15 credits on average, including cybersecurity electives, research or analytics.

AZSecure Master's in MIS Core Curriculum

3 units

This course exposes the student to a broad range of computer systems and information security topics. It is designed to provide a general knowledge of measures to ensure confidentiality, availability and integrity of information systems. Topics range from hardware, software and network security to INFOSEC, OPSEC and NSTISS overviews. Components include national policy, threats, countermeasures and risk management among others. Graduate-level requirements include an oral case study report as their final. 

3 units

The objective of our MIS 516 course is to provide our University of Arizona students with a thorough and operational knowledge of information security so that this critical area is recognized as a management issue and not an I.T. issue. This course is also offered online.

3 units

The information security arena contains a broad array of multi-level models for assessing, planning, implementing and monitoring the mitigation of security risks. At the very core of this information security spectrum are the actual system and network devices which store, manage, transmit and secure information. This course is designed to provide a working knowledge of issues and techniques surrounding the proper safeguarding of operating systems and related components. Filled with Information Assurance topics, this course offers a solid base for system administrators and technical managers.

3 units

This course introduces the student to fundamentals of database analysis, design and implementation. Emphasis is on practical aspects of business process analysis and the accompanying database design and development. Topics covered include: conceptual design of databases using the entity relationship model, relational design and normalization, SQL and PL/SQL, web based database design and implementation using Oracle or some other modern Database Management Systems. Students are required to work with a local client organization in understanding their business requirements, developing a detailed set of requirements to support business processes, and designing and implementing a web based database application to support their day-to-day business operations and decision making. Students will acquire hands-on-experience with a state-of-the-art database management system such as Oracle or Microsoft SQLServer, and web-based development tools. 

3 units

This course provides an understanding and application of system analysis and design processes centered on the systems development life cycle. Core topics include: project management and cost-benefit analysis; information systems planning and project identification and selection; requirements collection and structuring; process modeling; conceptual and logical data modeling; database design and implementation; design of the human-computer interface (HCI); system implementation; system maintenance and change management. Students will also be introduced to comparative development methodologies and modeling tools. The course involves a substantial project where students will learn the importance of effective communication and integration with users and user systems. The course emphasizes interpersonal skill development with clients, users, team members and others associated with development, operation and maintenance of systems.

3 credits

This course provides an in-depth knowledge of data communications and networking requirements, including networking technologies, hardware and software. This course has two objectives. First, it focuses on basic networking standards and protocols. Second, students will learn to evaluate, select and implement different data network options and prepare a cost-benefit analysis for a proposed solution. This course may be offered as either a ground or distance learning course.

3 units

Corporations today are said to be data rich but information poor. For example, retailers can easily process and capture millions of transactions every day. In addition, the widespread proliferation of economic activity on the Internet leaves behind a rich trail of micro-level data on consumers, their purchases, retailers and their offerings, auction bidding, music sharing and more. Data mining techniques can help companies discover knowledge and acquire business intelligence from these massive datasets. This course will cover data mining for business intelligence. Data mining refers to extracting or “mining” knowledge from large amounts of data. It consists of several techniques that aim at discovering rich and interesting patterns that can bring value or “business intelligence” to organizations. Examples of such patterns include fraud detection, consumer behavior and credit approval. The course will cover the most important data mining techniques—classification, clustering, association rule mining, visualization, prediction—through a hands-on approach using XL Miner and other specialized software, such as the open-source WEKA software. This course is also offered via the MISonline program.

Students will integrate their knowledge from their program of study and apply it to a problem area in MIS. Each student will write a significant report based on the results of his or her work. 

Cybersecurity Electives

The University of Arizona has a rich and growing base of cybersecurity courses students can take across multiple departments.

*Part of MS MIS core curriculum

3 units

This course covers using controls to protect information assets. Topics include internal and external IT auditing, the role of auditing role in information security, the IT audit process, system independent IT audit processes, system dependent IT audit processes, auditing outsourced IT systems and resources. Controls covered will include desktop computer controls, systems development controls, computer center operation controls, assurance of information related to on-line, client-server, web-based, internet, cloud computing, virtualization and other advanced computer topics. Students will learn approaches to evaluating and addressing technology risk throughout the organization from the perspective of internal and external audit in addition to the view of end users. Topics included in the class will include coverage of all areas to prepare students to take the Certified Information Systems Auditor (CISA) exam.

3 units

This course is designed to provide students with a hands-on introduction to the fundamental concepts and tools of modern cyber threat intelligence. Students will become familiar with the cyber threat intelligence lifecycle, identifying, collecting, and integrating intelligence feeds, common intelligence formats, and standard cyber threat intelligence technologies (e.g., CIF servers, TAXII servers, SIEM's etc.).

