SAQA All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.
SOUTH AFRICAN QUALIFICATIONS AUTHORITY 
REGISTERED QUALIFICATION: 

Advanced Certificate in Information Security 
SAQA QUAL ID QUALIFICATION TITLE
117408  Advanced Certificate in Information Security 
ORIGINATOR
Richfield Graduate Institute of Technology Pty Ltd 
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY NQF SUB-FRAMEWORK
CHE - Council on Higher Education  HEQSF - Higher Education Qualifications Sub-framework 
QUALIFICATION TYPE FIELD SUBFIELD
Advanced Certificate  Field 10 - Physical, Mathematical, Computer and Life Sciences  Information Technology and Computer Sciences 
ABET BAND MINIMUM CREDITS PRE-2009 NQF LEVEL NQF LEVEL QUAL CLASS
Undefined  120  Not Applicable  NQF Level 06  Regular-Provider-ELOAC 
REGISTRATION STATUS SAQA DECISION NUMBER REGISTRATION START DATE REGISTRATION END DATE
Reregistered  EXCO 0821/24  2020-07-30  2027-06-30 
LAST DATE FOR ENROLMENT LAST DATE FOR ACHIEVEMENT
2028-06-30   2031-06-30  

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.  

This qualification does not replace any other qualification and is not replaced by any other qualification. 

PURPOSE AND RATIONALE OF THE QUALIFICATION 
Purpose:
The purpose of the Advanced Certificate in Information Security is to provide a learner with the necessary expertise and knowledge to take on appropriate professional positions in the information technology industry and in particular, in the field of information security.

This qualification seeks to provide learners with the aptitude and courage to deal with the responsibilities connected to the information technology field and respond to challenges, both internal and external to the organisation, including the international environment.

It will also equip learners with the technical skills and reflective competences to deal with the broad-based information technology issues related to optimising the competitive positions of the organisation by acquiring competencies relating to computer and information security. In essence, the focus of this qualification is to improve the practice of information security.

Learners will be able to apply critical technical skills; interrogate specific case situations and recommend solutions to particular information security-related problems. This approach facilitates the application of theory to practice and practice to theory. Further, the qualification will prepare the learner as a competent Information Technology Security specialist capable of being pro-active and responding positively to dynamically evolving Information Technology environment, intersecting national and international business practice to ensure uniformity, growth and sustainability.

Rationale:
The introduction of Information and Communication Technology (ICT) into many aspects of everyday life has led to the development of the modern concept of the information society. The availability of ICTs and new network-based services offer several advantages for society in general, especially for developing countries. ICT applications, such as e-government, e-commerce, e-education, e-health and e-environment, are seen as enablers for development, as they provide an efficient channel to deliver a wide range of essential services. ICT applications can facilitate the achievement of the Sustainable Development Goals, reducing poverty and improving health and environmental conditions in developing countries.

However, the growth of the information society leads to new and severe threats. Essential services such as water and electricity supply now rely on ICTs, as do most businesses and organisations, as well as citizens.

Attacks against information infrastructure and Internet services have already taken place. In contrast, online fraud and hacking attacks are just some examples of computer-related crimes that are committed on a large scale every day. The financial damage caused by cybercrime is enormous.

This 'digital paradox' means that while governments and organisations can offer more services, more quickly, than ever before, yet at the same time cybercrime has become a powerful countervailing force that limits that potential.

While technology introduces greater variety and convenience into our lives, it also opens more and more avenues for people to be targets of cybercriminals. International and domestic cybercriminals increasingly view businesses and private individuals as attractive targets for a range of cybercrime.

The demand and the statistics of the National Scarce Skills list for South Africa (2014), published by the Department of Labour, also identify scarce and critical skills required by the country with the proliferation of cyber-attacks and the increasing effectiveness of cybercriminals, organisations and indeed nation-states are increasingly finding themselves vulnerable and at risk. Knowledge of the Cyber domain is the first and vital step in developing a comprehensive response to cyber-attacks.

The urgent demand for competent personnel has been increasing over time. These are key drivers that have encouraged the institution to offer this qualification in the broader Information Technology field.

The qualification also seeks to address the five critical areas to building a developmental information society as identified by the South African Department of Telecommunications and Postal Services, and specifically concerning the emerging digital and knowledge economy as envisaged the Fourth Industrial Revolution. In particular, the underlying technologies and platform relating to, among other things:
  • E-Governance;
  • E­Skills Development;
  • SMME Development;
  • Information Ethics; and
  • ICT Rural Development.

