SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Advanced Occupational Certificate: Cybersecurity Practitioner

SAQA QUAL ID	QUALIFICATION TITLE
122068	Advanced Occupational Certificate: Cybersecurity Practitioner
ORIGINATOR
Development Quality partner - BANKSETA
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
-			OQSF - Occupational Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Advanced Occupational Cert	Field 10 - Physical, Mathematical, Computer and Life Sciences		Information Technology and Computer Sciences
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	120	Not Applicable	NQF Level 06	Regular-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Registered		EXCO 1121/24	2024-01-30	2029-01-30
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2030-01-30		2033-01-30

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The purpose of this qualification is to prepare a learner to operate as a Cybersecurity Practitioner.

A Cybersecurity Practitioner assures the integrity and stability of digital, Information and Communication Technology (ICT) systems and processes within an organisation. Mitigates the organisational risks associated with cyber intrusions, attacks, and manipulation by determining the short, medium, and long-term risks associated with the identified cybersecurity vulnerabilities. Develops and implements appropriate actions and initiatives for preventing and mitigating these risks by project managing risk prevention and elimination actions. Reports on security maintenance compliance, supporting relevant change initiatives and investigating specific events to determine the potential risk impact. Learners will demonstrate the following key attributes: Modesty, altruism, composure, scientific, inquisitiveness, appropriate scepticism, responsiveness, and diligence.

A qualified learner will be able to:

Provide specialised denial and deception operations and collect cybersecurity information that may be used to develop intelligence.

Performs highly specialised review and evaluate incoming cybersecurity information to determine its usefulness for intelligence.

Investigate cybersecurity events or crimes related to information technology systems, networks, and digital evidence.

Initiate and manage cybersecurity risk mitigation and preventative actions.

Rationale:
Enterprise data and infrastructure protection has become one of the most critical roles of Information Technology (IT) due to the rise in cyber-Attacks. Vast quantities of sensitive data are transmitted digitally as transactions are made. Organisations store data creating veritable gold mines for hackers to steal valuable information, commit denial-of-service attacks, or simply create havoc. There is a need for people with cybersecurity skills to protect our data and defend organisational IT integrity.

Cybersecurity is required in every domain, from the government to corporate, military to medical, financial to personal as each collect, stores and transmits sensitive data. As the amount of digital data and transactions grow, so does the need for cyber security professionals in various roles within organisations. This qualification is specifically targeted at developing some of the Practitioner skills required within the cybersecurity field. In this qualification the focus is on extending those fundamental skills and building the broader basis from which the learner will be able to specialise in specific systems or areas of cyber protection.

The qualification shall benefit learners who are in the IT field and want to specialise in cybersecurity. This qualification will allow entry into the specialised field of cybersecurity through a hands-on practical approach. The qualification will also use the host of existing industry recognised certificates and tools for the recognition of prior learning, therefore fast-tracking people towards the achievement of a nationally recognised occupational qualification.

With this qualification, learners will be able to be employed as: Cybersecurity Auditor, Computer Forensics Expert and Cybersecurity Engineer. The professionalisation of the cybersecurity sector will support the need to create an appropriate layer of protection. As people rely more heavily on technology to help manage their daily lives, the threat of cyber-crime continues to escalate. Cyber threats pose one of the gravest national security dangers that a country faces, which lead to losses of Billions, disrupts services and efficient functioning of economies.

No professional registration or licencing is expected for Cybersecurity Practitioners or Analysts to seek employment in the sector.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

RPL for access to a qualification
Learners will gain access to the qualification through RPL for Access as provided for in the QCTO RPL Policy. RPL for access is conducted by accredited education institution, skills development provider or workplace accredited to offer that specific qualification/part-qualification.

RPL for exemption from modules
Learners who have acquired competencies of the modules of a qualification or part-qualification will be credited for modules through RPL.

RPL for access to the external integrated summative assessment:
Accredited providers and approved workplaces must apply the internal assessment criteria specified in the related curriculum document to establish and confirm prior learning. Accredited providers and workplaces must confirm prior learning by issuing a statement of result.

Entry Requirements:
Occupational Certificate: Cybersecurity Analyst, NQF Level 5 or equivalent.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification is made up of compulsory Knowledge, Practical Skill and Work Experience Modules:

Knowledge Modules

133101-002-00-KM01: Theories and Application Principles of Analysing Cybersecurity Information, Level 6, 20 Credits.

