SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Postgraduate Diploma in Cybersecurity

SAQA QUAL ID	QUALIFICATION TITLE
118656	Postgraduate Diploma in Cybersecurity
ORIGINATOR
Nelson Mandela University
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
-			HEQSF - Higher Education Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Postgraduate Diploma	Field 10 - Physical, Mathematical, Computer and Life Sciences		Information Technology and Computer Sciences
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	120	Not Applicable	NQF Level 08	Regular-Provider-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Reregistered		EXCO 0333/25	2025-07-10	2028-07-10
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2029-07-10		2032-07-10

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The Postgraduate Diploma in Cybersecurity provides specialised knowledge in the Cybersecurity Information Technology field. It will equip learners with in-depth theoretical knowledge and skills in the Cybersecurity discipline. Cybersecurity involves technology, people, information and organization processes. This will give the learners the ability to relate the knowledge to a range of contexts to undertake professional cybersecurity work and research.

On completion of the qualification, qualifying learners will be able to:

Reflect and analyse current technologies/trends, practices, laws and research in cybersecurity.

Develop and implement Cybersecurity policies and measures in an organization.

Perform research reports in the Cybersecurity field.

Analyse and research Information and Cybersecurity to address the issues and demands related to Information Technology (IT) Security and more specifically Cybersecurity.

Compile research reports containing suggestions towards the improvement of cybersecurity and the related resources within an organization.

The qualification provides learners with the necessary Cybersecurity and research skills to advance into a Master's Degree in the Cybersecurity research field.

Rationale:
According to Chief Security Officer (CSO) Online and a Frost and Sullivan Global Information Security Workforce Study, the world faces a current and growing workforce shortage of qualified cybersecurity professionals and practitioners. The Government and Non-Government sources project nearly 1.8 million cybersecurity-related positions going unfilled by 2022. The Cybersecurity workforce demand is acute, immediate, and growing. The qualification is developed to meet the need for trained cybersecurity specialists nationally and internationally.

Cybersecurity is a relatively new and rapidly growing field that started as a grassroots response to the practical, everyday needs of business and other organisations. Today, organisations of every kind need cybersecurity professionals to develop and manage a cybersecurity strategy to ensure that they minimize and manage the risk of cyberthreats on their IT systems. National and international policies relating to cybersecurity must be considered when developing this strategy. A key factor to cybersecurity is the human factor. The users of Information Technology (IT) systems must be educated about the dangers of cyber-attacks and that cyber safety is key. This qualification aims to equip an individual to confidently and professionally address cybersecurity risk management in an organization. The qualification allows learners to develop integrated competencies in cybersecurity by examining the issues within cybersecurity relating to technology, people, information, organization processes. Further, the qualification will enable qualifying learners to confidently and professionally address cybersecurity risk management in an organization. The qualification allows professionals to strengthen and deepen their knowledge in the Cybersecurity field.

The Association for Computing Machinery (ACM) Education Board recognized the urgent need for cybersecurity qualifications in 2015 and took measures to develop comprehensive curricular guidance in cybersecurity education. The CSEC2017 Joint Task Force Team produced a Report in the Computing Curricula Series named Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity. This report defines Cybersecurity as a computing-based discipline involving technology, people, information and organization processes to enable assured operations in the context of adversaries. It involves the creation, operations, analysis and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics and risk management.

The Postgraduate Diploma in Cybersecurity addresses a need for providing a qualification that specializes in Cybersecurity in Information Technology at a postgraduate level. This postgraduate diploma will provide graduates with the skills to develop and implement Cybersecurity policies and measures in an organization, develop in-depth disciplinary skills in cybersecurity and perform research in the Cybersecurity field. To cater for full-time working professional people, the qualification will be offered on a limited-contact basis through block release. The qualification will allow currently employed staff with an NQF level 7 qualification alternative access to Masters in Information Technology specializing in Cybersecurity.

