SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Postgraduate Diploma in Cybersecurity Risk Management

SAQA QUAL ID	QUALIFICATION TITLE
123435	Postgraduate Diploma in Cybersecurity Risk Management
ORIGINATOR
Belgium Campus 1 ITVERSITY NPC
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
CHE - Council on Higher Education			HEQSF - Higher Education Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Postgraduate Diploma	Field 10 - Physical, Mathematical, Computer and Life Sciences		Information Technology and Computer Sciences
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	120	Not Applicable	NQF Level 08	Regular-Provider-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Registered		EXCO 0729/25	2025-02-04	2028-02-04
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2029-02-04		2032-02-04

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The purpose of the Postgraduate Diploma in Cybersecurity Risk Management is to deepen risk management from current digital transformation technologies. The qualification will enable learners to successfully implement risk management plans for cloud computing, mobile technologies, and financial technologies. The qualification will deepen the risks associated with emerging technologies of recent implantation in organisations. The learner will acquire specialised knowledge of insecurity in managing information in cloud services and risks related to big data.

The qualification will prepare the learner to manage digital risks in the working environment. This qualification is designed for individuals who do not have an in-depth cybersecurity background but want to pursue a career in this exciting field. Through this Post-Graduate Diploma in Cybersecurity Risk Management, learners will develop the ability to identify, implement and manage cyber defences.

The qualification further aims to advance the knowledge and skills gained in the undergraduate qualifications. It provides two elective streams, Secure Networks and Secure Software, to further differentiate and provide options to meet specific market needs. In addition, it aims to prepare learners for a workplace that requires specialised knowledge and skills set in Cybersecurity.

It also aims to develop research capacity in the methodology and techniques of Information Technology (IT), thereby laying a foundation for consulting research at Masters' and Doctoral Levels. A graduate of this qualification will be able to engage in self-directed learning and demonstrate intellectual independence and analytical rigour. This qualification typically follows a bachelor's degree in IT and allows articulation into a Master's qualification in Cybersecurity.

Learners will consider technical approaches as well as commercial and human factors which affect how organisations respond to cyberattacks. Developing these technical skills and knowledge will prepare learners to successfully start their cybersecurity career in networks, and software of risk management.

Upon completion of the qualification, the learner will be able to:

Collect and manage information with an understanding of the concepts, models, and theories applicable, implementing security policies across organisational processes and applications.

Manage and explore complex information and operate at an appropriate cognitive level to extract and use complex information.

Analyse complex security frameworks accurately and demonstrate self-direction and originality in analysing and implementing the most appropriate standards and methods.

Implement and configure security strategies and laws at the level of a professional in the ICT cyber security field, considering public and private organisations.

Rationale:
Businesses are increasingly becoming more reliant on technology to operate. Accordingly, there is a huge demand for cybersecurity professionals with knowledge of cyber threats. This qualification provides a foundation for developing an effective IT risk management qualification, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The goal is to help organisations better understand and manage IT-related mission risks and how to deal with them.

In 2016, it was estimated that the attacks on the United States alone were between $57 billion and $109 billion. These threats are serious problems for companies of all sizes, and they can cause severe damage in a short amount of time. Therefore, cybersecurity qualifications are among the best investments any company can make.

The qualification will strongly focus on Cybersecurity, Risk Management and Mitigation, as well as the Legal Framework. Cybersecurity should be integrated into the overall risk management process of every organisation. By defining the risk strategy and acceptable risk levels, agency leaders and security teams can manage security risks adequately, including budgeting commensurate with the relevant risk.

The sector's requirements, and national priorities, have been considered, including the International Sustainable Development Goals (SDGs). With a skills shortage of between 20,000 and 70,000 high-end ICT professionals in South Africa alone, business and education must work together to close the gap; therefore, the risk has increased significantly, and this post-graduate Diploma degree has become so important.

The risk is that developed countries will also recruit skills from South Africa to make up for their shortfalls. Hence the requirement for a degree of this nature is paramount to the success of the South African economy. The Sector Skills Plan for the Media, Information and Communication Technologies Sector, Education and Training Authority for the period 2020 to 2025 indicated that in 2019, the sector was made up of 30,727 employers.

The Information Technology sub-sector accounts for 48% of this makeup. As reported by the SSP, this is considered a growing market, with a 16% increase in employers. The same study reported that the number of employees in the sector is 2,285,983. It is indicated that the Information Technology sub-sector is the most significant contributor to this sector, making up (1,956,584) 86% of employees in 2019.

Race and gender profiles of employees in the sub-sector indicate that transformation is accelerating, with 43,5% of the sector representative of African employees and 33.3% as White. Coloured employees account for 12,4% and Indian/Asian employees for 10.8% of the sector.

Younger employees dominate the sector, and it is estimated that 47% of employees are younger than 35. This is closely followed by ages 35 to 55 (46%) and those older than 55 contributing 7% to the cohort. The institution will consider this data in ensuring that learner support initiatives accommodate graduates and possibly older applicants in senior ICT positions wanting to access the qualification for career development or professionalisation.

Engagement with industry stakeholders, learners, and alumni considered numerous factors affecting skills demand and supply. This included the impact of factors such as Cloud Computing, the Internet of Things (IoT), Big Data Analytics, Information Security, IT Risk Management, Artificial Intelligence and Robotics and the impact of the 4th Industrial Revolution and their relevant skills impacts.

The institution will therefore continue to develop and align its offerings to the South African Policy Framework and development trajectory as underpinned in the National Development Plan (NDP), which challenges the country to achieve sustained levels of economic growth through 2030.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

Recognition of Prior Learning (RPL):

The institution adheres to the Criteria and Guidelines to implement the Recognition of Prior Learning- and has thus incorporated the necessary elements into its institutional quality management system and policy suite. Learners` prior learning is recognised through a formal process of submission of a portfolio of evidence and evaluation by our staff in pursuit of identifying any formal or informal learning that the learner might have achieved previously. This is formally articulated in the institutional Recognition of Prior Learning policy submitted as evidence related to this application.

RPL is granted based on an appropriate assessment, in keeping with the above national policies, considering the necessary preparation and guidance to undertake such evaluations. This is because 'assessment, [as] an integral feature of all forms of RPL, does not exist in isolation from a range of other strategies that allow for different sources of knowledge and forms of learning to be compared and judged' (South African Qualifications Authority, 2013). The Academic Board of the institution gives final approval.

Entry Requirements:
The minimum entry requirement for this qualification is:

Advanced Diploma in Information Technology, NQF Level 7.
Or

Bachelor of Commerce in Information Technology Management, NQF Level 7.
Or

Bachelor of Business Informatics, NQF Level 7.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification consists of the following compulsory modules at National Qualifications Framework Level 8 totalling 120 Credits.

Compulsory Modules, Level 8, totalling 120 Credits

Principles of Research, 15 Credits.

Ethics in Cybersecurity Risk Management, 15 Credits.

Introduction to Cybersecurity, 15 Credits.

Cybersecurity Laws and Regulatory Compliance, 15 Credits.

Information Assurance and Risk Management, 15 Credits.

Cybersecurity Governance Frameworks, 15 Credits.

Cybersecurity Risk Management Research Project, 30 Credits.

EXIT LEVEL OUTCOMES

1. Demonstrate the ability to collect and manage information with an understanding of the concepts, models, and theories applicable, implementing security policies across organisational processes and applications.
2. Manage and explore complex information and operate at an appropriate cognitive level to extract and use complex information.
3. Analyse complex security frameworks accurately and demonstrate self-direction and originality in analysing and implementing the most appropriate standards and methods.
4. Implement and configure security strategies and laws at the level of a professional in the ICT cyber security field, considering public and private organisations.
5. Effectively manage a security team or organisational unit, performing the necessary functions regarding planning, resourcing, directing and control of strategy, policies, and procedures.
6. Communicate with all stakeholders, partners, colleagues, and superiors, formally and informally, using oral and written modalities and selecting appropriate communication media.
7. Adapt own attitude to make autonomous ethical decisions that affect knowledge production and complex organisational or professional issues.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcomes 1:

Establish cybersecurity frameworks by successfully applying them to develop and implement organizational security policies that enhance compliance and risk management standards.

Effectively collect and organize data from diverse internal and external sources to identify potential security vulnerabilities and threats, ensuring the data is relevant and actionable for risk assessment.

Utilise appropriate tools (e.g., SIEM systems, intrusion detection tools) to efficiently collect, analyse, and manage security-related information from various organizational applications, ensuring that the information supports proactive security measures.

Associated Assessment Criteria for Exit Level Outcomes 2:

Extract relevant security data from large, dispersed sources (e.g., cloud-based systems, multi-national networks, third-party vendors) using tools like data analytics platforms, SIEMs, and threat intelligence feeds.

Analyse vast and complex datasets to identify patterns, trends, or anomalies related to security risks, justifying the need for adjustments in risk management policies.

Correlate data from multiple sources (e.g., logs, network traffic, user behaviour analytics) to justify and adapt risk management strategies.

Associated Assessment Criteria for Exit Level Outcomes 3:

Critically analyse complex security frameworks (e.g., NIST, ISO/IEC 27001, COBIT) to identify strengths, weaknesses, and areas for improvement within an organizational context.