133101-002-00-KM02: Concepts and Principles of Cybersecurity Investigations, Level 6, 20 Credits.

Total number of credits for Knowledge Modules: 40

Practical Skill Modules

133101-002-00-PM-01: Execute Data Collection Operations, Level 6, 8 Credits.
133101-002-00-PM-02: Conduct Threat Analysis, Level 6, 12 Credits.
133101-002-00-PM-03: Conduct Cyber Investigations, Level 6, 12 Credits.

Total number of credits for Practical Skill Modules: 32

Work Experience Modules

33101-002-00-WM-01: Cyber Security Data Collection Management Processes, NQF Level 6, 12 Credits.

133101-002-00-WM-02: Threat Warning and Analysis Processes, Level 6, 18 Credits.

133101-002-00-WM-03: Cyber Crime Investigation Processes, Level 6, 18 Credits.

Total number of credits for Work Experience Modules: 48

EXIT LEVEL OUTCOMES

1. Apply methods, procedures or techniques to investigate and define specialised denial and deception operations.
2. Apply processes, modalities and ethics associated with the review, analysis and evaluation of incoming cybersecurity information.
3. Investigate cybersecurity events or crimes related to information technology systems, networks, and collected digital evidence.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcome 1:
ELO 1: Apply methods, procedures or techniques to investigate and define specialised denial and deception operations.

Select, collect, evaluate and analyse cybersecurity information that may be used to develop intelligence.

Conduct information collection strategies within established priorities according to leading practices and aligned to a range of recognised collection management processes.

Perform in-depth joint targeting and cybersecurity planning process according to prevailing leading practices to gather information and develop detailed operational plans and supporting requirements.

Execute strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations within a range of organisational contexts.

Gather and analyse evidence on criminal or foreign intelligence entities to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or support other intelligence activities.

Associated Assessment Criteria for Exit Level Outcome 2:
ELO 2: Apply processes, modalities and ethics associated with the review, analysis and evaluation of incoming cybersecurity information.

Identify and assess capabilities and activities of cybersecurity criminals or foreign intelligence entities according to leading investigative practices and procedures.

Conduct and carry out integrated processes to produce findings that will help initiate or support law enforcement and counter-intelligence investigations or activities.

Gather, evaluate and analyse information to identify vulnerabilities and potential for exploitation.

Analyse and synthesise threat information from multiple sources, disciplines and agencies across the intelligence community within the context of global practices.

Analyse current cybersecurity state of one or more regions, countries, non-state entities, and/or technologies through the application of a range of information evaluation processes.

Resolve problems relating to the use of incoming cybersecurity information for intelligence purposes.

Apply and review ethical and legal principles in the cybersecurity operations.

Associated Assessment Criteria for Exit Level Outcome 3:
ELO 3: Investigate cybersecurity events or crimes related to information technology systems, networks, and collected digital evidence.

Apply tactics, techniques, and procedures for a full range of investigative tools and processes (to include, but not limited to, interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering).

Collect, process, preserve, analyse, and present computer-related evidence in support of network vulnerability mitigation and/or criminal, fraud, counter-intelligence, or law enforcement investigations within ethical and legal principles.

Integrated Assessment:
Integrated Formative Assessment
The Skills Development Providers will use the curriculum to guide them on the stipulated internal assessment criteria and weighting. They will also apply the scope of practical skills and applied knowledge as stipulated by the internal assessment criteria. This formative assessment leads to entrance into the integrated External Summative Assessment.

Integrated Summative Assessment
An external integrated summative assessment, conducted through the relevant QCTO Assessment Quality Partner is required to issue this qualification. The External Integrated Summative Assessment will focus on the Exit Level Outcomes and Associated Assessment Criteria. The external integrated summative assessment will be coducted through a theoretical assessment, responding to scenarios and the evaluation of practical tasks on selected modules using relevant checklists at an approved assessment site in a simulated environment (where relevant) and conducted by assessors registered with the relevant AQP.

Additional to the written assessment the learner must also submit a portfolio of evidence compiled of outcomes achieved in the workplace.

INTERNATIONAL COMPARABILITY

This qualification was compared to the following international qualifications:

National Progression Award (NPA): Cybersecurity, SCQF Level 8, United Kingdom.

Graduate Certificate in Information Security, University of Michigan, United States of America (USA).

United Kingdom
The National Progression Award (NPA): Cybersecurity is part of a suite of qualifications developed as part of the Scottish Government Cyber Resilience Action Plan. The qualification builds on NPA's previously introduced at lower levels. The qualification is intended for full-time learners in colleges who wish to pursue a career in this field. The award is normally delivered over two academic sessions. However, it is possible to achieve the qualification by other means (such as part-time learning).

A range of employment opportunities exist including the following job roles:
IT support/security analyst, Systems administrator, Network engineer, Penetration tester, and Cyber analyst/operations analyst. However, the Cybersecurity Generic Reference Curriculum was used during its development and many of the defined competencies are included in the component units.

The qualification comprises of mandatory and optional learning units covering the following topics:

Computer Architecture.

Computer Networking Concepts, practices and introduction to Security.

Data Security.

Ethical Hacking.

Professionalism and Ethics in Cyber Security.

Computer Programming.

Digital Forensics.

Server Administration for Cyber Security.

Wireless Devices.

Computer Operating Systems.

Artificial Intelligence.

Big Data.

Client Operating Systems.

Cloud Computing.

Cyber Resilience.

Intrusion Preventing Systems.

Multi User Operating Systems.

Machine Learning.

Cisco Networking Academy, the Linux Professional Institute and the Microsoft Professional offer the programme as an internal capacity building training.

Similarities
The purpose and content of the two qualifications are similar.

Differences
The UK qualification provides for electives whereas the South African Advanced Occupational Certificate uses the work experience component to cover unique application areas. The South African qualification is shorter and on lower NQF Level.

United States of America
University of Michigan offers Graduate Certificate in Information Security over a one (1) year period.
The Graduate Certificate comprises of four main subject areas:

Advanced Computer Networking: Layered network architecture, transmission techniques on wired and wireless mediums, transmission impairments, bandwidth limitations, signalling techniques, error correction and detection, transmission protocols, contention-based medium access protocols, queuing theory, routing algorithms, internetworking, connection management, performance issues, application-level protocol standards, communication of multimedia over computer networks.

Ethics and Security Management:
Malware, cybercrime, software safety, intellectual property, software piracy, social issues of computing, globalization, privacy. Security policy, management and administration as they pertain to ethical issues of computing.

Cyber Security: Study of the tools and resources needed to develop a thorough understanding of cyber security. Use of different cyber security concepts to form a secure organization. Architecture, protocols, framework, services, algorithms, hardware and software used in this area. Various tools and software used to study current security technology.

Mathematical Cryptography: Mathematics fundamental for designing encryption and decryption systems, including basic number theory. Classical cryptosystems, public-key cryptosystems, RSA, ElGamal, digital signatures, DES and AES, elliptic curve cryptography.

Similarities
The purpose, duration and content of the two qualifications are similar.

Differences
The UK qualification does not have the work experience component as opposed to the South African qualification.

Conclusion
In both instances the qualifications cover the key aspects of information security similar to the theory and practical skills built onto the South African qualification. The Advanced Occupational Certificate: Cybersecurity Practitioner compares favourably with the two qualifications in terms of level, duration and content. In all instances, the skills and knowledge requirements are based in the globally recognised Cybersecurity skills framework.

ARTICULATION OPTIONS

This qualification provides opportunities for the following articulation options.

Horizontal Articulation:

Occupational Certificate: Software Engineer, NQF Level 6.

Advanced Certificate in Information Technology in Support Services, NQF Level 6.

Advanced Certificate in Information Security, NQF Level 6.

Vertical Articulation:

There are no vertical articulation possibilities within the OQSF.

Diagonal Articulation:

Advanced Diploma in Administrative Information Management, NQF Level 7.

NOTES

Qualifying for External Assessment:
To qualify for an external assessment, learners must provide proof of completion of all required knowledge and practical modules by means of statements of results and a record of completed work experience.

Additional Legal or Physical Entry Requirements:
None

Criteria for the accreditation of providers:
Accreditation of providers will be done against the criteria as reflected in the relevant curriculum on the QCTO website. The curriculum title and code is: Cybersecurity Practitioner: 133101-002-00-00

Encompassed Trade:
This qualification encompasses the following trades as recorded on the NLRD:
None

Assessment Quality Partner (AQP)
BANKSETA.

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE