Graduate certificate in cybersecurity law and policy

Although cybersecurity issues are often thought of as primarily technical, law and policy are emerging as critically important skills in this arena. Indiana University Bloomington is uniquely placed to meet this need, with more than 15 years of experience teaching and research about cybersecurity issues. Recognized by the federal government as a National Center of Excellence in Cybersecurity Education and Research, IU's cybersecurity efforts are distinguished by a uniquely interdisciplinary approach to cybersecurity and the integral involvement of law and business in them.

The Maurer School of Law will award a graduate certificate to JD students who complete at least 12 credit hours in courses specified below while maintaining a minimum grade point average of 3.0.

Admission requirements

The certificate is intended for current Maurer School of Law students who wish to add the certificate to their JD degree program.

Courses required for certificate 

Required courses

All students must take one of the following two core courses (and may take both):
Cybersecurity (3 cr.)
Information Security Law (3 cr.) 

Students without a technology background must take:
Computing and Technology Boot Camp (3 cr.) (Offered at the School of Informatics, Computing, and Engineering)

Elective courses

Students must select from among the following courses to satisfy the balance of the 12 credit hours required for the certificate:

Information Privacy Law I—Constitutional Privacy Issues (3 cr.)
Information Privacy II—Privacy Regulation (3 cr.)
Health Privacy Law (2 cr.)
Information Privacy and Security Management Practicum (3 cr.)
Information Technology Essentials (3 cr.) (Offered at the School of Informatics, Computing, and Engineering)
IT Risk Management (3 cr.) (Offered at the Kelley School of Business)
Seminar in Information Privacy (3 cr.)

Center affiliation

JD students seeking to earn a certificate in Cybersecurity Law are required to become affiliated in their choice of cybersecurity centers on campus. These include the long-established Center for Applied Cybersecurity Research, as well as the new Ostrom Workshop Program on Cybersecurity and Internet Governance.

The application deadline is March 1. For more information, or to apply, contact:

Prof. Scott Shackelford
(812) 856-6728
sjshacke@indiana.edu 

Learning outcomes

All students will be expected to demonstrate:

  • Familiarity with U.S. federal and state laws and regulations and major judicial opinions concerning cybersecurity;
  • Familiarity with major U.S. federal and state regulators with responsibility for cybersecurity, their regulatory powers and jurisdiction, and other tools available to them;
  • Familiarity with major models of cybersecurity law in other parts of the world, and specifically their likely impact on U.S. institutions;
  • Familiarity with sources of information about cybersecurity issues, technologies, threats, and law, and the ability to assess their relevance, accuracy, and reliability; 
  • The ability to assess cybersecurity laws, regulations, and judicial decisions in terms of their likely effectiveness, their impact on institutions and individuals, their efficiency, their cost-effectiveness, and other legal or policy issues they might raise;
  • The ability to assess new technologies, applications, products, and services in terms of the cybersecurity issues they may present and their lawfulness under existing law; and
  • An understanding of the broader context in which cybersecurity issues occur and other values that are likely to be implicated by efforts to address cybersecurity challenges, including information privacy, freedom of expression and association, and efficient commerce.

In addition, students lacking familiarity with U.S. law will be expected to demonstrate:

  • A general understanding of the basic structure of U.S. law; and 
  • A general understanding of the basic structure of the U.S. legal system.

In addition, students lacking familiarity with information technologies will be expected to demonstrate: 

  • A general understanding of computers, networks, and mobile devices, and how they interconnect;
  • A basic understanding of “big data” analytics and algorithms; and
  • A basic understanding of authentication tools.