A Legal Approach to Cybersecurity

July 12, 2021

Students in Cleveland-Marshall’s Master of Legal Studies (MLS) in Cybersecurity and Data Privacy graduate uniquely prepared to enter and advance in the cybersecurity field. No other program provides the same quality of robust hands-on technical training as well as a 360 degree understanding of this complex field. Students from all backgrounds, including non-technical fields, learn the combination of legal, technical, and business skills needed to help organizations stay abreast of a constantly changing legal and regulatory landscape. All students that earn their Masters of Legal Studies in Cybersecurity and Data Privacy learn the legal approach to cybersecurity.

Develop Technical Skills, Even with No Technical Experience

Students in the MLS program begin acquiring technical depth in the first semester. “In the Cybersecurity I course,” says program faculty member Professor Spence Witten, “you run network vulnerability scans.“ He continues: “You learn how to break into an encrypted PDF. You look at real-world vulnerabilities. You discover stolen credentials online. And you do all this work on a live network.”  

The course is designed to be accessible to students who do not have technical experience. Hands-on labs expose students to the technical side of security in a way that is safe—and even fun! Questions are encouraged. The goal is to build confidence and prepare students for further study in the program.

“When students start,” says Witten, “they’re nervous.” “But we work through the issues in detail with them; we hold their hands and help them get through their labs.” 

Students complete additional technical courses, including a technical capstone project. Students emerge with the technical competency to understand a system’s IT operations. Graduates will know, for example, how to perform basic assessments of IT operations and what to do about those findings. 

The technical training gives students the confidence they can understand technical concepts and apply them to real-world challenges. “Our graduates walk into organizations prepared to sit at the table with technologists,” Witten says. “Our approach opens the door to extremely lucrative and rewarding careers.”

Legal Approach to Cybersecurity Includes A Law School Focus 

Cybersecurity is considered a technical field but its technical requirements are driven by the legal environment. The MLS in Cybersecurity and Data Privacy program is based in the law school because cybersecurity professionals require a firm grounding in the legal regulatory environment and a legal approach to cybersecurity.

Students in the program typically take a course in either American law or legal writing in the first semester. These early courses are based on the same training lawyers receive. Subsequent courses include a privacy law course that teaches risk management principles and how to integrate various regulatory requirements, some of which may be at odds with each other. Students learn how to weigh necessary tradeoffs and make decisions about balancing and mitigating risk. 

A HIPPA course that addresses health care law and privacy provides experience dealing with any very heavily regulated health care environment 

A cyber law course (taught by an international expert who formerly served as a senior Judge Advocate General, or JAG, attorney in the U.S. Air Force’s cyber academy) addresses the criminal law, international law, counter terrorism, and counterintelligence aspects of cybersecurity. Because entities based outside of the U.S. threaten the security of domestic IT systems, international relations are a core aspect of cybersecurity. As a cybersecurity professional you must understand your options in dealing with such threats, including when and how to engage with the government and law enforcement.  

Combining Legal and Technical Knowledge

Professor Brian Ray, director of Cleveland-Marshall’s Center for Cybersecurity Protection and founder of the Cleveland-Marshall’s MLS program, says that whether a cybersecurity professional works in a technical role, in compliance, or in business assessing risk, “they must be able to translate legal requirements–which can be very, very technical and obtuse–into operational requirements.” 

“Our program is grounded in that approach,” says Ray, “and it is our strength.” Students learn the on-the-job-skills needed to understand complex arrays of regulatory requirements, understand IT systems, assess threats, and make operational decisions.

Putting the Pieces Together: A Day in the Life of an MLS Graduate

After you graduate from the program, any cybersecurity position you pursue will require the blend of legal and technical skills you acquired in the program. To see how the skills you develop in the program apply to real-world jobs, consider an example where you accept a mid-level management position at a major financial services organization. In this role you might be responsible for the development, operations, maintenance, and continued improvement of a security component of an online banking system. 

Because the technical requirements of your organization are driven by legal regulatory requirements, you’ll use the combination of legal and technical skills you developed in the MLS program to run your organization: 

  • You’ll be familiar with, for example, the implications of the General Data Protection Regulation framework (a European framework for data protection), your state’s breach notification laws, the Gramm-Leach-Bliley Act, and standards of the PCI Security Standards Council
  • You may work with your software development team in the morning to make sure they’re on track building systems and tracking stakeholder requests. In the afternoon you might review regulatory compliance implications. 
  • You’ll make decisions about how your IT system will implement legal requirements. You may investigate the health of your system and assess its vulnerabilities. You don’t need to engineer software systems; people on your team will perform that work. You need to understand tradeoffs and communicate clearly with the people responsible for implementing decisions you make. 

Your role demands an interdisciplinary approach, and Cleveland-Marshall’s curriculum and approach is unique in the country in preparing you for that reality. Also, our program gives you the skills you need to secure rewarding and challenging positions, and the ability to build on your knowledge as you progress in your career.. 

Cleveland-Marshall’s Master of Legal Studies in Cybersecurity and Data Privacy

Cleveland-Marshall’s innovative online Master of Legal Studies (MLS) in Cybersecurity and Data Privacy takes an integrative approach to education, preparing professionals to understand the technical and business dimensions of cybersecurity and privacy as well as current laws and regulations. 

The part-time and fully online program is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland-Marshall College of Law and other leading practitioners in the field, with a focus on relevant, real-world experience. Also, the MLS degree is designed for professionals who need to understand the significant legal and business risks posed by cybersecurity and data privacy. Lastly, the program prepares graduates with the knowledge and necessary skills to enter these fast-growing fields and to advance to senior positions within organizations.

Important Dates

Aug

16

Priority Application Deadline

August 16, 2021

Aug

21

Fall Session Starts

August 21, 2021

Upcoming Events

Jurisdictional Conflicts

How to Start a Cybersecurity and Privacy Career

August 10, 2021 12:00 pm

Webinar Registration