SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Advanced Diploma in Cybersecurity

SAQA QUAL ID	QUALIFICATION TITLE
124166	Advanced Diploma in Cybersecurity
ORIGINATOR
Belgium Campus 1 ITVERSITY NPC
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
-			HEQSF - Higher Education Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Advanced Diploma	Field 10 - Physical, Mathematical, Computer and Life Sciences		Information Technology and Computer Sciences
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	120	Not Applicable	NQF Level 07	Regular-Provider-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Registered		EXCO 0931/25	2025-04-17	2028-04-17
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2029-04-17		2032-04-17

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The purpose of the Advanced Diploma in Cybersecurity is to advance the knowledge and skills gained in the undergraduate qualifications. It provides two elective streams, namely Secure Networks and Secure Software, to further differentiate and provide options to meet specific market needs. The qualification will prepare learners for a workplace that requires specialised knowledge and skill sets in Cybersecurity. The qualification will develop research capacity in the methodology and techniques of Information Technology (IT), thereby laying a foundation for consulting research at Masters and Doctoral Levels. A graduate of this qualification will be able to engage in self-directed learning and demonstrate intellectual independence and analytical rigour.

Cyber threats are a serious problem that is only getting worse as more companies are experiencing profit loss due to cybercrime. South Africa is heavily targeted by cybercriminals, losing R2.2 billion a year due to cybercrime. The country has faced an increase in cybercrime incidents, leading to the commencement of the Cybercrimes Act 19 of 2020. This legislation criminalizes various cybercrimes, including unlawful access, interception, and interference with data or computer systems, cyber fraud, forgery, uttering, and extortion, as well as malicious communications.

In 2016, it was estimated that the cost of cyber-attacks on the United States alone was between $57 billion and $109 billion. These threats are serious problems for companies of all sizes, and they can cause a serious amount of damage in a short amount of time. Therefore, cybersecurity qualifications are one of the best investments that any company can and should make. The increase in mobile usage will increase exposure to attacks. Having a trustworthy cybersecurity system and a team is a strong selling point and a differentiating factor when it comes to customer/client acquisition and retention.

Regardless of the industry, company size, product or service, cybersecurity is a crucial element in today's business world. The cost of data breaches is higher than people expect. If a company does not have an operating cybersecurity department, it must invest in cyber insurance to create a safety net if breaches occur. At the beginning of 2017, Forbes reported that Target had cyber insurance costs of US$100 million and cyber-theft losses of US$450 million by April of that year - total losses for 2017 reached US$1 billion due to an unexpected cyber-attack. Establishing a cybersecurity team and implementing an internal system is a wise investment that can save a company millions of dollars and protect its brand from the public embarrassment that will hinder its image and reputation permanently.

The qualification will equip learners with the knowledge and skills to respond to cyberattacks. It is becoming a company staple for all business owners who plan to stay afloat in today's economy. Building an internal cybersecurity team with this qualification will give companies the leverage among competitors and their staff the opportunity to learn best practices to protect their own information as well as that of their clients. Through this qualification, learners will develop the ability to implement and manage cyber defences. They will consider technical approaches as well as commercial and human factors, which affect how organisations respond to cyberattacks. Developing these technical skills and knowledge will prepare learners to successfully start their cybersecurity career in networks and software of risk management.

On completion of the qualification, qualifying learners will be able to:

Apply and evaluate the key terms, concepts, facts, principles, rules and theories across organisational processes and applications; and detailed knowledge of how that knowledge relates to other fields, disciplines or practices within the security domain.

Evaluate types of knowledge and explanations appropriate to counter measures for threats within the security domain.

Identify, analyse, evaluate, critically reflect on and address complex problems, applying evidence-based solutions and theory-driven arguments on implementing security measures considering features such as networks and operating systems.

. Produce and communicate information, in respect of which a learner can demonstrate the ability to develop and communicate ideas and opinions in well-formed arguments within the Cyber Security Domain, using appropriate academic, professional, or occupational discourse to all stakeholders.

Take decisions, act ethically and professionally, and justify those decisions and actions drawing on appropriate ethical values and approaches within a supported Cyber Security environment.

Take full responsibility for own work, decision-making and use of resources, and limited accountability for the decisions and actions of others in varied or ill-defined contexts ensuring compliance with Cyber Security practices.

Rationale:
Businesses are increasingly becoming more reliant on technology to operate. Accordingly, there is a huge demand for cybersecurity professionals with knowledge of cyber threats and solutions. This qualification is designed for individuals who do not have a cybersecurity background but want to pursue a career in this exciting field. It is estimated that there will be a global shortage of cybersecurity specialists of 3.5 million professionals by 2025.

The 2020 Cyberwarfare in the C-Suite Special Report reported that cybercrime will cost the world $10.5 trillion annually by 2025. If it were measured as a country, then cybercrime, which is predicted to inflict damages totalling $6 trillion USD globally in 2021, would be the world's third-largest economy after the U.S. and China. Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

This represents the greatest transfer of economic wealth in history. The incentives for innovation and investment are exponentially larger than the damage inflicted by natural disasters in a year and will be more profitable than the global trade of all major illegal drugs combined. The damage cost estimation is based on historical cybercrime figures, including recent year-over-year growth, a dramatic increase in hostile nation-state sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2025 than it is today. Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Cybersecurity can be defined as the defending of computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, which range from business organisations to personal devices. The attacks are divided into different categories, such as network security, application security, information security, operational security, and disaster recovery, along with business continuity. Network security and application security focus on securing computer networks, along with software and devices free from threats and vulnerabilities, respectively.

Disaster recovery is associated with the reaction of an organisation in case a loss of data takes place and tries to restore its operational capabilities to continue the functioning of the organisation. Information security, on the other hand, in a simplified manner, can be described as the prevention of unauthorised access or alteration during the time of storing data or transferring it from one machine to another. The information can be biometrics, social media profiles, data on mobile phones, etc., and the research for information security covers various sectors, such as cryptocurrency and online forensics.

Cybersecurity aims to protect against attacks in cyberspace, such as data, storage sources, devices, etc. In contrast, information security is intended to protect data from any form of threat regardless of being analogue or digital. Cybersecurity usually deals with cybercrimes, cyber frauds and law enforcement. On the contrary, information security deals with unauthorised access, disclosure modification and disruption. While cybersecurity is interdisciplinary, including law, policy, human factors, ethics, and risk management, it is fundamentally a computing-based discipline. As a result, the development of this qualification is informed by the interdisciplinary content driven by the industry needs. The qualification has a strong focus on Innovation, Entrepreneurship, and Information and Communication Technology Leadership, which prepares learners for a career in business development within existing companies or an entrepreneurial career by establishing a successful business. Because the sector has a noticeably short knowledge cycle, it is also driving the trend towards lifelong learning. Young people leaving school or college have the latest knowledge, which is in high demand in this sector. The qualification will also focus on enabling learners to continuously change, learn and update their skills within their respective companies.

The sector's requirements and national priorities have been considered, including the International Sustainable Development Goals (SDGs). With a skills shortage of between 20,000 and 70,000 high-end ICT professionals in South Africa alone, business and education must work together to close the gap, therefore, the risk has increased significantly, and this qualification has become so important.

The global ICT talent deficit study, which examined talent supply and demand in 20 economies across the world, found that there are not enough humans to fill the vacant jobs. The study estimated that by 2030, there will be a global human talent shortage of more than 85 million people, left unchecked, and that talent shortage could result in about $8.5 trillion in unrealized annual revenues in 2030. For example, the current official unemployment rate in South Africa is 31.9%. Having the talent available would make the difference between having a recession or a growing economy. (360bn$). The risk is also that developed countries will recruit skills from South Africa to make up for their shortfalls. Hence, this qualification is paramount to the success of the South African economy.

The 2020 to 2025 Media, Information and Communication Technologies Sector, Education and Training Authority (MICT) Sector Skills Plan (SSP) indicated that in 2019, the ICT sector was made up of 30,727 employers. The Information Technology (IT) sub-sector accounts for 48% of this makeup. This is considered a growing market, as reported by the SSP a 16% increase in employers. The same study reported that the number of employees in the sector is made-up of 2,285,983. It is indicated that the IT sub-sector is the largest contributor to this sector, making up (1,956,584) 86% of employees in 2019. Race and gender profiles of employees in the sub-sector indicate that transformation is accelerating, with 43,5% of the sector being represented by African employees and 33.3% indicated as White. Coloured employees account for 12,4% and Indian/Asian employees for 10.8% of the sector.

The gender profile within the IT sub-sector still indicates a male-dominated sector (59%), which has remained constant in recent years. Younger employees dominate the sector, and it is estimated that 47% of employees are younger than 35. This is closely followed by ages 35 to 55 (46%) and those older than 55, contributing 7% to the cohort. The institution will consider this data to ensure that learner support initiatives accommodate graduates as well as possible older applicants in senior ICT positions wanting to access the qualification for career development or professionalisation purposes.

Engagement with industry stakeholders, learners, and alumni considered numerous factors affecting skills demand and supply. This included the impact of factors such as Cloud Computing, the Internet of Things (IoT), Big Data Analytics, Information Security, Artificial Intelligence and Robotics and the impact of the 4th Industrial Revolution and their relevant skills impacts. The institution will continue to develop and align its offerings to the South African Policy Framework and development trajectory as underpinned in the National Development Plan (NDP), which challenges the country to achieve sustained levels of economic growth through to 2030.

The institution evaluated the various occupational shortages and considered Hard to Fill Vacancies, Skills Gaps Report and the Change Drivers in the sector. Software Developer (OFO Code: 2017-251201) was identified as the top hard-to-fill vacancy by relative demand and a key contributor to the Sectoral Priority Occupations List with 2 434 needed in the MICT sector alone. Employers indicated that lack of skills was the major contributor to an increase in demand. Through the evaluation of HEMIS data, the qualification identified an increase in enrolments in Science, Engineering and Technology, and the data indicated a 5% increase between 2013 and 2017. However, the Department of Higher Education and Training (DHET) set a target of 1,087,281 enrolments by 2019. Policy statements indicate that learner enrolment at higher education Institutions must increase by at least 70% by 2030 for enrolment to increase to 1,62 million.

The institution focused on these national targets, policy frameworks, and industry requirements and its associated stakeholders to ensure the qualification matches the skills required by the industry. The qualification considered the graduate's required knowledge profile, the theoretical and practical skills required, and the development of problem-solving skills by exposing learners to a wide range of teaching and learning interventions. This qualification typically follows a bachelor's degree in IT and allows articulation into a postgraduate diploma and/or honour's degree in Cybersecurity. Graduates with this qualification can pursue occupations as cybersecurity analysts, security software developers, computer forensics analysts, IT security specialists, network security analysts, and IT security managers.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

Recognition of Prior Learning (RPL):
The institution adheres to the Criteria and Guidelines to implement the Recognition of Prior Learning and has thus incorporated the necessary elements into its institutional quality management system and policy suite. Learners` prior learning is recognised through a formal process of submission of a portfolio of evidence and evaluation by our staff in pursuit of identifying any formal or informal learning that the learner might have achieved previously. RPL is accessible to learners who seek enrolment in a programme or course to attain a qualification. The process evaluates the appropriate learning during the applicant's adult life through formal studies at other institutions, work experience, training courses, independent study or any other means that may be evaluated during the process.

RPL for access:

To provide an alternative access route into a programme of learning for those who do not meet the formal entry requirements for admission.

RPL for access applies to learning programmes offered by an accredited institution of further learning, including a post-school institution and an adult learning centre or workplace-based training provider:

RPL for exemption:

The purpose of this recognition is to grant an exemption for subjects of the qualification or modules where it is demonstrated that the learner already possesses the requisite skills and knowledge to fulfil the module-level outcomes of the programme module.

In both cases, RPL processes may take place at a diagnostic, formative or summative point or in-curriculum to create opportunities for advanced standing or recognition in the workplace. Prior learning is made explicit through assessment and/or other methods that engage the intrinsic development of knowledge, skills and competencies acquired. Candidate guidance and support, the preparation of evidence and the development of an appropriate combination of further teaching and learning, mentoring and assessment approaches are core to RPL practice.

Entry Requirements:
The minimum entry requirement for this qualification is:

Diploma in Computer Networking, NQF Level 6.
Or

Diploma in Information Technology, NQF Level 6.
Or

Diploma in Information and Communications Technology in Communication Networks, NQF Level 6.
Or

Diploma in Information Technology in Network Management, NQF Level 6.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification consists of the following compulsory and elective modules at National Qualifications Framework Level 7, totalling 120 credits.

Compulsory Modules, Level 7, 75 Credits:

Principles of Research, 15 Credits.

Introduction to Cybersecurity, 10 Credits.

IT Ethics in Cybersecurity, 20 Credits.

Secure Network Research Project, 30 Credits.

Elective Modules, Level 7, 45 Credits (Select one stream)
Secure Electronic Communication Networks Stream:

Network Development and Management, 15 Credits.

Secure Networking, 15 Credits.

Cloud Security, 15 Credits.
OR
Secure Software Development Stream:

Architectural Principles of Secure Software, 15 Credits.

Secure Software Strategy/Practices, 15 Credits.

Data Security, 15 Credits.

EXIT LEVEL OUTCOMES

1. Demonstrate the understanding the central areas of cybersecurity solutions, disciplines and practices, including an understanding of and the ability to apply and evaluate the key terms, concepts, facts, principles, rules and theories across organisational processes and applications; and detailed knowledge of how that knowledge relates to other fields, disciplines or practices within the Cybersecurity domain.
2. Demonstrate the understanding of knowledge as contested and the ability to evaluate types of knowledge and explanations appropriate to counter-measures for threats within the cybersecurity domain.
3. Identify, analyse, evaluate, critically reflect on and address complex problems by applying evidence-based solutions and theory-driven arguments in implementing security measures considering features such as networks and operating systems.
4. Demonstrate the ability to develop and communicate ideas and opinions in well-formed arguments within the Cybersecurity Domain using appropriate academic, professional, or occupational discourse to all stakeholders.
5. Demonstrate the ability to make decisions, act ethically and professionally and justify those decisions and actions by drawing on appropriate ethical values and approaches within a supported Cybersecurity environment.
6. Demonstrate the ability to take full responsibility for own decision-making and use of resources and limited accountability for the decisions and actions of others in varied or ill-defined contexts, ensuring compliance with Cybersecurity practices.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcome 1:

Effectively integrate and apply security knowledge in conjunction with other fields such as information technology, risk management, and compliance, demonstrating a holistic approach to organisational security.

Identify potential security threats, evaluate the impact on organizational processes and develop appropriate mitigation strategies aligned with established security theories and practices.

Accurately explain key security concepts, principles, and terminology across varied organisational contexts and apply to different disciplinary environments.

Associated Assessment Criteria for Exit Level Outcome 2:

Analyse various security threats and the underlying causes using a range of explanatory frameworks.

Develop and justify effective countermeasures for identified security threats.

Critically evaluate differing viewpoints and types of knowledge within the cybersecurity field and examine how contested knowledge informs the design and implementation of threat countermeasures.

Associated Assessment Criteria for Exit Level Outcome 3:

Identify and thoroughly analyse complex security issues related to network infrastructure, including vulnerabilities in network design, configuration, and protocols.

Critically reflect on the effectiveness of implemented network security measures, adapt strategies as necessary, and provide well-supported, theory-driven arguments.

Develop and apply evidence-based solutions to address security challenges within operating system environments, demonstrating integration of theoretical knowledge and practical considerations.

Associated Assessment Criteria for Exit Level Outcome 4:

Clearly and effectively communicate complex cybersecurity concepts, strategies, and findings to diverse stakeholders, including technical and non-technical audiences, through presentations, reports, and meetings.

Develop well-formed arguments and coherently present using appropriate academic, professional, or occupational discourse within the cybersecurity domain through the written reports, oral presentations, and data visualizations.

Adapt cybersecurity communication to specific organisational contexts, demonstrating professionalism, ethical awareness, and convey sensitive or complex information responsibly.

Associated Assessment Criteria for Exit Level Outcome 5:

Ethically handle security incidents, including proper documentation and reporting of breaches or vulnerabilities through incident response simulations, analysis of incident reports, and creation of response plans that emphasize ethical considerations.

Ethically use penetration testing and other ethical hacking tools to ensure they understand the boundaries and legal implications of such activities.

Conduct controlled ethical hacking exercises and provide written justifications for using specific tools and debriefings on the ethical implications of the actions during these exercises.

Justify security-related decisions and actions using established ethical frameworks, demonstrating accountability, respect for stakeholder rights, and professionalism within a supervised cybersecurity environment.

Associated Assessment Criteria for Exit Level Outcome 6:

Design and configure a security system, e.g., network, application and cloud environment based on cybersecurity best practices.

Implement security controls, configure access permissions, and address potential attack vectors.

Respond to simulated cybersecurity incidents by identifying the incident, assessing the impact, conducting forensic analysis and implementing corrective measures.

Oversee collaborative cybersecurity tasks by providing input on peers' actions, ensuring alignment with compliance standards and accountability for shared outcomes in dynamic or uncertain environments.

INTEGRATED ASSESSMENT
The assessment of learning refers to the practice of designing formal tasks for learners to complete and making inferences from and estimating the worth of the performances on these tasks. Assessment is a form of research that aims to establish what learners know, understand, and can do.

The outcomes-based assessment is a process during which evidence of performance is gathered and evaluated against the assessment criteria. As with the principle of triangulating research methods, so with assessment: one has a better likelihood of ascertaining what learners can do if a range of different assessment (research) methods is employed and if the 'research instruments' are fit for their purpose.

The assessment of any module must include, at a minimum assessment of the learning activities specified in the credit calculation of the module. The learning activities are categorised to include homework assignments, projects, tests, examinations, and workplace experience. The number of assessment items may exceed the minimum specified.

Assessment items are designed to assess the exit level outcomes of the module. The total combination of assessment components must assess all the exit level outcomes of the module at its specified NQF level.

The relative weight of tests to submitted assignments or projects is determined by the profile of the module. For modules with strong theoretical content, the total weight of assessment via tests must be between 75% and 80% of the assessment items, with the remainder consisting of written assignments. For modules with strong practical content, the total weight of assessment items via formative tests must be between 60% and 75% of the assessment items, with the remainder consisting of practical assignments and projects. Each assessment item is weighted, and the weighted average of all the assessment items yields the class mark for the module.

Academic modules are assessed as formative and summative assessments through tests, assignments, projects, or other items as appropriate. The final evaluation is through either a final summative project or formal examination, which consists of one or two papers as determined by the module profile. In the case of two examination papers, the result for the examination will be a weighted average of the results for the individual papers.

The academic subjects consist of lectures, prescribed readings, case studies, tutorials, and individual or small-group practical exercises. Learners are formatively assessed on class tests and the artefacts produced for assignments and projects. A final summative test is written for each subject. The final continuous assessment result is a weighted average of all these assessments, as specified in the study guide for each subject.

This module is continuously assessed against the milestones set for the process, such as literature reviews or experimental design, assessed against the chapters of the thesis produced to document the results of these activities. The final assessment by an examination panel assesses the final thesis artefact and the researcher's presentation. This qualification contains no experiential learning components.

INTERNATIONAL COMPARABILITY

Country: Australia
Institution: Victoria University
Qualification Title: Advanced Diploma of Cyber Security
NQF Level: Australian Qualifications Framework (AQF) Level 6
Duration: One year full-time
Entry Requirements:

Completion of the superseded or current Certificate IV in Cyber Security or equivalent
Or

Minimum of two (2) years of cyber security work experience.

