Master´s Programme in Information Security
Information Security is certainly one of the most exciting and ever growing areas within IT. Global IT security spending is projected by business magazine Forbes to possibly increase tenfold in the coming decade. This type of growth will have far reaching impacts on the job market for graduates from advanced studies in information and cyber security.
Information security is primarily concerned with the protection of information assets. Today, most of the information resides in - and is communicated via IT systems. Hence, these systems need to be protected from various threats and attacks. The goal of information security is to protect with respect to the information its confidentiality, integrity and availability. Naturally, it all depends on the business needs and legal requirements. The area of information security is both exciting and overreaching since it also entails the protection of the essential and critical cyber infrastructure, trying to prevent or solve a wide range of computer crimes and other illicit activities, as well as protecting human rights, freedom and democracy. One of the many objectives is to devise new methods and strategies for cyber readiness and defence.
The demand for educated information security specialists is already very high, almost always among the first top jobs in IT and in the coming years it is expected to continue its growth almost exponentially.
Graduates of this programme are ready to work in the area of information security and related fields in both private and public sector organisations as managers, advisors and specialists providing professional and expert know-how.
Stockholm University pioneered academic research and education in information security in Sweden in the 1960s. The university has since then turned out thousands of graduates who are now part of academia and industry around the globe.
You will find detailed course information, list of course literature, schedule and start date at courses and timetables. Select semester in the drop-down menu and search by course name.
We approach the subject area from both the business side and the technical side. This master’s programme includes courses such as:
• Introduction to Digital and Information Security
• Secure Software
• Information Security in Organisations
• Network Security
• Information Security Project Management
• Cyber Security
• Legal aspects of information security
• Cyber Forensics
The programme also includes studies relative to scientific communication and research methodology for computer and systems sciences, leading up to the independent thesis work in the final term before the graduation.
Two alternatives, depending on the student’s previous background
1 x 15 credits or 2 x 7,5 credits
For students that do not have 90 credits in computer and system sciences, informatics or equivalent:
Supplementary course in Computer and Systems Science 15 credits
The course provides the basic knowledge to students, who have little or no previous education in the subject of computer and systems sciences. It gives knowledge, e.g. databases, programming, HCI, information security, computer networks. By completing the course, the students can continue their study at the master level at the department.
For students with 90 credits in computer and system sciences, informatics or equivalent:
Elective courses 2 x 7,5 credits
Two from the following four courses:
- Advanced Requirements Engineering of IT-systems 7,5 credits
- Data Mining 7,5 credits
- Enterprise Computing and ERP Systems 7,5 credits
- Digital Forensics 7,5 credits (highly recommended)
Alternative 1 and 2:
Mandatory courses 2 x 7,5 credits
Introduction to Information Security 7,5 credits
The course is primarily an introductory course that prepares students for advanced studies in the field of information security and digital security. The course therefore provides a general conceptual framework for the subject area and provides familiarity with the terminology that is relevant to the more specialised security and forensics courses offered by the department.
Information Security in Organisations 7,5 credits
In this course, you will learn the best practices for managing information security in organisations. The course covers foundational aspects such as information assets, information classification, risk analysis, security processes and controls, GAP-analysis, Policy, marketing, awareness and education and standards (ISO/IEC 27000-series).
Mandatory courses 4 x 7,5 credits
Scientific Communication and Research Methodology 7,5 credits
Computing as a discipline combines three academic traditions: the theoretical tradition, the scientific (experimental) tradition and the engineering tradition. Due to that combination, there is no clear methodological tradition in computer science. This course introduces how to design, implement and report a research study. The main focus of this course is research design and reporting. Students will learn how to align problem statement, aims, objectives, research questions, data collection and analysis and reporting into a coherent and logically flowing whole.
Network Security 7,5 credits
The major emphasis is put on the Internet and network security, which includes network protocols, cryptography, threats and threat models, secrecy and privacy, message integrity, types of intrusion, packet sniffing, spoofing, authentication protocols, authorization, access control, secure services, IPSec, firewalls, and security incidents and responses.
Cyber Forensics 7,5 credits
The curriculum addresses forensic methods and techniques in network connected systems and small scale digital devices (S2D2) forensics such as GPS units and other types of "smart" devices. The course gives an insight into how to work with incident response, prevention of cyber crimes such as network intrusions, frauds, identity thefts, and the distortion and the violation of various democratic processes. Furthermore, the course will stimulate and challenge your academic creativity by completing a small research project within the area of cyber forensics.
Cyber Security 7,5 credits
You will learn: Basic architectures, strategies, technologies and processes that can be applied to achieve cybersecurity and cyber resilience for internetworked information systems.
- Cybersecurity and cyber resilience
- Web and Web services security
- Wireless security
- E-Commerce security
- Cloud Infrastructures, Internet of Things
Mandatory courses 4 x 7,5 credits or Exchange studies (info regarding exchange studies)
Research Methodology for Computer and Systems Sciences 7,5 credits
The course deals with research strategies (case studies, experiments and survey), methods for data collection (questionnaires, interviews and observations) and software-based analysis (thematic, conversation and interaction analysis). Statistical and mathematical methods include descriptive and inferential statistics. Evaluation of data is included.
Software Security 7,5 ECTS
The course's intent is for students to gain the knowledge required to make them useful contributing members of a software development team where security of the product is taken seriously. Programming ability is not presumed given that the student may choose to specialise in for example managerial aspects and standards, besides covering architectures, vulnerabilities, problem discovery, avoidance and mitigation etc.
Legal aspects of information security 7,5 credits
The course covers central legal aspects of information security as it relates to societies, organisations and individuals. Among other things, the content includes computer crime, intellectual property rights (IPR), electronic signatures, data protection (EU GDPR) and national security legislation.
Information Security Project Management 7,5 credits
The course teaches you to understand and use basic methods and tools to manage projects. The course builds understanding of and provides guidance in the project's different parts - from feasibility studies and specification of demands to follow-up.
Master thesis 30 credits
Information regarding master thesis
How to apply
Selection processAdditional eligibility criteria
The selection of students is based on grades of academic courses.
This means that you don’t have to submit recommendation letters or motivation letter when applying to this specific programme.
The job market for information security professionals is very good. Information security graduates from Stockholm University work, among other, as information security managers (CISO), information security consultants, cyber security specialists, cyber and digital forensics professionals. Some graduates choose to pursue their careers in research education that eventually leads to a doctoral degree in this exciting field.