Prerequisites: MIS 545 Data Mining for Business Intelligence, Python

3 units

This course introduces students to the principles and techniques of the cybersecurity practice known as penetration testing (pen testing), or ethical hacking, and covers the full pen test life cycle. Students discover how system vulnerabilities can be exploited and learn how to avoid such problems. Students will review various tools and methods commonly used to compromise information and control systems. Ethical hacking, also known as penetration testing, is the act of breaking into a system with the permission and legal consent of the organization or individual who owns and operates the system, with the purpose of identifying vulnerabilities to strengthening the organization's security. Students will conduct hands-on penetration tests in a lab environment to practice the concepts presented and tools reviewed in the course. This course is an ethical hacking course and students will learn hacking techniques within a controlled environment for the goal of better securing the IT resources of their rightful owners.

Prerequisite knowledge: Python

3 units

The focus of this course is the usage of common tools used during penetration assessments and hardening system defenses. Students will draw from previous classes to combine skills in online defense and penetration exercises of systems in a virtual environment. Along with course labs, this course will apply theory and techniques to provide the following learning base - knowledge, comprehension and application.

Prerequisites: MIS 545, MIS 515, ECE 578, SIE 571, MIS 562, MIS 566, MIS 516, MIS 517 and Python

3 units

This course provides an introduction to technical aspects of cyber security. It describes threats and types of attacks against computers and networks to enable students to understand and analyze security requirements and define security policies. Security mechanisms and enforcement issues will be introduced. Students will be immersed in the cyber security discipline through a combination of intense coursework, open-ended and real-world problems and hands-on experiments.

Prerequisite: ECE 578

3 units

This course covers Shannon's approach to cryptography, symmetric key cryptography, cryptographic hash functions, public key cryptosystems, authentication, key management and distribution, as well as wireless and network security.

3 units

Cloud computing is the model for ubiquitous, convenient, on-demand access to a shared pool of configurable computing resources. With the interest in cloud computing, the security challenges are raising concerns. This class discusses the cloud computing architecture and components along with the threat modeling and discusses physical, database, network, virtualization, services and users level security concerns and their solutions.

Prerequisite: ECE 509 suggested but not required

3 units

This is an introductory course covering the fundamentals of computer security. In particular, the course will cover basic concepts of computer security such as threat models and security policies, and will show how these concepts apply to specific areas such as communication security, software security, operating systems security, network security, web security and hardware-based security.

Prerequisite: CSC 352 or similar course in systems programming

3 units

Enterprise Resource Planning (ERP) systems represents integrated strategy for management of information among organizations, suppliers and customers. Graduate-level requirements include completion of a group project on an advanced complementary or enabling technology using ERP. Students' projects include implementation or demonstration and presentation to class.

Sample Plan of Study

The following table lists an example plan of study. Each student will consult regularly with the SFS AZSecure Program Administrator Mark Patton, Ph.D., to determine their specific plan of study. Additional information about the entire MIS curriculum can be found on the MIS Courses. 

Please note that other than the courses in the Enterprise Security Certificate (MIS 515, 516 and 517), and one or two other classes, all course work and research is conducted on campus. The AZSecure program is currently not available online or through satellite campuses.

All courses are three units unless otherwise indicated.

Year One

Semester One Semester Two
MIS 531 Enterprise Data Management MIS 515 Information Security in Public and Private Sectors*

MIS 543 Business Data Communications and Networking

MIS 517 Systems Security Management*
MIS 545 Data Mining for Business Intelligence MIS 541 Information Systems Analysis and Design
MIS 599 Independent Study (research) (2 credits) MIS 599 Independent Study (research) (2 credits)

Business requirements (if needed): 

  • Introductory Statistics for Managers (if selecting the BIA concentration)

Summer One:

  • Service through qualified government Internship- SFS
  • Cyber security internship in industry or government- SFI

Year Two

Semester Three Semester Four

Business requirements (if needed):

  • MIS 509 Strategic Communications
3 credits of Electives** to be approved by SFS Program Administrator
MIS 516 Information Security, Risk Mgmt., Disaster Recovery*  Master's Project and Report - MIS696H
ECE 509 Cyber Security - Concept, Theory, Practice (or 3 credits of electives) MIS 562 Cyber Threat Intelligence (or 3 credits of electives)
MIS 599 Independent Study (research) (2 credits) MIS 689 Cyber Warfare Capstone (or 3 credits of electives)



Summer Two and beyond:

  • Post-graduation service through qualified government position for SFS Students
  • Cyber security industry or government work at the discretion of SFI students

* Part of the Enterprise Security Certificate.

** Electives may selected from within the MIS program or outside of it, depending on the student's interests, career plan, etc. Other schools and departments that may offer relevant electives may include, for example, the Department of Computer Science, the Department of Electrical and Computer Engineering, the College of Social and Behavioral Sciences (e.g., Department of Sociology) and the School of Information/ISTA. Check the Schedule of Classes, UA Course Catalog for information, or departments' websites for information. Course availability is dependent on the department, school, or college offering the course.