SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Advanced Occupational Diploma: Chief Information Officer: Cybersecurity

SAQA QUAL ID	QUALIFICATION TITLE
121968	Advanced Occupational Diploma: Chief Information Officer: Cybersecurity
ORIGINATOR
Development Quality Partner - BANKSETA
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
-			OQSF - Occupational Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Advanced Occupational Dip	Field 10 - Physical, Mathematical, Computer and Life Sciences		Information Technology and Computer Sciences
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	120	Not Applicable	NQF Level 07	Regular-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Registered		EXCO 1121/24	2024-01-30	2029-01-30
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2030-01-30		2033-01-30

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The purpose of this qualification is to prepare a learner to operate as a Chief Information Officer: Cybersecurity.

A Chief Information Officer: Cybersecurity ensures the effective and holistic management of the risks, threats and resiliency of cybersecurity within an organisation. This could include information security, fraud and physical security. They are accountable to build cybersecurity vigilance and resiliency across the operations, leveraging best in class capabilities and processes relating to threat analysis, threat intelligence, protection tools and subject matter expertise. The Chief Information Officer: Cybersecurity is accountable for protecting the organisations, its customers and its employees, as well as society at large, from the negative effects of cyber-crime and fraud.

A competent learner will demonstrate among others the following key attributes: complex thinking, deft communication, diplomacy, executive leadership, strategic orientation, critical thinking, emotional intelligence, analytical skills.
A qualified learner will be able to:

Oversee the cybersecurity function; and

Lead the provision of secure Information Technology systems.

Rationale:
There is a shortage of cybersecurity professionals, particularly for positions in governments, which create high levels of risk. Current Information Technology professionals may not be fully trained in information security tactics, strategy and leadership. They help develop new ways to combat cyber threats, and are the main line of defence against spamming, phishing, malware, viruses, and other information security threats. As cyber-attacks have increased, so has the demand for trained professionals to prevent and counter such attacks.

Organisations rely more heavily on technology to help manage their daily lives, as such the threat of cyber-crime continues to escalate. Economies lose billions of dollars and, governments are threatened by the risks posed by nefarious attacks on the key digital systems.
In recent years, large-scale cyber-attacks have affected major companies. Data breaches compromise personal information, bank records, credit card numbers and other private information, including usernames, passwords, emails, phone numbers and addresses.

Information Technology professionals shall hone their skills through this cybersecurity qualification and benefit the organisations. It shall enable learners to devise strategies and methods to prevent and counter cyber-attacks on both public and private organisations, thus saving millions of revenues in potential loss of trust from clients and service provision. Typical learners for the qualification are those who are employed as Cybersecurity practitioners wishing to advance to managerial and leadership roles in cybersecurity.

This qualification will enable cybersecurity officials to progress to specialist roles, middle and senior management levels. The holders of qualification do not require professional registration to practice.

The qualification also provides a unique tool to facilitate appropriate recognition of learning gained over time. It will promote high standards of safety within the digital economy, as part of the national development plan. This qualification supports the economic development needs of society. The qualification was developed in collaboration with the Information and Communication Technology Sector, central and commercial banking sectors.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

Recognition of Prior Learning:

Learners will gain access to the qualification through RPL for Access as provided for in the QCTO RPL Policy. RPL for access is conducted by accredited education institution, skills development provider or workplace accredited to offer that specific qualification/part qualification.

Learners who have acquired competencies of the modules of a qualification or part qualification will be credited for modules through RPL.

RPL for access to the external integrated summative assessment:
Accredited providers and approved workplaces must apply the internal assessment criteria specified in the related curriculum document to establish and confirm prior learning. Accredited providers and workplaces must confirm prior learning by issuing a statement of result.

Entry Requirements:

NQF Level 6 qualification in Information Technology, Computer Science or Cybersecurity.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification is made up of compulsory Knowledge, Practical Skill and Work Experience Modules:

Knowledge Modules

133101-001-00-KM-01 Management, Leadership and Governance Principles within a Cybersecurity Context, NQF Level 7, 20 Credits.

133101-001-00-KM-02 Concepts and Principles Underpinning the Provisioning of Secure ICT within an Enterprise, NQF Level 7, 20 Credits.