Develop, implement and customise cybersecurity solutions that align with the unique requirements of an organization, considering its size, industry, and risk profile.

Evaluate the effectiveness of the chosen methods by conducting post-implementation reviews, audits, or security tests (e.g., penetration testing, red team exercises), and adjusting strategies as necessary.

Associated Assessment Criteria for Exit Level Outcomes 4:

Configure and deploy security strategies, such as firewall rules, encryption protocols, and access controls, in accordance with best practices for both public and private sector organizations.

Implement cybersecurity frameworks and compliance requirements (e.g., GDPR, HIPAA, SOC 2) across various organizational processes, ensuring adherence to relevant legal and regulatory standards.

Design and configure security architecture (e.g., VPNs, multi-factor authentication, zero trust networks) tailored to the specific operational needs of an organization.

Conduct audits and reviews of security implementations to ensure they remain aligned with evolving legal, regulatory, and business environments.

Associated Assessment Criteria for Exit Level Outcomes 5:

Effectively lead a cybersecurity team by setting clear goals, defining roles, and assigning responsibilities aligned with the organization's security objectives.

Manage cybersecurity incidents by coordinating team responses, directing resources effectively, and ensuring that incidents are resolved in a timely and controlled manner.

Conduct regular reviews of the team's performance and effectiveness in executing security strategies, providing feedback and coaching to improve skills and performance.

Monitor the progress of cybersecurity initiatives and adjust plans or resources as necessary to meet deadlines and maintain alignment with organizational priorities.

Associated Assessment Criteria for Exit Level Outcomes 6:

Clearly articulate cybersecurity concepts, strategies, and policies to various stakeholders (e.g., technical teams, management, clients) in both verbal and written formats.

Effectively prepare and deliver presentations, reports, and briefings on security issues, project statuses, and compliance matters, using appropriate visual aids and data representations.

Engage in active listening, encouraging feedback and discussions during meetings, ensuring that all perspectives are considered in decision-making processes.

Develop documentation (e.g., security policies, incident reports, training materials) that is clear, concise, and accessible to different audiences, ensuring proper understanding and compliance.

Associated Assessment Criteria for Exit Level Outcomes 7:

Apply a thorough understanding of ethical standards and legal requirements related to cybersecurity, data privacy, and professional conduct, applying them to decision-making processes.

Apply informed ethical decisions autonomously, considering the potential impact on the organization, stakeholders, and the broader community, especially in complex situations.

Evaluate the ethical implications of security policies, practices, and technologies, ensuring that organizational actions align with ethical standards and societal values.

Contribute to the development of ethical guidelines and practices within the organization, ensuring that all cybersecurity initiatives reflect high ethical standards.

INTEGRATED ASSESSMENT
This qualification consists of three types of modules. The academic subjects consist of:

lectures

prescribed readings

case studies

tutorials

individual or small group practical exercises.
Learners are formatively assessed on class tests and the artefacts produced for assignments and projects.

Summative Assessment:
A final summative test is written for each subject. The final continuous assessment result is a weighted average of all these assessments, as specified in the study guide for each subject.

This module is continuously assessed against the milestones set for the process, such as literature reviews or experimental design, assessed against the chapters of the thesis produced to document the results of these activities. The final assessment by an examination panel assesses the final thesis artefact and the researcher's presentation.

This qualification contains no experiential learning components.

INTERNATIONAL COMPARABILITY

Country: Ireland
Institution name: Atlantic Technological University
Qualification title: Higher Diploma in Science in Cybersecurity Risk and Compliance.
Duration: One year
NQF Level: Level 8

Purpose/Rationale
The higher diploma has been developed in partnership with Hewlett Packard Enterprises (HPE) Cyber Defense Center. The modules, content and delivery have been created in collaboration with HPE to ensure that the required skillset is available to all organisations to implement cybersecurity risk and compliance. This major award aims to educate IT practitioners on risks associated with protecting an organisation against cyber-attacks. On successful completion, learners may progress onto the level 9 Masters in Cybersecurity Operations in GMIT or similar course offerings.

Qualification structure:
The qualification consists of the following compulsory modules.

Compulsory Modules:

Research Method in IT, compared to Principles of Research

Data Protection - Law and Compliance

Cyber Security Architecture

Secure Information and Event Management

Cybersecurity Governance, Risk and Compliance, comparable to Cybersecurity Governance Frameworks

Cybersecurity Risk and Compliance Project

Exit level Outcomes

Apply modern research methods appropriate to applied computing research problems/questions.

Discuss current challenges and research foci in selected areas.

Independently acquire and assess relevant knowledge that is contextually appropriate and specific to an applied area of computing research.

Formally exhibit their research capabilities within an area of applied computing.

Explain the development of theories and concepts of a legal right to personal privacy.

Demonstrate a detailed knowledge and understanding of the EU General Data

Articulate individual rights of data subjects and the duties of data controllers and data processors.

Explain the theory, concepts and methods that apply to Cyber Security Architecture.

Explain concepts of SIEM as part of overall cyber security

Similarities:

The Atlantic Technological University (TU) and the South African (SA) qualification are both offered over one year.

The SA qualification will enable the learners to successfully implement risk management plans for cloud computing, mobile technologies, and financial technologies.

Similarly, The TU qualification aims to educate IT practitioners on risks associated with protecting an organisation against cyber-attacks.

For both qualifications learners will progress to a master's degree.

Both qualifications share similar modules such as Research Methods in IT, Principles of Research, Cybersecurity Governance, Risk and Compliance, and Cybersecurity Governance Frameworks.

Both qualifications share similar exit-level outcomes.

Country: Canada
Institution name: Canadian College of Technology and Business
Qualification title: Post-secondary Cybersecurity Riks Management diploma.
Duration: 184 weeks

Entry requirements:

High school diploma or equivalent from an approved government institution in the applicant's home country, or the applicant is a minimum of 19 years of age

Purpose/Rationale:
This Cybersecurity Risk Management with Co-op program will prepare learners to understand in-depth information, network, and computer vulnerability challenges, conduct ethical decisions that determine the system's vulnerability and plan organizational cybersecurity programs. learners will be able to monitor and analyse logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).

Qualification structure
The qualification consists of the following compulsory modules.

Compulsory Modules:

Computer Systems and Server Administration

Introduction to Data Communication and Networking

Website Development

Introduction to Programming

Cybersecurity Terminology and Language

Introduction to Internet Programming and Web Applications

Introduction to Database Management Systems

Linux Operating Systems and Networking

Software Analysis and Design

Security Operations Centre and Asset Management

Cybersecurity Tools, Attacks, and Methodologies

Cybersecurity Logging, Events, and Incidents

Incident Detection with SIEM Solutions

Advanced Incident Detection using Threat Intelligence

Cybersecurity Incident Response Techniques

SIEM Capstone Project

Exit level Outcomes:
Studying cybersecurity risk management will equip learners with the skills and knowledge to enter several different roles including Applications Analyst, Systems implementation Manager, Network Systems Engineer, Systems Security Analyst, Computer Analyst, Systems Security Planner, Internet Systems Administrator, and Network Support Technician.

Similarities:

The Canadian College of Technology and Business (CCTB) and the South African (SA)
Aim to develop learners' technical skills and knowledge that will prepare them to successfully start their cybersecurity career in networks, and software of risk management and Computer Analyst, Systems Security Planner, Internet Systems Administrator, and Network Support Technician.

The CCTB qualification will prepare learners to understand in-depth information, network, and computer vulnerability challenges, conduct ethical decisions that determine the system's vulnerability and plan organizational cybersecurity programs.

Similarly, the SA qualification will consider technical approaches as well as commercial and human factors which affect how organisations respond to cyberattacks.

Difference:

The CCTB qualification is an undergraduate and accepts learners who have completed high school learning, whereas the SA qualification is at a postgraduate level and accepts learners who have completed an undergraduate qualification in the relevant field.

ARTICULATION OPTIONS

This qualification provides opportunities for diagonal, horizontal and vertical articulation options.

Horizontal articulation:

Postgraduate Diploma in Information Technology Management, NQF Level 8.

Postgraduate Diploma in Information Technology, NQF Level 8.

Bachelor of Science in Informatics, NQF Level 8.

Bachelor of Commerce Honours in Mathematical Statistics, NQF Level 8.

Bachelor of Science Honours in Computer Science and Information Technology, NQF Level 8.

Bachelor of Science Honours in Information Technology, NQF Level 8.

Vertical articulation:

Master of Information Technology, NQF Level 9.

Master of Science in Information Technology Management, NQF Level 9.

Master of Science in Computer Science, NQF Level 9.

Master of Science in Computational Health Informatics, NQF Level 9.

Diagonal articulation:

Occupational Certificate: Cybersecurity Analyst, NQF Level 5.

Advanced Occupational Certificate: Cybersecurity Practitioner, NQF Level 6.

Advanced Occupational Diploma: Chief Information Officer: Cybersecurity, NQF Level 7.

MODERATION OPTIONS

N/A

CRITERIA FOR THE REGISTRATION OF ASSESSORS

N/A

NOTES

N/A

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE