The Master of Science in Identity Management and Security is the premiere master’s degree program for those seeking employment or advancement in management or executive roles in identity security or privacy. Utilizing the interdisciplinary excellence of the School of Information in particular and The University of Texas at Austin as a whole, the subject matter expertise of the Center for Identity, and the leadership of Center and iSchool partners, the program provides a 360-degree perspective on identity, security, privacy, and access management that is not available through existing programs in cybersecurity and information assurance.

Introduction to Identity Management, Security, and Privacy (IMS 380)

This course aims to provide an introductory overview of identity management and security by presenting working definitions of Personally Identifiable Information (PII); identity management and security challenges and best practices; and the combined people, processes, policies, and technologies required to manage and secure PII for a number of different market sectors. Course objectives include:

  • Learning how to define identity for people, organizations and devices
  • Quantifying identity risks and value
  • Evaluating and understand consumer’s attitudes about their identities
  • Understanding the progressive phases of PII management throughout the lifecycle
  • Differentiating between identity management and cybersecurity
  • Understanding how to manage and secure PII based on best practices
  • Identifying the workforce required to implement identity management and security best practices
  • Understanding the impact of laws, regulation, and public policy on identity management and security best practices

Identity in Society and Community (IMS 381)

This course explores how differences over time and across contexts inform individual, organizational, and social understandings and practices of identity. Course objectives include:

  • Defining identity as a socio-cultural construct
  • Understanding the role of identity at various levels of scale
  • Understanding the culturally-specific dimensions of identity, including ethnic and gender identities
  • Recognizing ways in which values and concepts related to identity are changing
  • Understanding connections between practical and philosophical dimensions of identity
  • Taking values into consideration when designing technologies and services to protect identity

Identity and Public Policy (IMS 382)

This course aims to increase students’ knowledge of the U.S. federal information policy system and to critically analyze the implications of federal policy initiatives for identity management and security. Course objectives include:

  • Develop a broad understanding of how identity and public policy relate to each other
  • Know important public policy terms and concepts, especially those related to identity
  • Recognize major public policy initiatives and issues related to identity
  • Analyze the implications of public policies for managing and securing identities
  • Develop an analytic, historical, and theoretically-grounded understanding of identity policy conflicts and politics
  • Communicate in written and oral form about fractious policy conflicts in a collegial and scholarly way
  • Prepare to influence and participate in the public policy system

Identity Business Practices and Governance (IMS 383)

This course aims to equip students with the knowledge and skills necessary for establishing ethical business practices and governance mechanisms to minimize risks and maximize returns of organizations’ identity assets. Course objectives include:

  • Developing an identity management strategy for an organization
  • Designing governance, risk, and control (GRC) mechanisms for minimizing potential risks around strategic identity assets
  • Developing business continuity and disaster recovery plans in preparation for disruptive identity events
  • Applying data security and privacy-related laws and regulations to an organization’s risk management plans and data flow processes
  • Balancing legal, regulatory, and contractual requirement costs and risks of the organization with the value of the organization’s retained data assets
  • Identifying ethical issues around data privacy and security-related business practices of
  • Identifying risk/return tradeoffs and challenges for an organization in creating innovative new products and services with sensitive personally identifiable information (PII)

Identity Communication (IMS 384)

This course aims to provide students with a multi-tiered approach to three overarching themes: the basics of identity communication, the framing of identity concepts, and identity management crisis communication. Course objectives include:

  • Understanding the key role of communication in identity management and identity theft
  • Framing and deliver messages to key stakeholders concerning identity management and privacy behaviors
  • Learning how to create High Reliability Organizations that make their groups less susceptible to security crises, and—when they occur—more resilient to manage them
  • Developing a crisis communication plan as it pertains to data breaches

Identity Risk and Benefit Analysis (IMS 385)

This course aims to equip students with a comprehensive understanding of different types of identity assets, the roles of identity assets in the functioning of a digital economy, frictions around identity assets, and the valuation of identity assets from the perspectives of various stakeholders. Course objectives include:

  • Quantify the risks and benefits of identity assets for various stakeholders
  • Identify and describe aspects of the digital divide that defy common expectations and stereotypes
  • Put personal information identity actions in the wider contexts of social responsibility and electronic government
  • Assess the risk and return potential of strategic identity assets
  • Establish an accountability framework for evaluating and justifying identity-related investments of for-profit and not-for-profit organizations
  • Understand the differences between traditional risk transfer and alternative risk models and how to apply those models based on the organization’s exposures
  • Use reinsurance and financial models to determine underwriting premiums and rates

Identity Security (IMS 386)

This course aims to provide students with a solid understanding of the theories, concepts, and practical applications of information security and its relationship to identity management. Course objectives include:

  • Know the general historical development of information security as a discipline, with specific focus on the evolution of information security in the context of computing, networking, and the Internet
  • Learn how information is transmitted and managed over networks, including the Internet, and how the essential components of these networks operate
  • Understand the theoretical components of information security, particularly confidentiality, integrity, and availability, and how these components are incorporated into security technologies and management programs
  • Analyze the structure and functions of an enterprise cybersecurity program, including security program management, security risks and threats, security controls and technologies, and security program monitoring and evaluation
  • Apply the concepts and techniques of information security to a variety of cases, scenarios, and exercises

Identity Information Management and Repositories (IMS 387)

This course aims to provide students with skills and knowledge involving the protection of confidentiality, integrity, accessibility, and privacy of identity assets. With a view of both the technical and organizational aspects of identity management, this course focuses on the tools needed to develop both enterprise and IT solutions to protect, access, and rely on identity information. Course objectives include:

  • Being prepared to develop an identity management strategy for an organization including incident response and business continuity planning
  • Understanding organizational control activities for mitigating risk
  • Knowing how to plan, organize, acquire, and implement IT solutions for identity management
  • Gaining familiarity with algorithms and analytics for PII management
  • Identifying PII management applications across all market sectors

Identity and Law (IMS 388)

This course aims to give a broad introduction to the various laws and legal issues surrounding identity. Course objectives include:

  • Learn the laws surrounding issues of identity, identity assets, and personal information
  • Identify identity-related laws, standards, policy instruments, guidance, and principles
  • Define and discuss different classes of protected personal information
  • Discuss multiple genres of legal information and legal writing
  • Distinguish between different types of identity-theft related crime
  • Understand business responsibilities to protect employee and consumer data in all stages of collection, storage, use disclosure, protection, and destruction
  • Discuss risk/harm standards for the protection of personally identifiable information (PII) and identify best practices for complying with legal requirements
  • Analyze obligations of the Board of Directors and Executive Management to shareholders as well as potential liability
  • Know the steps to take to prevent a breach, how to create a security incident response plan, and the steps to take for breach response
  • Understand procedures relating to law enforcement investigation of security breaches and identity theft
  • Recognize risks and consequences of data breaches and discuss differences in data-breach reporting and notification requirements for different industries and sectors
  • Analyze variation across state laws regulating data breach notification
  • Discuss data privacy as it relates to Big Data and the Internet of Things
  • Analyze employee-related privacy laws

IMS Professional Experience and Project (IMS 388L)

The IMS Professional Experience and Project course is a culminating, integrative experience, allowing students to employ the knowledge gleaned from coursework and, with creativity and professionalism, apply it to a real-world problem. Capstone projects involve not only “learning,” but also “doing”; the student will have true ownership of a project.