Advanced Occupational Diploma: Chief Information Officer: Cybersecurity

Purpose

The purpose of this qualification is to prepare a learner to operate as a Chief Information Officer: Cybersecurity.

A Chief Information Officer: Cybersecurity ensures the effective and holistic management of the risks, threats and resiliency of cybersecurity within an organisation. This could include information security, fraud and physical security. They are accountable to build cybersecurity vigilance and resiliency across the operations, leveraging best in class capabilities and processes relating to threat analysis, threat intelligence, protection tools and subject matter expertise. The Chief Information Officer: Cybersecurity is accountable for protecting the organisations, its customers and its employees, as well as society at large, from the negative effects of cyber-crime and fraud.

A competent learner will demonstrate among others the following key attributes: complex thinking, deft communication, diplomacy, executive leadership, strategic orientation, critical thinking, emotional intelligence, analytical skills.

A qualified learner will be able to

• Oversee the cybersecurity function; and
• Lead the provision of secure Information Technology systems.

Rationale

There is a shortage of cybersecurity professionals, particularly for positions in governments, which create high levels of risk. Current Information Technology professionals may not be fully trained in information security tactics, strategy and leadership. They help develop new ways to combat cyber threats, and are the main line of defence against spamming, phishing, malware, viruses, and other information security threats. As cyber-attacks have increased, so has the demand for trained professionals to prevent and counter such attacks.

Organisations rely more heavily on technology to help manage their daily lives, as such the threat of cyber-crime continues to escalate. Economies lose billions of dollars and, governments are threatened by the risks posed by nefarious attacks on the key digital systems.

In recent years, large-scale cyber-attacks have affected major companies. Data breaches compromise personal information, bank records, credit card numbers and other private information, including usernames, passwords, emails, phone numbers and addresses.

Information Technology professionals shall hone their skills through this cybersecurity qualification and benefit the organisations. It shall enable learners to devise strategies and methods to prevent and counter cyber-attacks on both public and private organisations, thus saving millions of revenues in potential loss of trust from clients and service provision. Typical learners for the qualification are those who are employed as Cybersecurity practitioners wishing to advance to managerial and leadership roles in cybersecurity.

This qualification will enable cybersecurity officials to progress to specialist roles, middle and senior management levels. The holders of qualification do not require professional registration to practice.

The qualification also provides a unique tool to facilitate appropriate recognition of learning gained over time. It will promote high standards of safety within the digital economy, as part of the national development plan. This qualification supports the economic development needs of society. The qualification was developed in collaboration with the Information and Communication Technology Sector, central and commercial banking sectors.

Recognition of Prior Learning

• Learners will gain access to the qualification through RPL for Access as provided for in the QCTO RPL Policy. RPL for access is conducted by accredited education institution, skills development provider or workplace accredited to offer that specific qualification/part qualification.
• Learners who have acquired competencies of the modules of a qualification or part qualification will be credited for modules through RPL.

RPL for access to the external integrated summative assessment

Accredited providers and approved workplaces must apply the internal assessment criteria specified in the related curriculum document to establish and confirm prior learning. Accredited providers and workplaces must confirm prior learning by issuing a statement of result.

Entry Requirements

• NQF Level 6 qualification in Information Technology, Computer Science or Cybersecurity.

This qualification is made up of compulsory Knowledge, Practical Skill and Work Experience Modules

Knowledge Modules

• 133101-001-00-KM-01 Management, Leadership and Governance Principles within a Cybersecurity Context, NQF Level 7, 20 Credits.
• 133101-001-00-KM-02 Concepts and Principles Underpinning the Provisioning of Secure ICT within an Enterprise, NQF Level 7, 20 Credits.

Total number of credits for Knowledge Modules: 40

Practical Skill Modules

• 133101-001-00-PM-01: Legal Advice and Advocacy, NQF Level 7, 12 Credits.
• 133101-001-00-PM-02: Cyber Training and Education, NQF Level 7, Credits 12.
• 133101-001-00-PM-03: Strategic Planning and Policy Development, NQF Level 7, 6 Credits.
• 133101-001-00-PM-04: Executive Cybersecurity Leadership Practices, NQF Level 7, 10 Credits.

Total number of credits for Practical Skill Modules: 40

Work Experience Modules

• 133101-001-00-WM-01: Cybersecurity Instruction and Training Processes, NQF Level 7, 10 Credits.
• 133101-001-00-WM-02: Information Systems Management Processes, NQF Level 7, 10 Credits.
• 133101-001-00-WM-03: Communications Security Management Processes, NQF Level 7, 10 Credits.
• 133101-001-00-WM-04: Cybersecurity Workforce planning and development management processes, NQF Level 7, 10 Credits.

Total number of credits for Work Experience Modules: 40

1. Oversee the cybersecurity function within the ethical, legal and professional context.
2. Lead the provision of secure Information Technology systems using a range of enquiry methods.

Associated Assessment Criteria for Exit Level Outcome 1

ELO 1: Oversee the cybersecurity function within the ethical, legal and professional context.

• Provide legally sound advice and recommendations to leadership and staff on a variety of relevant topics within cybersecurity.
• Develop legally sound cases on behalf of clients using a wide range of written and oral work products, including legal briefs and proceedings.
• Analyse, develop and provide cybersecurity education and training, using appropriate and innovative methods, and techniques. (This includes but is not limited to the development, planning, coordinating delivery and evaluation of the education and learning.)
• Analyse and monitor Cybersecurity qualifications of an information system or network, including managing information security implications within the organisation, specific qualification, or other area of responsibility, including strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.
• Analyse, develop and advocate changes in policy that support organizational cyberspace initiatives or required changes/enhancements for.
• Supervise, manage and lead work and workers performing cyber and cyber-related operations.
• Justify decisions and actions drawn on appropriate ethical values and approaches.

Associated Assessment Criteria for Exit Level Outcome 2

ELO 2: Lead the provision of secure Information Technology systems using a range of enquiry methods.

• Oversee, evaluate, analyse and support documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology systems meet the organization's cybersecurity and risk requirements.
• Identify, evaluate, analyse, resolve and manage risk, compliance and assurance from internal and external perspectives.
• Develop and code new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
• Identify, evaluate, analyse, resolve challenges, and develop system concepts and works on the capabilities phases of the systems development life cycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
• Conduct information technology assessment and integration processes.
• Evaluate, provide and support prototype capability and / or its utility.
• Consult customers to gather and evaluate functional requirements and translate these requirements into technical solutions.
• Provide guidance to customers about applicability of information systems to meet business needs.
• Develop and conduct tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.
• Develop development phases of the systems development life cycle.
• Evaluate suitability of the development methods of systems development life cycle in a range of operational contexts.
• Apply IT systems development life cycle methods to resolve problems or introduce change within the cybersecurity function.

Integrated Assessment

Integrated Formative Assessment

The Skills Development Providers will use the curriculum to guide them on the stipulated internal assessment criteria and weighting. They will also apply the scope of practical skills and applied knowledge as stipulated by the internal assessment criteria. This formative assessment leads to entrance into the integrated External Summative Assessment.

Integrated Summative Assessment

An External Integrated Summative Assessment, conducted through the relevant QCTO Assessment Quality Partner is required to issue this qualification. The External Integrated Summative Assessment will focus on the Exit Level Outcomes and Associated Assessment Criteria. Additional to the written assessment the learner must also submit a portfolio of evidence compiled of outcomes achieved in the workplace.