Graduate certificate in cybersecurity law and policy
Although cybersecurity issues are often thought of as primarily technical, law and policy are critically important skills in this arena. Cybersecurity law and policy are only beginning to develop and the demand for cybersecurity professionals continues to increase in the private and public sectors at the local, national, and international levels. A few examples illustrate the breadth and need for individuals with a law and policy background in cybersecurity. Consumer risks are created by the Internet of Things. Safety risks are created by self-driving vehicles. Democratic risks are created by various threats to elections. National security risks are created by threats to technology tied to critical infrastructure. To address these risks, society requires not only individuals with technological expertise, but also individuals with cybersecurity law and policy background to help establish the proper legal frameworks for responding to the ways that technology is disrupting existing norms and creating new challenges. There is a growing need for individuals with formal background in cybersecurity law and policy to both understand the current regulations and to thoughtfully develop new cybersecurity law and policy frameworks in this ever-shifting field.
Maurer School of Law and Indiana University Bloomington are uniquely placed to answers these demands because of deep and broad experience in education and research on cybersecurity and information privacy. Recognized by the federal government as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and National Center of Academic Excellence in Cyber Defense Research (CAE-R), IU's cybersecurity and information privacy programs are distinguished by their interdisciplinary approach, including integration of law, business, and computer science.
The Cybersecurity Law and Policy Certificate can be earned on campus in Bloomington or online from anywhere in the world. The Maurer School of Law will award a graduate certificate to students who complete at least 12 credit hours in courses specified below while maintaining a minimum grade point average of 3.0. All credits earned as a certificate student can be applied toward the 30 credits required for a Master's of Science in Cybersecurity Risk Management.
Courses required for certificate
All students must take one of the following two core courses (and may take both):
- Cybersecurity Law (3 cr.) or T578: Cybersecurity Law and Policy (3 cr.) in the Kelley School of Business
- Information Security Law (3 cr.)
Students without a technology background must take:
- A541 Computing and Technology Boot Camp (3 cr.) in the School of Informatics, Computing, and Engineering
Students without prior legal experience, who are not concurrently enrolled in the JD program, must complete at least one credit of Introduction to U.S. Law.
Students must select from a list of designated courses to satisfy the balance of the 12 credit hours required for the certificate. These courses include:
- Information Privacy Law I Constitutional Privacy Issues (3 cr.)
- Information Privacy Law II Privacy Regulation (3 cr.)
- Health Privacy Law (2 cr.)
- Information Privacy and Security Management Practicum (3 cr.)
- Seminar in Intellectual Property Law: Data Law and Policy (3 cr.)
and could include IU courses taken outside the Law School such as:
- T560 IT Risk Management (3 cr.) in the Kelley School of Business
- A542 Technical Foundations of Cybersecurity (3 cr.) in the School of Informatics, Computing, and Engineering (prerequisite: A 541 Computing and Technology Boot Camp)
As a condition of admission to the certificate program, JD students must apply to and be accepted as a JD affiliate of an IU research center with cybersecurity or information privacy as a principal area of focus. These include the long-established Center for Applied Cybersecurity Research and the new Ostrom Workshop Program on Cybersecurity and Internet Governance. Non-JD students are not required to affiliate with a Research Center.
How to apply
Non-JD Students must apply by:
- Creating an Account or using existing IU credentials at: Indiana University's online graduate and professional admissions application
- Selecting “Law Special Programs” in the dropdown menu
- Selecting “Cybersecurity Law and Policy Graduate Certificate” in the dropdown menu
- Selecting the term you wish to enroll.
- Clicking “Next Page”
- Completing the application. When completing the online application, please make sure to:
- Attach your personal statement and résumé to IU's online admissions application; and
- Identify at least one person as a reference (please note: an online reference form is emailed to the person(s) listed only after an application is submitted).
Standardized test scores (e.g., GRE or LSAT) are not required.
The application deadline is July 1.
For more information, please contact:
Joseph A. Tomain
Lecturer in Law
Director of Cybersecurity and Information Privacy Law Programs
Maurer School of Law Indiana University
All students will be expected to demonstrate:
- Familiarity with U.S. federal and state laws and regulations and major judicial opinions concerning cybersecurity;
- Familiarity with major U.S. federal and state regulators with responsibility for cybersecurity, their regulatory powers and jurisdiction, and other tools available to them;
- Familiarity with major models of cybersecurity law in other parts of the world, and specifically their likely impact on U.S. institutions;
- Familiarity with sources of information about cybersecurity issues, technologies, threats, and law, and the ability to assess their relevance, accuracy, and reliability;
- The ability to assess cybersecurity laws, regulations, and judicial decisions in terms of their likely effectiveness, their impact on institutions and individuals, their efficiency, their cost-effectiveness, and other legal or policy issues they might raise;
- The ability to assess new technologies, applications, products, and services in terms of the cybersecurity issues they may present and their lawfulness under existing law; and
- An understanding of the broader context in which cybersecurity issues occur and other values that are likely to be implicated by efforts to address cybersecurity challenges, including information privacy, freedom of expression and association, efficient commerce, and national security.
Students lacking familiarity with U.S. law will be expected to demonstrate:
- A general understanding of the basic structure of U.S. law and the U.S. legal system
Students lacking familiarity with information technologies will be expected to demonstrate:
- A general understanding of computers, networks, and mobile devices, and how they interconnect;
- A basic understanding of “big data” analytics and algorithms; and
- A basic understanding of authentication tools.