Graduate certificate in cybersecurity law and policy

Although cybersecurity issues are often thought of as primarily technical, law and policy are critically important skills in this arena. Cybersecurity law and policy are only beginning to develop and the demand for cybersecurity professionals continues to increase in the private and public sectors at the local, national, and international levels. A few examples illustrate the breadth and need for individuals with a law and policy background in cybersecurity. Consumer risks are created by the Internet of Things. Safety risks are created by self-driving vehicles. Democratic risks are created by various threats to elections. National security risks are created by threats to technology tied to critical infrastructure. To address these risks, society requires not only individuals with technological expertise, but also individuals with cybersecurity law and policy background to help establish the proper legal frameworks for responding to the ways that technology is disrupting existing norms and creating new challenges. There is a growing need for individuals with formal background in cybersecurity law and policy to both understand the current regulations and to thoughtfully develop new cybersecurity law and policy frameworks in this ever-shifting field.

Maurer School of Law and Indiana University Bloomington are uniquely placed to answers these demands because of deep and broad experience in education and research on cybersecurity and information privacy. Recognized by the federal government as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and National Center of Academic Excellence in Cyber Defense Research (CAE-R), IU's cybersecurity and information privacy programs are distinguished by their interdisciplinary approach, including integration of law, business, and computer science.

The Cybersecurity Law and Policy Certificate can be earned on campus in Bloomington or online from anywhere in the world. Maurer School of Law will award a graduate certificate to students who complete at least 12 credit hours in courses specified below while maintaining a minimum grade point average of 3.0. All credits earned as a certificate student can be applied toward the 30 credits required for a Master's of Science in Cybersecurity Risk Management.

Courses required for certificate

Required courses

All students must take one of the following two core courses (and may take both):

Students without a technology background must take:

Students without prior legal experience, who are not concurrently enrolled in the JD program, must complete at least one credit of Introduction to U.S. Law.

Elective courses

Students must select from a list of designated courses to satisfy the balance of the 12 credit hours required for the certificate. These courses include:

and could include IU courses taken outside the law school such as:

  • T560 IT Risk Management (3 cr.) in the Kelley School of Business
  • A542 Technical Foundations of Cybersecurity (3 cr.) in the School of Informatics, Computing, and Engineering (prerequisite: A 541 Computing and Technology Boot Camp)

Center affiliation

As a condition of admission to the certificate program, JD students must apply to and be accepted as a JD affiliate of an IU Research Center with cybersecurity or information privacy as a principal area of focus. These include the long-established Center for Applied Cybersecurity Research and the new Ostrom Workshop Program on Cybersecurity and Internet Governance. Non-JD students are not required to affiliate with a Research Center.

How to apply

As a condition of admission to the certificate program, JD students must apply to and be accepted as a JD affiliate of an IU Research Center with cybersecurity or information privacy as a principal area of focus. These include the long-established Center for Applied Cybersecurity Research and the new Ostrom Workshop Program on Cybersecurity and Internet Governance. Non-JD students are not required to affiliate with a Research Center.

Learning outcomes

  • Familiarity with U.S. federal and state laws and regulations and major judicial opinions concerning cybersecurity;
  • Familiarity with major U.S. federal and state regulators with responsibility for cybersecurity, their regulatory powers and jurisdiction, and other tools available to them;
  • Familiarity with major models of cybersecurity law in other parts of the world, and specifically their likely impact on U.S. institutions;
  • Familiarity with sources of information about cybersecurity issues, technologies, threats, and law, and the ability to assess their relevance, accuracy, and reliability;
  • The ability to assess cybersecurity laws, regulations, and judicial decisions in terms of their likely effectiveness, their impact on institutions and individuals, their efficiency, their cost-effectiveness, and other legal or policy issues they might raise;
  • The ability to assess new technologies, applications, products, and services in terms of the cybersecurity issues they may present and their lawfulness under existing law; and
  • An understanding of the broader context in which cybersecurity issues occur and other values that are likely to be implicated by efforts to address cybersecurity challenges, including information privacy, freedom of expression and association, efficient commerce, and national security.

In addition:

Students lacking familiarity with U.S. law will be expected to demonstrate:

  • A general understanding of the basic structure of U.S. law and the U.S. legal system

Students lacking familiarity with information technologies will be expected to demonstrate:

  • A general understanding of computers, networks, and mobile devices, and how they interconnect;
  • A basic understanding of “big data” analytics and algorithms; and
  • A basic understanding of authentication tools.