Purpose:
The Advanced Diploma of Cyber Security provides graduates with the knowledge and skills to enable them to manage and maintain cyber security in an organisation. Graduates of the qualification will be able to seek employment as cyber security paraprofessionals in a range of commercial enterprises/organisations and government bodies seeking to improve and maintain their cyber security or to work independently as a freelance cyber security analyst.

Outcomes:
On completion of the qualification, graduates will be able to:

Develop cognitive and communication skills to identify, analyse and act on cyber security risks, threats, and incidents in an organisation

Develop cognitive and communication skills to transfer knowledge and skills to others concerning cyber security risks in workplace practices and to demonstrate specialised knowledge in mitigation strategies

Develop cognitive and communication skills to formulate responses to complex cyber security problems such as protecting critical infrastructure

Demonstrate wide-ranging specialised technical, creative, or conceptual skills to express ideas and perspectives on compliance issues and design methodologies to improve an organisation's cyber security

Demonstrate the application of knowledge and skills with depth in areas of organisational data security in a context subject to ongoing change.

Demonstrate the application of knowledge and skills with initiative and judgement plan, design and manage cyber security projects with some direction

To adapt a range of fundamental principles and complex techniques to known and unknown cyber security situations

Across a broad range of technical cyber security functions with accountability for personal and/or team outputs within an organisational context.

Qualification structure:
Compulsory Modules:

Lead and manage team effectiveness

Configure an enterprise virtual computing environment

Communicate cybersecurity incidents within the organisation

Interpret and utilise key security frameworks, policies and procedures for an organisation

Assess and secure cloud services

Develop software skills for the cyber security practitioner

Implement best practices for identity management

Plan and implement a cyber security project

Evaluate an organisation's compliance with relevant cyber security standards and law

Elective Modules:
General Stream

Implement secure encryption technologies

Install and maintain valid authentication processes

Configure an internet gateway
Stream A: Intrusion Analysis

Respond to cyber security incidents

Develop, implement, and evaluate an incident response plan

Stream B: Penetration Testing

Undertake penetration testing of the security infrastructure for an organisation

Undertake advanced penetration testing for web site vulnerabilities

Evaluate threats and vulnerabilities of Internet of Things (IoT) devices

Stream C: Security Engineering

Protect critical infrastructure for an organisation

Configure security devices for an organisation

Design and implement a security perimeter for ICT networks

Assessment methods include:

oral and/or written questioning

inspection of final process outcomes

portfolio of documentary on-site work evidence

practical demonstration of required physical tasks

investigative research and case study analysis.

Similarities:

The Victoria University (VU) and South African (SA) qualifications are offered over 1 year

The VU and SA qualifications offer a block approach to modules, and modules run sequentially.

Both qualifications provide multiple streams for learners to specialise in.

Both qualifications consist of compulsory and elective modules.

The VU and SA qualifications share similar exit level outcomes, including technical and theoretical knowledge, identification and analysis of information to find the optimal solution, communication skills, and lastly, taking accountability for actions undertaken to solve a business problem.

Differences:

The VU qualification is registered at AQF Level 6, whereas the SA qualification is registered at SA NQF Level 7.

The SA qualification requires applicants who completed the undergraduate degree in Cybersecurity or a related field, while the VU qualification requires applicants who completed the superseded or current Certificate IV in Cyber Security or equivalent.

The VU qualification focuses more on network security through the streams, while the SA qualification focuses on either network security or software security.

Country: Canada
Institution: Fanshawe College
Qualification Title: Advanced Diploma in Cybersecurity.
Credits: Minimum of 31 credits
Duration: Three years full time
Entry Requirements:

Ontario Secondary School Diploma (OSSD) or equivalent

Purpose:
The qualification will provide learners with foundational information security (InfoSec) skills and knowledge necessary to be successful in the IT security industry. Qualifying learners will be able to provide organizations with data protection against cyber incidents and develop measures to keep critical infrastructures safe.

Learning Outcomes:

Configure, implement, and manage security devices and equipment considering the unique features of the computer operating systems, networks, applications, and software.

Implement and evaluate security solutions for business processes, applications, and communications to protect business resources and respond to the needs of all the internal stakeholders.

Use project management principles to implement security strategies and processes that address the organization's information security requirements.

Develop, implement, and evaluate organizational security policies, standards, and regulations to promote internal security.

Perform vulnerability assessments and penetration testing for infrastructures, web, and applications, using both manual and automated techniques.

Evaluate and apply tools and techniques to formulate countermeasures to secure information systems against security threats.

Perform security audits and forensic analysis to evaluate the effectiveness of a security system and identify and correct security vulnerabilities.

Monitor and analyze logs and alerts from security devices to determine the extent of a security breach and what data has been compromised.

Identify, collect, and log relevant data as evidence for a sample case within a business or in the Canadian Justice System

Qualification structure:
Group 1

Operating System Fundamentals for Security

Networking Fundamentals for Security

Programming Fundamentals for Security

Database Fundamentals for Security

Ethics

Cyber Security

Take all the following Mandatory Courses:

Communications for IT

Co-operative Education Employment Prep 1

Network Protocols

Scripting for Security

Web Security 1

Security Mechanisms

Auditing and Security Controls

Penetration Testing

Level 4
Compulsory Modules:

Technical Writing and Presentation

Criminology

Wireless and Mobile

Network Security Monitoring

Evolving Technologies and Threats

Computational Intelligence for Security

Web Security

Level 5
General Education - Take a 3-credit General Education elective course.
Compulsory Modules:

Perimeter Defence and Design

Attack Vectors and Analysis

Incident Response and Digital Forensics

Windows Security-Adv

Linux Security-Adv

Level 6
General Education - Take a 3-credit General Education elective course.
Compulsory Modules:

Research for Security

Secure Network Architecture

Integrated Project

Penetration Testing-Adv

Malware Analysis and Response

Through hands-on laboratory activities, case study analyses, and research projects, learners will enhance their information security understanding and develop their interpersonal, communication, organizational, and problem-solving skills. This qualification will also include three cooperative education work placements to further enhance all those skills.

Similarities:

The Fanshawe College (FC) and South African (SA) qualifications focus on network security and software security.

Both qualifications consist of compulsory and elective modules.

The FC and SA qualifications offer a practically orientated curriculum.

Both qualifications share similar learning outcomes.

Differences:

The FC qualification is offered over 3 years full time while the SA qualification is offered is over a 1-year full time.

The SA qualification has 120 credits, whereas the FC qualification has a minimum of 31 credits.

The SA qualification requires applicants who completed an undergraduate degree in Cybersecurity or a related field, while the FC qualification requires applicants who completed the Ontario Secondary School Diploma or equivalent.

The FC qualification offers learners a wide variety of general education electives that must be completed, while the SA qualification does not include general education electives.

The SA qualification modules are focused on the field in which the qualification falls, and FC offers many modules outside the field of the qualification.

ARTICULATION OPTIONS

Horizontal Articulation:

Advanced Diploma in Information and Communication Technology in Communication Networks, NQF Level 7.

Advanced Diploma in Information Technology, NQF Level 7.

Bachelor of Information Technology in Software Development, NQF Level 7.

Bachelor of Commerce in Information Technology, NQF Level 7.

Bachelor of Commerce in Information and Technology Management, NQF Level 7.

Bachelor of Science in Information Technology, NQF Level 7.

Bachelor of Science in Information Technology Management, NQF Level 7.

Vertical Articulation:

Bachelor of Information Science Honours, NQF Level 8.

Bachelor of Science Honours in Information Technology, NQF Level 8.

Bachelor of Social Science Honours in Information Technology, NQF Level 8.

Postgraduate Diploma in Cybersecurity Risk Management, NQF Level 8.

Postgraduate Diploma in Information Technology, NQF Level 8.

Diagonal Articulation

Advanced Occupational Certificate: Cybersecurity Practitioner, NQF Level 6.

Advanced Occupational Diploma: Chief Information Officer: Cybersecurity, NQF Level 7.

MODERATION OPTIONS

N/A

CRITERIA FOR THE REGISTRATION OF ASSESSORS

N/A

NOTES

N/A

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE