Carnegie Mellon University

Courses

Core courses

17-631  Information Security, Privacy, and Policy
As layers upon layers of technology mediate increasingly rich business processes and social interactions, issues of information security and privacy are growing more complex too. This course takes a multi-disciplinary perspective of information security and privacy, looking at technologies as well as business, legal, policy and usability issues. The objective is to prepare students to identify and address critical security and privacy issues involved in the design, development and deployment of information systems. Examples used to introduce concepts covered in the class range from enterprise systems to mobile and pervasive computing as well as social networking. Format: Lectures, short student presentations on topics selected together with the instructor, and guest presentations Target Audience: Primarily intended for master students with a CS background or equivalent.  Also open to motivated undergrads as well as PhD students interested in a more practical, multi-disciplinary understanding of information security and privacy.

17-662 Computer and AI Law (A1 6-unit mini)
This course consists of the first half of the 12-unit course 17-762. Students in the Privacy Engineering and AI Governance programs may take the 12-unit version for 6 units of elective credit.. It is both a survey of computer law and an examination of how courts evaluate technological evidence in their decision-making. It deals with the most important and controversial issues in technology law today. The material is divided into six primary subjects: 1. Legal process: how courts operate, how lawsuits are conducted, what happens in appeals, who has to obey the determination of a court, over whom can a court exercise power, and regulatory law. 2. Evidence: what has to be proven to a court and how it is done, rules of evidence, burdens of proof, expert testimony. 3. Business Transactions: software licenses, clickwrap contracts, electronic transactions. 4. Personal Intrusions: social media, libel and defamation, data privacy, position monitoring. 5. Intellectual Property: trade secrets and confidentiality agreements. No legal background is required or assumed. This is not a law school course. Great effort is expended to keep the syllabus current based on breaking legal events. Therefore, the content and ordering of lectures may vary somewhat as the course progresses.

17-716 AI Governance: Identifying and Mitigating Risks in the Design, Development and Operations of AI Solutions 
As AI and machine learning systems become integral to products and services across industries, it is critical to identify and mitigate the risks associated with their design, deployment, and operation. This course examines the evolving landscape of AI governance, exploring both technical and organizational strategies for developing trustworthy and responsible AI systems. In 2025, the course expands to cover responsible development and governance of Agentic AI—systems capable of autonomous reasoning, planning, and collaboration. Students explore governance strategies across the AI lifecycle, including model alignment (RLHF, RLAIF), fairness, differential privacy, explainability, interpretability, and AI red teaming. The course integrates evolving policy and regulatory frameworks such as the EU AI Act, NIST’s AI Risk Management Framework, ISO/IEC 42001, and OECD guidelines. Case studies examine
responsible AI practices in foundation models, generative systems, and agent-based ecosystems. The course combines technical, policy, and management perspectives to equip students with the tools and frameworks needed to assess and mitigate AI-related risks.

17-731 Foundations of Privacy
Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed - statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule and the Gramm-Leach-Bliley Act), principled audit and accountability mechanisms for enforcing privacy policies, anonymous communication protocols - and other settings in which privacy concerns have prompted much research, such as in social networks, location privacy and Web privacy (in particular, online tracking & targeted advertising).

17-733 Privacy Policy, Law, and Technology
As new technologies are developed, they increasingly raise privacy concerns- the Web, wireless location-based services, and RFID are a few examples.  In addition, the recent focus on fighting terrorism has brought with it new concerns about governmental intrusions on personal privacy.  This course provides an in depth look into privacy, privacy laws, and privacy-related technologies.  Students will study privacy from philosophical, historical, legal, policy, and technical perspectives and learn how to engineer systems for privacy.  This course is appropriate for graduate students, juniors, and seniors who have strong technical backgrounds.  8-733 is for PhD students.  8-533 and 19-608 are for undergraduate students.  Masters students may register for any of the course numbers.  This course will include a lot of reading, writing, and class discussion. Students will be able to tailor their assignments to their skills and interests, focusing more on programming or writing papers as they see fit.  However, all students will be expected to do some writing and some technical work.  A large emphasis will be placed on research and communication skills, which will be taught throughout the course.

17-734 Usable Privacy and Security
Our “Usable Privacy and Security” course, developed at CMU in 2006 by faculty in three departments, is designed to introduce students to usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course was designed for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. In addition to faculty and guest lectures, students present and discuss usable privacy and security research papers. Students work in interdisciplinary teams on a project throughout the semester under the guidance of faculty mentors.

17-735 Engineering Privacy in Software
Privacy harms that involve personal data can often be traced back to software failures, which can be prevented through sound engineering practices. In this course, students will learn how to engineer privacy using modern methods and tools for software requirements, design and testing. This integration includes how to collect and analyze software and privacy requirements, how to reconcile ambiguous, inconsistent and conflicting requirements, and how to develop and evaluate software designs based on established privacy principles, including how to analyze design alternatives to reduce threats to personal privacy. After completing this course, students will know how to integrate privacy into the software development lifecycle and how, and when, to interface with relevant stakeholders, including legal, marketing and other developers in order to align software designs with relevant privacy laws and business practices.

17-702 Current Topics in Privacy Seminar

In this seminar course students will discuss recent papers and current public policy issues related to privacy. Privacy professionals from industry, government, and non-profits will deliver several guest lectures each semester.

Elective Courses

These are examples of some of the electives that will be offered. This list will change each semester. Students may count independent study credits or other courses as electives with the approval of their advisor.

Students interested in taking privacy or security courses as electives should review the Privacy and Security Course list.

Department

Course Number

Course Title

Units

 

Machine Learning Department

(MLD)

10601

Introduction to Machine Learning

12

10607

Computational Foundations for Machine Learning

6

10617

Intermediate Deep Learning

12

10623

Generative AI

12

10719

Federated and Collaborative Learning

12

10735 

Responsible AI

12

 

Language Technologies Institute (LTI)

11601

Coding & Algorithms Bootcamp

12

11681

AI Venture Studio

12

11711

Advanced Natural Language Processing

12

11767

On-Device Machine Learning

12

11785

Introduction to Deep Learning

12

 

Information Networking Institute (INI)

14684

Cyber Law and Ethics

6

14691

Special Topics: AI Ethics- Multidisciplinary Perspectives and Industry Insights

6

14757

Introduction to Adversarial Machine Learning

12

14812, 14821

Special Topics

6

 

 

 

Software and Societal Systems Department (S3D)

17611

Statstics for Decision Making

6

17630

Prompt Engineering

12

17635

Software Architectures

6

17636

DevOps: Engineering for Secure Development and Deployment

12

17637

Web Application Development

12

17683

Java for Application Programmers

6

17683

Data Structures for Application Programmers

6

17684

Ethics and Policy Issues in Computing 

6

17693

Negotiations for Software Leaders

6

Electrical and Computer Engineering (ECE)

18739

Special Topics in Security

12

18786

Introduction to Deep Learning

12

Integrated Innovation Institute (III)

49783

Introduction to Cloud Computing

12

Entertainment Technology

53730

Programming for Game Designers

12

Philosophy Department

80630

Ethical Theory

12

CM Institute for Strategy and Technology (CMIST)

84604

In the News: Analysis of Current US National Security Priorities

6

84665

The Politics of Fake News and Misinformation

12


School of Public Policy & Managment

90769

Critical AI Studies for Public Policy

6

90812

Python Programming I

6

90845

Social Entrepreneurship

6

 

 

Heinz

94800 Negotiation

6

94806 Privacy in the Digital Age

6

94807 Entrepreneurship: A New Venture 6
94808 Management Consulting 12
94842 Programming R for Analytics

6

94854 Developing as a Leader 6
94894 AI & Emerging Economies 12

 

 

 

 

Information Systems: Sch of IS & Mgt

95702 Distributed Systems for Information Systems Management 12
95703 Database Management 12
95718 Professional Speaking 6
95734 Managing Digital Business 12
95746 Cloud Security 6
95759 Malicious Code Analysis 6
95767 Cybersecurity for Artificial Intelligence & Machine Learning 6
95799 Linux and Open Source

6

95810 Blockchain Fundamentals 6
95835 Time Series Forecasting in Python 6
95866 Advanced Business Analytics 6
95881 Web Application Development 6
95883 Ethical Penetration Testing 6
95884 Network Defenses 6
95898 Introduction to Python 6
Computational Biology Department (CBD) 02613 Algorithms and Advanced Data Structures 12
Human Computer Interaction Department (HCI) 05618 Human AI Interaction 12
05899 Special Topics in HCI 12