Total number of credits for Knowledge Modules: 40

Practical Skill Modules

133101-001-00-PM-01: Legal Advice and Advocacy, NQF Level 7, 12 Credits.

133101-001-00-PM-02: Cyber Training and Education, NQF Level 7, Credits 12.

133101-001-00-PM-03: Strategic Planning and Policy Development, NQF Level 7, 6 Credits.

133101-001-00-PM-04: Executive Cybersecurity Leadership Practices, NQF Level 7, 10 Credits.

Total number of credits for Practical Skill Modules: 40

Work Experience Modules

133101-001-00-WM-01: Cybersecurity Instruction and Training Processes, NQF Level 7, 10 Credits.

133101-001-00-WM-02: Information Systems Management Processes, NQF Level 7, 10 Credits.

133101-001-00-WM-03: Communications Security Management Processes, NQF Level 7, 10 Credits.

133101-001-00-WM-04: Cybersecurity Workforce planning and development management processes, NQF Level 7, 10 Credits.

Total number of credits for Work Experience Modules: 40

EXIT LEVEL OUTCOMES

1. Oversee the cybersecurity function within the ethical, legal and professional context.
2. Lead the provision of secure Information Technology systems using a range of enquiry methods.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcome 1:
ELO 1: Oversee the cybersecurity function within the ethical, legal and professional context.

Provide legally sound advice and recommendations to leadership and staff on a variety of relevant topics within cybersecurity.

Develop legally sound cases on behalf of clients using a wide range of written and oral work products, including legal briefs and proceedings.

Analyse, develop and provide cybersecurity education and training, using appropriate and innovative methods, and techniques. (This includes but is not limited to the development, planning, coordinating delivery and evaluation of the education and learning.)

Analyse and monitor Cybersecurity qualifications of an information system or network, including managing information security implications within the organisation, specific qualification, or other area of responsibility, including strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.

Analyse, develop and advocate changes in policy that support organizational cyberspace initiatives or required changes/enhancements for.

Supervise, manage and lead work and workers performing cyber and cyber-related operations.

Justify decisions and actions drawn on appropriate ethical values and approaches.

Associated Assessment Criteria for Exit Level Outcome 2:
ELO 2: Lead the provision of secure Information Technology systems using a range of enquiry methods.

Oversee, evaluate, analyse and support documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology systems meet the organization's cybersecurity and risk requirements.

Identify, evaluate, analyse, resolve and manage risk, compliance and assurance from internal and external perspectives.

Develop and code new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.

Identify, evaluate, analyse, resolve challenges, and develop system concepts and works on the capabilities phases of the systems development life cycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.

Conduct information technology assessment and integration processes.

Evaluate, provide and support prototype capability and / or its utility.

Consult customers to gather and evaluate functional requirements and translate these requirements into technical solutions.

Provide guidance to customers about applicability of information systems to meet business needs.

Develop and conduct tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.

Develop development phases of the systems development life cycle.

Evaluate suitability of the development methods of systems development life cycle in a range of operational contexts.

Apply IT systems development life cycle methods to resolve problems or introduce change within the cybersecurity function.

Integrated Assessment
Integrated Formative Assessment
The Skills Development Providers will use the curriculum to guide them on the stipulated internal assessment criteria and weighting. They will also apply the scope of practical skills and applied knowledge as stipulated by the internal assessment criteria. This formative assessment leads to entrance into the integrated External Summative Assessment.

Integrated Summative Assessment
An External Integrated Summative Assessment, conducted through the relevant QCTO Assessment Quality Partner is required to issue this qualification. The External Integrated Summative Assessment will focus on the Exit Level Outcomes and Associated Assessment Criteria. Additional to the written assessment the learner must also submit a portfolio of evidence compiled of outcomes achieved in the workplace.

INTERNATIONAL COMPARABILITY

This Advanced Occupational Diploma was compared with two qualifications in Australia and the United Kingdom.

Australia
The Bachelor of Cybersecurity that is offered by Deakin University consists of sixteen core unit standards and a compulsory internship. The qualification can be achieved over a three-year period full-time or part time. The qualification is pitched at AQF Level 7. Some of the core components include industry certifications. The following provides an overview of the learning content.

Modules and Credits of this qualification are as follows:

Real World Practices for Cyber Security (Level 1 and 2), 30 Credits.

Secure Coding (Level 1 and 2), 30 Credits.

Computer Crime and Digital Forensics (Level 1 and 2), 30 Credits.

Ethical Hacking (Level 1 and 2), 30 Credits.

Introduction to Programming (Level 1 and 2), 30 Credits.

Computer Systems, 30 Credits.

Discrete mathematics, 30 Credits.

Secure Networking, 30 Credits.

Object Orientated Development, 30 Credits.

Professional Practice in Information Technology, 30 Credits.

Cyber Security Analytics, 30 Credits.

Computer Crime and Digital Forensics, 30 Credits.

IT Career Development, 30 Credits.

Malware Analysis, 30 Credits.

Network Forensics, 30 Credits.

The qualification also requires 90 Credits from a recognised undergraduate ICT qualification that must be done as electives and 90 Credits of workplace experience as part of an internship that must be completed at a recognised institution.

The total credit for the qualification is 630 Credits to be completed over a three-year period. Entry requirements is an AQF Level 4 qualification.

Similarities
Both qualifications are at the same exit level, focus on workplace application, and the workplace component exceeds 20% of the total learning requirements. The technical components of both qualifications are similar and based on globally accepted frameworks for cyber security.

Differences
The major difference between these two qualifications is that the South African Advanced Occupational Diploma: Chief Information Officer: Cybersecurity qualification emphasises strategic leadership element, has shorter duration and provision is made for an appropriate career path. The entry requirements for the Advanced Occupational Diploma is an NQF Level 6 qualification, as opposed to AQF Level 4 qualification, which is lower.

United Kingdom
Southeast University offers a Bachelor of Science in Cybersecurity. The overall aim of the qualification is to prepare learners to be leaders in the protection of information systems. The qualification is delivered with workplace exposure and can be completed over a four-year period.

The following are modules that are covered in this qualification:

Introduction to Computer Programming.

Computer Science l.

Discrete Structures I.

Computer Science ll.

Computer Systems & Assembly Language.

Computer & the Posix Environment.

Computer Operating Systems.

Database.

Software Engineering I.

Capstone Experience.

Mobile Computing.

introduction to Cybersecurity.

Information Security & Assurance.

Information Security in System Administration.

Web Application Security.

Computer Forensics.

Cloud Computing.

Introduction to Cyber Operations.

Web Development & Security.

Security in Data Protocols.

Elementary Probability & Statistics.

Mathematical Cryptography.

Introduction to Networks.

Data Communications.

Routing & Switching Essentials.

Similarities
Both qualifications have compulsory workplace component, technical components of the two qualifications are based on the globally accepted frameworks for cybersecurity. Both qualifications used the same competency framework to identify the required knowledge and practical skills.

Differences
The major difference between these two qualifications is that the South African Advance Occupational Diploma: Chief Information Officer: Cybersecurity qualification covers strategic and leadership elements, and with shorter duration.

Conclusion
The content, level, qualification components, delivery of the two international qualifications compare favourably to the South African Advanced Occupational Diploma: Chief Information Officer: Cybersecurity. The South African occupational qualification includes the required strategic, leadership and governance aspects which makes it more industry aligned qualification.

ARTICULATION OPTIONS

This qualification provides opportunities for horizontal and vertical articulation options.

Horizontal Articulation:

There are currently no registered horizontal articulation possibilities within the sub-framework.

Advanced Diploma in Administrative Information Management, NQF Level 7.

Vertical Articulation:

There are currently no registered vertical articulation possibilities within the sub-framework.

Diagonal Articulation
Postgraduate Diploma in Knowledge and Information Systems Management, NQF Level 8.

NOTES

Qualifying for External Assessment:
To qualify for an external assessment, learners must provide proof of completion of all required knowledge and practical modules by means of statements of results and a record of completed work experience.

Additional Legal or Physical Entry Requirements:

None.

Criteria for the accreditation of providers
Accreditation of providers will be done against the criteria as reflected in the relevant curriculum on the QCTO website.

The curriculum title and code are: Chief Information Officer: Cybersecurity: 133101-001-00-00,

Encompassed Trade:
This qualification encompasses the following trades as recorded on the NLRD:

None.

Assessment Quality Partner (AQP)

Banking Sector Education and Training Authority (BANKSETA).

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE