How to Get a PhD or DBA in Computer Security

Today’s information infrastructure is making critical data more accessible than ever–and more vulnerable to intrusion and attack. The discipline of information and computer security emerged in the late 1990s to answer this threat. Since then, the academic community, the information technology profession, and the federal government have banded together in an unprecedented effort to attract new scholars, researchers, and specialists to the cause of securing cyberspace.

The doctoral degree in information security represents the highest qualification in the field. Available as a PhD or Doctor of Technology in computer or information security, the degree prepares graduates to advance research and technology development.

A Guide to the PhD and DBA in Computer Security

Information security emerged in response to the threat posed by Internet communications and rapidly expanding information networks. Federal agencies such as the Department of Commerce, the National Security Agency, and the Department of Defense joined forces with private sector IT associations and research universities with an ambitious goal: to train a new generation of security specialists capable of addressing dangerous vulnerabilities in the nation’s digital infrastructure. The National Plan for Information Systems Protection of 2000 and the Federal Information Security Management Act of 2002 (FISMA) set aside funds for addressing the acute shortage of qualified information security specialists.

Today’s specialized doctorates in information and computer security owe their existence to these early-21st century initiatives. The urgent need for security R&D coupled with a surge in public and private sector funding has fueled rapid development in the information security discipline.

Degree Field: Information Security, Computer Security, or Information Assurance?

The quest to secure cyber networks has led to the development of three interrelated academic disciplines: information security, computer security, and information assurance. These closely interrelated fields are distinguished primarily in their approach to the problem of cybersecurity. PhD and DBA degrees in each of these areas feature different methodologies and areas of concentration. For example:

  • A DBA or Phd in Information Security focuses on protecting the integrity of and access to data in any form.
  • Most PhD and DBA in Computer Security programs, in contrast, focus on the integrity of computer networks and transmission protocols rather than the data itself.
  • A graduate school offering a DBA or PhD in Information assurance, meanwhile, takes a broader view or the problem, incorporating the whole spectrum of information management and protection measures. Besides information security, information assurance (IA) is also concerned with developing intrusion detection and reaction systems.

For more information on the information security discipline, check out’s Online Education Guide. You’ll find descriptions of the academic paths in cybersecurity, including information assurance, information systems security, and network security technology.

Degree Type: PHD or DBA?

Information security and related fields also distinguish programs based on the degree awarded. Your options include the Doctor of Philosophy (PhD) and the Doctor of Business Administration (DBA). These doctorate degrees are equal in rigor and reputation, but different in their purpose.

  • The PhD in Information or Computer Security is an academic doctorate in the tradition of advanced science and technology research degrees. The purpose of the degree is first and foremost to train a new generation of academic R&D experts and scholars. The dissertation requires an original contribution to the field, and focuses on advancing fundamental theory and knowledge in information security.
  • The DBA in Information or Computer Security is a professional practice doctorate designed to prepare graduates for advanced leadership in private and public sector roles. The dissertation project emphasizes the applications of research as a means to solve specific security problems. Graduates develop practical strategies for implementing existing theory and cutting-edge technology in a real-world context.

You’ll find a general overview of doctoral degree types in the Online PhD Degrees and Doctoral Programs section of


The growing body of security research and scholarship has given rise to a diverse array of specialization options. Some of the concentrations you’ll encounter focus on a specific function of IT security, such as:

  • Security testing (also known as penetration testing or intrusion detection)
  • Information systems auditing
  • Business continuity planning
  • Digital forensics
  • Risk management

Others investigate a particular problem or application of information security strategies:

  • Network security
  • Application security
  • Cyberterrorism
  • Database and distributed systems security

Information assurance includes additional specializations in security information, as well as data preservation, identification, and extraction.

Career Track

Technology doctorate degrees offer broader career opportunities than many other advanced academic degrees. Even the PhD, which traditionally leads to university scholarship and teaching roles, supports corporate research and development career ambitions.

Demand for IT Security Professionals

A 2007 study by the IEEE found a precipitous increase in the number of computer science PhDs who take private industry jobs after graduation. In 2002, 65 percent chose an academic track and fewer than one-third pursued business or private-sector careers. By 2007, those figures were reversed: more than half of PhDs were going into private industry, with only one third remaining in academia. This trend is even more pronounced for holders of a PhD in Information Security, a function of the acute demand and high salaries security professionals enjoy in the private sector.

  • Career options for security specialists in professional practice include senior leadership, consulting, or research roles in military, government, corporate, or private think tanks.
  • Career options for security specialists in academia include university professor and senior research lead. Academics also pursue lucrative partnerships with public and private sector institutions, securing government research grants and private R&D investment contracts.

Researching your career options in computer and information security can help you focus your goals–and help you chart an academic course to help you achieve them. If you are unsure of your career objectives, take advantage of online career planning and assessment tools.

How to Apply for PhD and DBA Programs in Computer Security

An understanding of your academic and career options will help you navigate the logistics of applying to PhD or DBA in Information and Computer Security programs. The primary challenge you face is finding the programs that best fit your unique requirements–your goals, interests, priorities, learning preferences, and personal circumstances.

Find the Right Doctorate

The secret to a successful doctoral program search is careful planning. The following four steps structure the research process, allowing you to progressively focus your options until you arrive at a final list of six or so programs to which you’ll apply.

Step One: Develop a List of Accredited Programs

Start your quest for an information security doctorate by developing a list of schools. Since information and computer security are still emerging fields, you’ll find both standalone PhD and DBA programs and computer science programs with a security concentration. Many information security doctorates are offered under the aegis of the computer science or management information systems department.

Accreditation. Directories of accredited doctoral programs offer a valuable starting point in your search. Accreditation is the most fundamental qualification for a school–without it, you have no real assurance of the value of your degree, and you may not qualify for financial aid. Approved accrediting agencies conduct regular program evaluations to validate the quality of member institutions.

The major accreditation agencies for computer and information technology programs are the Engineering Accreditation Commission (EAC), the Computing Accreditation Commission (CAC), the Technology Accreditation Commission (TAC), and the Applied Science Accreditation Commission (ASAC). For state and regional accreditation agencies, consult the U.S. Department of Education’s comprehensive list of approved accreditation agencies.

Resources. Looking through the top industry-specific lists is a great place to start. Here are a few to browse:

  • ABET (formerly known as the Accreditation Board of Engineering and Technology) maintains a database of all the institutions accredited by the major national accreditation agencies listed above. Search for programs in computer science, information systems, or related fields.
  • The Computing Research Association (CRA), which represents over 200 computer science research institutions on the CRA Forsythe List, offers a searchable database of computer science PhD programs in the United States and Canada.
  • features a more focused selection of accredited online PhD and DBA programs in information and computer security.

Step Two: Online or Campus Format?

Focus your search by deciding on an online or campus delivery format. Your choice will depend on factors such as your learning style, life circumstances, and career goals.

Online PhD and DBA in Information and Computer Security programs offer flexible, self-paced programs ideal for the independent learner and for working professionals with busy lifestyles. The professional DBA in Information Security, which primarily serves mid-career adults, is typically offered online. Online graduate schools offer the advantage of a combined work-study curriculum. Students apply their learning directly in a professional context, and typically derive their dissertation project from this synergy.

Campus education is the traditional format of PhD degrees, and offer advantages for students engaging in original research. A campus program facilitates superior access to institutional facilities and the broader academic research community. Since faculty mentorship is an important part of the PhD in Information Security, campus programs offer an advantage for students working toward an academic career. Campus PhD candidates also enjoy access to teaching and research assistantships. Online PhD and DBA programs often require temporary campus residency to extend some of these benefits to online students.

Step Three: Explore Academic Programs

The academic program assessment represents the most substantive and research-intensive stage of your search. Fortunately, online resources can streamline the process.

Take into account the following factors as you explore your academic program options:

  • Faculty research
  • Specializations
  • Curriculum and course requirements
  • Special programs (research institutes, industry partnerships, etc.)

Faculty research interests offer the most effective guide to academic program emphases. Academic scholarship not only shapes the curriculum and course offerings, but also the research resources available to you. Aligning your interests with a potential faculty mentor’s scholarship ensures you’ll have the support you need to conduct groundbreaking research.

Resources. It’s not always easy tracking down this kind of information. Here are a few great places to start:

  • removes some of the legwork of program research through its automated matching system. Fill out an online form indicating your academic program criteria and the system automatically connects you with programs that fit your specifications. School representatives will contact you directly to answer your questions about the program.
  • School Web sites offer instant access to a range of program information, including course lists, faculty bios, links to faculty publications, degree requirements, and special programs.

Step Four: Evaluate Program Quality

Finally, vet your list according to selectivity and program quality. Your objective is to identify six or more programs that meet your quality standards without exceeding your competitiveness as an applicant. Admissions departments take into account your alma mater, your academic record, test scores, and recommendations when evaluating your application.

The following factors can help you decide which programs are right for you:

  • Reputation
  • Selectivity
  • Graduation Rate
  • Job Placement Statistics
  • Career Support Resources
  • Student Body Profile

Rankings offer a good overview of reputation and selectivity. Major rankings include:

School data publications offer admissions and career placement information. Use this information to gauge your admissions prospects as well as the career support resources available at different programs.

Preparing for a PhD or DBA Program in Computer Security

Identifying the best PhD or DBA programs for your career goals puts you on track for success. Each school will specify its own admissions and degree requirements. Expect to take the following steps when preparing for a doctoral degree:

  1. Prerequisite courses and degrees. A bachelor’s degree is the standard qualification. If your undergraduate degree is not in computer science or management information systems, you may have to complete prerequisite courses before beginning the program.
  2. Tests. Most PhD and DBA degree programs require the general GRE exam. In addition, you may be required to submit scores from the GRE subject exam in computer science or the TOEFL (for international students).
  3. Application materials. Gather materials for your application, including academic transcripts, test scores, and faculty or professional letters of recommendation.
  4. Financial aid. Arrange funding for your degree program through a combination of program financial support, private scholarships, corporate sponsorships, and federal student loans. PhD programs in computer or information security often offer teaching and research assistantships, as well as tuition waivers, stipends, and fellowships.

Joining the Academic Community

Careful planning and research ensures that you start your PhD or DBA in Information Security on the right foot. A sense of your academic interests and career objectives will sustain you as you work toward your degree. In the course of your time in the doctoral program, you’ll encounter an array of research projects, professional relationships, and career opportunities. Make the most of the academic experience by focusing your doctoral degree ambitions from the outset.


  • ABET, Search Accredited Programs
  • Capella University, Doctor of Philosophy (PhD) in Information Technology: Information Assurance and Security
  • Computing Research Association, CRA Forsythe List
  • Federal Information Security Management Act of 2002
  • George Mason University, PhD IT Concentration in Information Security and Assurance
  • IEEE Computer Society
  • IEEE Computer Society, Computer Science PhDs: More Grads Choose Private Industry than Academia, by Margo McCall
  • Information Systems Security Association
  • National Research Council, Assessment of Research Doctorate Programs
  • Software Engineering Institute, Carnegie Mellon, Carnegie Mellon Educates Next Generation of Information-Security Experts
  • The White House, National Plan for Information Systems Protection: Executive Summary
  • U.S. Department of Education, Database of Accredited Postsecondary Institutions and Program
  • U.S. News & World Report, Best Graduate Schools
Our Partner Listings