The theory and practical experience of this qualification will equip the learners to make a meaningful contribution to the economy and national development by ensuring optimal protection and security management of Information Technology resources within organizations. This is in line with the national need for IT professionals. The Institute of Information Technology Professionals South Africa (IITPSA), formerly Computer Society South Africa (CSSA), a recognised professional body has a long and proud history of service to, and representation of, South Africa's ICT professionals and practitioners, attracting a broad and active membership from all levels of the ICT Industry. This qualification has been aligned with the IITPSA requirements. The IITPSA are in support of this qualification as it will help the industry to employ new staff with the necessary cybersecurity background.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

Recognition of Prior Learning (RPL):
This qualification may be obtained in whole or in part through the Recognition of Prior Learning. Recognition of Prior Learning in the case of learners not complying with the formal entry requirements will be conducted in accordance with the policy and guidelines of the Institution concerning the recognition of other forms of formal, informal and non-formal learning and experience. The institution will apply in this qualification the RPL for both access and credits in line with the National Policy and Criteria for the Implementation of RPL (Amended in March 2019).

RPL for Access:
Learners who do not meet the minimum entry requirements of the required qualification may be considered for RPL. There are two options:

Advanced Standing, in which case the minimum entry requirements are waived by the admitting institution based on evidence of prior learning, work experience or any other relevant circumstances that may apply to an individual learner. No portfolio is required.
OR

Applicants may provide evidence in the form of a portfolio that demonstrates that the applicant has acquired sufficient relevant knowledge, skills, and competencies to be able to reasonably meet the expectations for learning demanded by the qualification for which they are seeking access.

In instances where RPL is applied for the purposes of access, no credits will be awarded for any previous learning. However, the candidate may choose the option of being assessed for credit.

RPL for credits:
Learners who do meet the necessary entry requirements for admission to a qualification may be awarded some or all the credits towards the qualification. There are two possibilities:

Learners may apply for RPL to be exempted from a module or some modules by providing sufficient evidence in the form of a portfolio that demonstrates that a level of competency, equivalent to the learning outcomes of the module or modules, has been achieved. Credits will be awarded for such modules.
OR

Learners may apply for RPL to be awarded all the credits required for the qualification. Sufficient evidence must be provided that demonstrates a level of competency equivalent to all the learning outcomes of the qualification.

Entry Requirements:
The minimum entry requirement for this qualification is:

Bachelor of Information Technology, NQF Level 7.
Or

Bachelor of Computer Science, NQF Level 7.
Or

Advanced Diploma in Information Technology, NQF Level 7.
Or

Advanced Diploma in Computer Systems Engineering, NQF Level 7.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification consists of the following compulsory modules at National Qualifications Framework Level 08 totalling 120 Credits.

Compulsory Modules, Level 8,120 Credits:

Information and Cybersecurity Principles, 15 Credits.

Professional Skills in Cybersecurity, 15 Credits.

Research Methodology, 12 Credits.

Research Report, 18 Credits.

Information Security Management, 15 Credits.

Information Security Governance, 15 Credits.

Cyber Safety, 15 Credits.

Technical Aspects in Information and Cybersecurity, 15 Credits.

EXIT LEVEL OUTCOMES

1. Apply the theory and practice of Information and Cybersecurity in IT in an organisation via a problem-based case study application.
2. Integrate Culture and Awareness into an Information and Cybersecurity strategy.
3. Conduct a systematic investigation into an Information and Cybersecurity topic.
4. Examine how Information and Cybersecurity is managed and governed in a provided IT context
5. Identify and manage the risks of cyber threats by using a range of specialised knowledge, skills, frameworks, technologies and ethical standards associated with Information and Cybersecurity in a given context.
6. Construct an effective communication report related to a provided information and cybersecurity context.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcome 1:

Identify and analyse vulnerabilities, risks and threats in a case study.

Evaluate and critique relevant security services.

Compare and contrast between Security and Privacy.

Identify and discuss the ethical implications that apply to Cybersecurity.

Explain and evaluate the Information and Cybersecurity Standards Operation Procedures and their impact on security solutions.

Associated Assessment Criteria for Exit Level Outcome 2:

Evaluate and critique strategies applied to Information and Cybersecurity.

Assess the role of Organizational Culture in Information and Cybersecurity.

Identify and analyse Social Media privacy concerns.

Design and implement Information and Cybersecurity Education, training and awareness initiative.

Associated Assessment Criteria for Exit Level Outcome 3:

Identify and solve Information and Cybersecurity problems.

Apply appropriate research methodological approach for the investigation.

Collect, organise, analyse and critically evaluate information to solve the Information and Cybersecurity problem.

Examine and evaluate the ethical implications for the investigation.

Create a research report adhering to relevant reporting standards.

Associated Assessment Criteria for Exit Level Outcome 4:

Analyse the relevant Information and Cybersecurity Standards and best practices.

Select and apply appropriate IT risk management strategy.

Evaluate IT Risk management processes within an organization.

Analyse and apply IT Governance principles within an organization.

Critique and evaluate the Management models within the Information and Cybersecurity space.

Develop and implement Information and Cybersecurity Policy framework for an organization.

Associated Assessment Criteria for Exit Level Outcome 5:

Evaluate and apply a threat model within an organization.

Identify and motivate appropriate security controls for a specific risk situation.

Identify and critique challenges of implementing security controls within the Information and Cybersecurity given context.

Analyse and apply security controls within a given context.

Associated Assessment Criteria for Exit Level Outcome 6:

Communicate effectively in the context of individual or teamwork.

Prepare and deliver a high-quality presentation on findings or proposals.

Produce high-quality written reports.

INTERNATIONAL COMPARABILITY

The qualification was compared to the following three international institutions. The focus of the comparison was on the admission requirements, purpose and qualification structure.

Country: New Zealand
Institution: Nelson Malborough Institute of Technology
Qualification Title: Post-Graduate Diploma in Information Technology (IT) Security Management
Admission requirements :

Bachelor's Degree in IT.
or

Bachelor's Degree in Computer Science.
or

Bachelor of Information Systems.

Purpose:
The qualification is aimed at undergraduates seeking a pathway into IT work or people already working in the IT sector looking for a move into managerial roles.

Exit Level outcomes:
Similar to the South African qualification, the qualifying learners will be able to:

Create and defend a research proposal and methodology for a selected research question or investigation

Critically evaluate the range of security techniques used by organizations to protect system and user data.

Recommend and justify appropriate metrics and evaluation methods that provide organizations with accurate information regarding the effectiveness of an IT strategy.

Evaluate potential security risks of Software solutions.

Qualification structure:
Similar to the South African qualification, the qualification consists of the following compulsory eight modules.

Research Methods in Information Technology and IT Management.

Ethical Hacking and Incident Handling.

Governance and Development of IT Security Programme and Policies.

Legal Aspects of IT Security, Privacy and Investigations.

Auditing of IT Assets.

Vulnerability Assessment and Risk Analysis.

IT Project Management.

Information Systems Development, Implementation and Support.

Comparison:
This Postgraduate diploma relates well to the South African Postgraduate Diploma in Cybersecurity. The admission requirement is that a learner must have a first undergraduate degree. The courses that are offered are a map to most of the modules in the South African curriculum. There is also a research component, where learners will need to create a research proposal.

Country: United Kingdom
Institution: Oxford Brookes
Qualification Title: Postgraduate Diploma in Computer Science for Cyber Security
Admission requirements :

Bachelor's Degree in Electronic Engineering.
or

Bachelor's Degree in Telecommunications.
or

Bachelor's Degree in Computer Science.
or

Bachelor's Degree in Computing Engineering

Purpose:
The qualification builds on the knowledge gained in a first degree to equip learners with advanced computer science and cyber security skills necessary to produce modern secure systems. The qualification is suited for learners working in the computing industry who wish to improve their skills.

Qualification structure:
The qualification constitutes the following compulsory modules.

Enterprise Networking covers the principles and practice of computer networking looking at how networks are used in modern enterprises.

Secure Systems Architecture covers the fundamentals of computer and network security and the ways that computer systems can be secured. This module will look at both the technological and human issues involved in securing and assessing the security level of a modern networked computer system. It also introduces basic concepts of operating systems and architecture.

Operating Systems Security and Development which builds on the foundations laid in Secure Systems Architecture to look at more complex operating systems concepts and technologies. This module also covers systems development and learners learn low-level systems programming which they put into practice by changing and extending existing operating systems.

Secure Programming looks at the analysis, design, and implementation of secure software. This module considers what software engineering principles can and should be used to help ensure the security of software in a range of environments. Learners will be taught the common classes of vulnerability at design and implementation stages and how they can be defended and mitigated against.

Malware Analysis looks at low-level programming tools and techniques for the creation, detection and defence against malware. Learners examine code at the assembler level using reverse engineering techniques, as well as network-level analysis of command and control structures, to obtain detailed information on malware. Learners investigate advanced malware anti-forensics tools, such as code obfuscation, and use mechanisms for defeating them.

Assessment:
The theory is reinforced in the practice where learners have the opportunity to use industry-standard tools and techniques in our dedicated security, server and networking laboratories which provide a safe space to practice both offensive and defensive security techniques.

Comparison:
The qualification spans three different qualifications that each have different requirements within the offering, Master of Science, Postgraduate Diploma and Postgraduate Certificate. The Postgraduate Diploma concentrates on the taught part of the Master of Science Degree. The admission requirements of the qualification are similar to the one offered by Oxford Brookes University. Most of the modules relate well to the Postgraduate Diploma in Cybersecurity. There is also research, scholarship, and professional skills, which is optional for the Postgraduate Diploma learners but maps to the research and professional skills within the South African qualification. The content of some modules of the qualification is more technical than the South African qualification as the modules would be focused on the electronic engineering-type skills. The Secure Systems Architecture module addresses multiple aspects, for example, Human Security and Systems Architecture aspects. The Postgraduate Diploma in Cybersecurity has different modules addressing these security aspects. Tools and Techniques are used to analyze the threats and cybersecurity issues and solutions.

Country: Ireland
Institution: Letterkenny Institute of Technology
Qualification Title: Postgraduate Diploma in Computing in Cybersecurity
NQF Level: 8
Admission requirements:

Bachelor of Information Technology in Computing, NQF Level 7 with three years of appropriate work experience.
RPL:
Similar to the South African qualification, candidates who do not hold the qualification may apply based on RPL which includes a combination of education, training and work experience.

Purpose:
Similar to the South African qualification, the objective of the qualification is to guide learners who have good general experience in and knowledge of technical computing and augment their skills and knowledge in readiness to begin a career in Cybersecurity. It is designed to ensure that graduates are given both a base for continuing self-development and a set of skills that are transferable to the broader computing industry. These skill sets are reinforced with a strong emphasis on teamwork.

In addition, the qualification is to produce graduates with the required hands-on skills to allow them to work and participate effectively in a Cybersecurity environment.

Qualification structure:
The qualification consists of the following compulsory modules covered in four blocks.

Block 1

Secure Infrastructure.

Cryptography.

Forensic Analysis.

Block 2

Software Compliance.

Information Security Management 1.

Block 3

Information Security Management 2.

Web Application Security.

Software Standards.

Block 4

Placement.

Similarities:

The qualification relates to the South African Postgraduate Diploma in Cybersecurity in terms of the admission requirements.

Both qualifications allow for RPL and the requirement of work experience with a level 7 qualification. Learners are required to have a good technical computing background. The qualification runs over four blocks and is practically oriented.

Both qualifications are registered at NQF Level 8.

Differences:

This qualification does not have a research component but is mainly offered for learners who want to begin a career in Cybersecurity while the structure of South African consists of the research component.

ARTICULATION OPTIONS

This qualification allows possibilities for both vertical and horizontal articulation.
Horizontal Articulation:

Bachelor of Commerce Honours in Information Systems, NQF Level 8.

Bachelor of Computing, NQF Level 8.

Bachelor of Commerce Honours in Business Information Systems, NQF Level 8.

Postgraduate Diploma in Computer Science, NQF Level 8.

Postgraduate Diploma in Computer Systems Engineering, NQF Level 8.

Vertical Articulation:

Master of Information Technology, NQF Level 9.

Master of Technology in Information Technology, NQF Level 9.

MODERATION OPTIONS

N/A

CRITERIA FOR THE REGISTRATION OF ASSESSORS

N/A

NOTES

N/A

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE