Advanced Certificate in Information Security

Purpose

The purpose of the Advanced Certificate in Information Security is to provide a learner with the necessary expertise and knowledge to take on appropriate professional positions in the information technology industry and in particular, in the field of information security.

This qualification seeks to provide learners with the aptitude and courage to deal with the responsibilities connected to the information technology field and respond to challenges, both internal and external to the organisation, including the international environment.

It will also equip learners with the technical skills and reflective competences to deal with the broad-based information technology issues related to optimising the competitive positions of the organisation by acquiring competencies relating to computer and information security. In essence, the focus of this qualification is to improve the practice of information security.

Learners will be able to apply critical technical skills; interrogate specific case situations and recommend solutions to particular information security-related problems. This approach facilitates the application of theory to practice and practice to theory. Further, the qualification will prepare the learner as a competent Information Technology Security specialist capable of being pro-active and responding positively to dynamically evolving Information Technology environment, intersecting national and international business practice to ensure uniformity, growth and sustainability.

Rationale

The introduction of Information and Communication Technology (ICT) into many aspects of everyday life has led to the development of the modern concept of the information society. The availability of ICTs and new network-based services offer several advantages for society in general, especially for developing countries. ICT applications, such as e-government, e-commerce, e-education, e-health and e-environment, are seen as enablers for development, as they provide an efficient channel to deliver a wide range of essential services. ICT applications can facilitate the achievement of the Sustainable Development Goals, reducing poverty and improving health and environmental conditions in developing countries.

However, the growth of the information society leads to new and severe threats. Essential services such as water and electricity supply now rely on ICTs, as do most businesses and organisations, as well as citizens.

Attacks against information infrastructure and Internet services have already taken place. In contrast, online fraud and hacking attacks are just some examples of computer-related crimes that are committed on a large scale every day. The financial damage caused by cybercrime is enormous.

This 'digital paradox' means that while governments and organisations can offer more services, more quickly, than ever before, yet at the same time cybercrime has become a powerful countervailing force that limits that potential.

While technology introduces greater variety and convenience into our lives, it also opens more and more avenues for people to be targets of cybercriminals. International and domestic cybercriminals increasingly view businesses and private individuals as attractive targets for a range of cybercrime.

The demand and the statistics of the National Scarce Skills list for South Africa (2014), published by the Department of Labour, also identify scarce and critical skills required by the country with the proliferation of cyber-attacks and the increasing effectiveness of cybercriminals, organisations and indeed nation-states are increasingly finding themselves vulnerable and at risk. Knowledge of the Cyber domain is the first and vital step in developing a comprehensive response to cyber-attacks.

The urgent demand for competent personnel has been increasing over time. These are key drivers that have encouraged the institution to offer this qualification in the broader Information Technology field.

The qualification also seeks to address the five critical areas to building a developmental information society as identified by the South African Department of Telecommunications and Postal Services, and specifically concerning the emerging digital and knowledge economy as envisaged the Fourth Industrial Revolution. In particular, the underlying technologies and platform relating to, among other things:

• E-Governance;
• E�Skills Development;
• SMME Development;
• Information Ethics; and
• ICT Rural Development.

These sectors are particularly vulnerable to information and security breaches which must be countered for these initiatives to have an impact on society at large.

Recognition of Prior Learning (RPL)

Recognition of Prior Learning (RPL) can widen access to education and training and enhance the qualification status of historically disadvantaged adults and youths. By enabling people to apply what they already know and can do, RPL can reduce barriers and create opportunities that will lead to greater social and economic prosperity. The institution recognises the importance of RPL as an admission requirement.

Learners may obtain this qualification in part through the Recognition of Prior Learning.

Learners must meet the following criteria for recognition to gaining entrance into the qualification

• Learning acquired through work and life experiences will be clearly articulated and supported by evidence in their portfolios for examination during the interview process.
• Senior or line managers may recommend RPL for prospective learners.
• Emphasis will be on motivation and aspiration of the learner prior and current job experiences, details of in-house company training, short courses attended and future vision of the learner.

Entry Requirements

The minimum entry requirement for this qualification is

• Higher Certificate in Information Technology, NQF Level 5.

This qualification consists of the following compulsory at National Qualifications Framework Level 6 totalling 125 Credits.

Compulsory modules, 125 Credits

• Fundamentals of Information Security, 15 Credits.
• Security Management Best Practices, Risk and Governance, 15 Credits.
• Networking Fundamentals, 15 Credits.
• Policy, Legislative and Issues in Cyber Security, 15 Credits.
• Web Security, 15 Credits.
• Network Security, 15 Credits.
• Cyber Incident Analysis and Response, 10 Credits.
• Project, 10 Credits.
• WIL, 15 Credits.

1. Develop an informed understanding of the impact and risk associated with Information and Communication Technology in today's society.
2. Understand the evolution of the Cybersecurity domain, threat actors and threat vectors and the impact on organisations, sectors and nation-states.
3. Understand South Africa's Cybersecurity policy and legislative framework; build and implement a cybersecurity strategy, cybersecurity plan and policies.
4. Unpack the critical controls for cyber defence and develop practical ways of developing Cybersecurity capacity both at an organisational level and across sectors.
5. Apply knowledge in the use of various Computer Security techniques in assuring safeguarding networks from Cyberattacks.

Associated Assessment Criteria for Exit Level Outcome 1

• Demonstrate in-depth knowledge of the evolution of the cybersecurity domain.
• Illustrate the understanding of malware and the need to take preventative measures thereof.
• Demonstrate the need for the formulation of cybersecurity policies and the evaluation of the legislative environment.
• Assess and evaluate a detailed explanation of the Deep and Dark Web and the risks of utilising the TOR browser.

Associated Assessment Criteria for Exit Level Outcome 2

• Provide in-depth knowledge of the evolution of the cybersecurity domain and the importance for organisations and nation-states to prepare for cyber-attacks.
• Assess the various threat vectors and threat actors to an organisation and the impact it has on organisations business processes.
• Identify and assess the role threat vectors and threat actors play in cyber warfare and the new threats it poses to nation-states.

Associated Assessment Criteria for Exit Level Outcome 3

• Demonstrate in-depth knowledge of South Africa's Cyber Security Policies and legislative frameworks.
• Demonstrate the process of developing a cyber-security strategy that will assist in the safeguarding of organisations and nation-states against cyber-attacks.
• Illustrate the stages of development needed to implement cybersecurity plans and policies.

Associated Assessment Criteria for Exit Level Outcome 4

• Provide the development of an incident preparation strategy in the event of a cyber-security attack.
• Illustrate the various incident detection tools and analysis detection methods that are available.
• Implement the various Incident Detection as a defence against cyber-attacks.
• Develop and assess proactive and post-incident cyber services.

Associated Assessment Criteria for Exit Level Outcome 5

• Demonstrate the various network intrusion detection systems in the protection of data.
• Assess and implement the application of a Denial of Service defence against malicious attacks.
• Provide the need for the application of security protocols on a computer network to safeguard data.
• Identify the importance of conducting and applying Authentication Conditioned-safe Ceremonies.

Integrated Assessment

Assessment integrates with most modules, and learners complete a series of assignments as they progress to build a portfolio. Tasks included in portfolios may consist of projects, case studies, essays, simulations, experiments, assignments, online activities, interactions, and presentations. The examination serves as the summative assessment, which evaluates the achievement of outcomes and mastery of the larger body of knowledge which forms part of the curricula. Learners undertake the final examination under normal exam conditions.

The qualification also consists of a research and development project comprising an advanced application of mathematical modelling, computer programming and or computer hardware implementation, which requires an integration of acquired knowledge. The outcomes of the assessment are based on practical demonstration of results achieved and a written report, which must clearly show that a thorough scientific process was followed to arrive at conclusions.