Frequently Asked Questions - Case Study

1. What does the case study do for my organization?
   
2. What does the case study do for me as I go through the program?
   
3. What does the case study do for my future?
   
4. Which case study type should I choose?
   
5. What will my company need to know if I want to pursue an OSCS?
   
6. Can I change my case study during the program?
   

1. What does the case study do for my organization?
   The MSIA program's management focus means that security practice and security decision-making is directed toward keeping the business successful. Information Assurance isn't just about technology - it's about people, business policies and processes, strategic goals and tactical decisions. The MSIA case study will ask you to examine all these areas - a holistic evaluation of the organization's security posture.
   
   ^ Top of Page
   
   
2. What does the case study do for me as I go through the program?
   If your background is in security technology, your case study will broaden your knowledge to include policy development; risk assessment; specific standards such as COBIT and the PCI DSS; regulations such as Gramm-Leach-Bliley and SOX; broad and widely-accepted standards from organizations such as NIST and ASICS; and security auditing as a component in information assurance. You'll become a fully-informed security practitioner who can help mitigate the tension between security needs and business needs.
   
   If your background is in management, your case study will help you understand "defense in depth" and the kinds of technological security tools that are in use or on the horizon. You'll examine whether computer incident response should be part of your security plan. You'll learn about disaster recovery and business continuity planning, and how IT recovery and business recovery are intertwined. You'll deepen your technology understanding so that you can communicate effectively with your technical team and justify your technology decisions to your own managers.
   
   ^ Top of Page
   
   
3. What does the case study do for my future?
   Research, analysis and writing mean that you improve your communication skills at every level. You will learn how to conduct interviews, and to build cooperative relationships with individuals inside and/or outside your organization. Identifying and analyzing issues and solutions will enhance your critical thinking skills. The many essay assignments and the end-of-seminar papers will bring improvement in your writing skills, both in terms of organization and in terms of writing itself. You'll become a practiced communicator, verbally and in writing, at macro and micro levels. Regardless of which case study you choose, your views as a security practitioner will be respected within your organization and in the larger IA world as well.
   
   ^ Top of Page
   
   
4. Which case study type should I choose?
   Case study selection depends on your career interest and on the support you have within an organization. For most students, the case study is their own workplace but students have successfully pursued case studies in such organizations as local non-profit agencies, school systems and local businesses.
   
   The OSCS may be a good choice when an organization's management appreciates the need for information security, when the student has ready access to security and/or business managers, or when the student's job responsibilities or career aspirations include security management.
   
   ISCS may be a good choice for the student who does not have enough management support for the detailed interviews that an OSCS requires, for the student who finds the case study permission entangled in the legal department, or for the student whose security interest goes beyond a single organization.
   
   ^ Top of Page
   
   
5. What will my company need to know if I want to pursue an OSCS?
   
   • Time commitment: The MSIA program consists of 6 seminars (courses) and requires 18 months to complete. Experience shows that 1-2 hours per week is required during most weeks of a seminar to conduct interviews; scheduling interviews in advance, or setting up a regular interview meeting time, is highly recommended. Your manager's support in "opening doors" to interviews and visibly supporting your studies will make the process easier.
   • The real benefit: your company will receive a professional-level, in-depth security assessment, carefully prepared not in a month of quick consulting visits, but over a long period of time and covering significant aspects of the organization's operation.
   • How it works: essay assignments ask you to examine a particular aspect of an organization's security posture: network management and security; product selection; security training; policy development, etc. You will write up your research for those assignments, and use your research to prepare an end-of-seminar paper which you present to your manager as a finished work product.
   • The information provided: Your company will receive security recommendations which are directly related to the organization's business issues and management objectives.
   • The dollar value of this time and effort: A comparable security analysis conducted by a consulting firm will cost upward of $100K.
   
   ^ Top of Page
   
   
6. Can I change my case study during the program?
   The most frequent reason for a case study change is that an OSCS student loses management support. An OSCS student may bring up security subjects which managers are reluctant to address, and that reluctance may turn into unwillingness to discuss any security-related topic. A student may change jobs and, as a new employee, may not have the support necessary to conduct a case study. An organizational restructuring may mean that managers who had supported a case study are no longer available, or a new manager is not willing to support a case study. In such circumstances, students often request permission to switch to an ISCS. The student must submit an ISCS proposal and the request must be approved by the Program Director.
   
   An ISCS student may switch to an OSCS when it becomes apparent that case study support is available from an organization and that the student's studies will benefit from the change. The student must submit a permission agreement signed by an appropriate manager and the request must be approved by the Program Director.
   
   A student may change case study only once during the course of the program.

« Go Back	^ Top of Page