    These sectors are particularly vulnerable to information and security breaches which must be countered for these initiatives to have an impact on society at large. 
    		•

    LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING 
    Recognition of Prior Learning (RPL):
    Recognition of Prior Learning (RPL) can widen access to education and training and enhance the qualification status of historically disadvantaged adults and youths. By enabling people to apply what they already know and can do, RPL can reduce barriers and create opportunities that will lead to greater social and economic prosperity. The institution recognises the importance of RPL as an admission requirement.

    Learners may obtain this qualification in part through the Recognition of Prior Learning.

    Learners must meet the following criteria for recognition to gaining entrance into the qualification:
  • Learning acquired through work and life experiences will be clearly articulated and supported by evidence in their portfolios for examination during the interview process.
  • Senior or line managers may recommend RPL for prospective learners.
  • Emphasis will be on motivation and aspiration of the learner prior and current job experiences, details of in-house company training, short courses attended and future vision of the learner.

    Entry Requirements:
    The minimum entry requirement for this qualification is:
  • Higher Certificate in Information Technology, NQF Level 5. 
    		•

    RECOGNISE PREVIOUS LEARNING? 

    QUALIFICATION RULES 
    This qualification consists of the following compulsory at National Qualifications Framework Level 6 totalling 125 Credits.

    Compulsory modules, 125 Credits:
  • Fundamentals of Information Security, 15 Credits.
  • Security Management Best Practices, Risk and Governance, 15 Credits.
  • Networking Fundamentals, 15 Credits.
  • Policy, Legislative and Issues in Cyber Security, 15 Credits.
  • Web Security, 15 Credits.
  • Network Security, 15 Credits.
  • Cyber Incident Analysis and Response, 10 Credits.
  • Project, 10 Credits.
  • WIL, 15 Credits. 
    		•

    EXIT LEVEL OUTCOMES 
    1. Develop an informed understanding of the impact and risk associated with Information and Communication Technology in today's society.
    2. Understand the evolution of the Cybersecurity domain, threat actors and threat vectors and the impact on organisations, sectors and nation-states.
    3. Understand South Africa's Cybersecurity policy and legislative framework; build and implement a cybersecurity strategy, cybersecurity plan and policies.
    4. Unpack the critical controls for cyber defence and develop practical ways of developing Cybersecurity capacity both at an organisational level and across sectors.
    5. Apply knowledge in the use of various Computer Security techniques in assuring safeguarding networks from Cyberattacks. 

    ASSOCIATED ASSESSMENT CRITERIA 
    Associated Assessment Criteria for Exit Level Outcome 1:
  • Demonstrate in-depth knowledge of the evolution of the cybersecurity domain.
  • Illustrate the understanding of malware and the need to take preventative measures thereof.
  • Demonstrate the need for the formulation of cybersecurity policies and the evaluation of the legislative environment.
  • Assess and evaluate a detailed explanation of the Deep and Dark Web and the risks of utilising the TOR browser.

    Associated Assessment Criteria for Exit Level Outcome 2:
  • Provide in-depth knowledge of the evolution of the cybersecurity domain and the importance for organisations and nation-states to prepare for cyber-attacks.
  • Assess the various threat vectors and threat actors to an organisation and the impact it has on organisations business processes.
  • Identify and assess the role threat vectors and threat actors play in cyber warfare and the new threats it poses to nation-states.

    Associated Assessment Criteria for Exit Level Outcome 3:
  • Demonstrate in-depth knowledge of South Africa's Cyber Security Policies and legislative frameworks.
  • Demonstrate the process of developing a cyber-security strategy that will assist in the safeguarding of organisations and nation-states against cyber-attacks.
  • Illustrate the stages of development needed to implement cybersecurity plans and policies.

    Associated Assessment Criteria for Exit Level Outcome 4:
  • Provide the development of an incident preparation strategy in the event of a cyber-security attack.
  • Illustrate the various incident detection tools and analysis detection methods that are available.
  • Implement the various Incident Detection as a defence against cyber-attacks.
  • Develop and assess proactive and post-incident cyber services.

    Associated Assessment Criteria for Exit Level Outcome 5:
  • Demonstrate the various network intrusion detection systems in the protection of data.
  • Assess and implement the application of a Denial of Service defence against malicious attacks.
  • Provide the need for the application of security protocols on a computer network to safeguard data.
  • Identify the importance of conducting and applying Authentication Conditioned-safe Ceremonies.

    Integrated Assessment:
    Assessment integrates with most modules, and learners complete a series of assignments as they progress to build a portfolio. Tasks included in portfolios may consist of projects, case studies, essays, simulations, experiments, assignments, online activities, interactions, and presentations. The examination serves as the summative assessment, which evaluates the achievement of outcomes and mastery of the larger body of knowledge which forms part of the curricula. Learners undertake the final examination under normal exam conditions.

    The qualification also consists of a research and development project comprising an advanced application of mathematical modelling, computer programming and or computer hardware implementation, which requires an integration of acquired knowledge. The outcomes of the assessment are based on practical demonstration of results achieved and a written report, which must clearly show that a thorough scientific process was followed to arrive at conclusions. 
    		•

    INTERNATIONAL COMPARABILITY 
    This qualification is comparable with other quality qualifications offered internationally. The benchmarking was done at the module level as follows:

    1. Country: UK.
    Institution: University of York.
    Name of Qualification: Certificate in Advanced Cyber Security.

    Purpose of Qualification:
    The purpose of the Certificate in Advanced Cyber Security qualification is to equip learners with the skills and knowledge required by organisations in protecting themselves against security threats. This purpose aligns with the purpose of Richfield's Advanced Certificate in Information Security qualification, which is about equipping learners with knowledge and expertise in security. Also, the content of the modules for University of York's qualification, such as Security and Risk Management, Security Architecture, Communication and Network Security is similar to the content of the modules for Richfield's qualification, such as Security Management Best Practices, Risk and Governance, Fundamentals of Information Security, Network Security and Cyber Incident Analysis and Response respectively. The difference is that the University of York's qualification offered through a blended learning approach while Richfield's qualification is offered via distance learning mode.

    2. Country: USA.
    Institution: University of Denver.
    Name of Qualification: Graduate Certificate in Information Systems Security.

    The purpose of the Graduate Certificate in Information Systems Security qualification is to enable learners to attain security knowledge and skills that are relevant to the industry. This is similar to the purpose of Richfield's Advanced Certificate in Information Security qualification. The content of the modules for the University of Denver's qualification, such as Principles of Information Security, Disaster Recovery and Business Continuity Planning, Identity and Access Management, Application Security, Networks and Database Security is similar to the content of the modules for Richfield' Advanced Certificate in Information Security, such as Fundamentals of Information Security, Security Management Best Practices, Risk and Governance, Networking Fundamentals, Network Security, Web Security and Cyber Incident Analysis and Response. The difference is that the University of Denver's qualification consists of electives modules, whereas Richfield's qualification consists of only core modules. Both qualifications have a duration of 1 year. The University of Denver's qualification is offered online and evening, whereas Richfield's qualification is only offered online.

    3. Country: Canada.
    Institution: Athabasca University.
    Name of Qualification: Graduate Certificate in Information Security.

    The Athabasca University's qualification contains modules such as Ethical, Legal, and Social Issues in Information Technology, Enterprise Computer Networks, Enterprise Information Security, Cloud Computing, which are similar to the content of the modules for Richfield's Advanced Certificate in Information Security, such as Policy, legislative and Issues in Cyber Security, Network Security, Fundamentals of Information Security, Networking Fundamentals and Security Management Best Practices, Risk and Governance. The difference is that Richfield's qualification contains only core modules, whereas the Athabasca's qualification contains elective modules. The duration for Richfield's qualification is one year while the duration for Athabasca's qualification is 1.5 years. 

    ARTICULATION OPTIONS 
    This qualification allows possibilities for both vertical and horizontal articulation.

    Horizontal Articulation:
  • Advanced Certificate in Information Technology, NQF Level 6.

    Vertical Articulation:
  • Diploma in Information Technology, NQF Level 6. 
    		•

    MODERATION OPTIONS 
    N/A 

    CRITERIA FOR THE REGISTRATION OF ASSESSORS 
    N/A 

    NOTES 
    N/A 

    LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION: 
     
    NONE 


    PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION: 
    This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.
     
    1. Richfield Graduate Institute of Technology Pty Ltd 


    All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.