Postgraduate Diploma in Cybersecurity

Purpose

The Postgraduate Diploma in Cybersecurity provides specialised knowledge in the Cybersecurity Information Technology field. It will equip learners with in-depth theoretical knowledge and skills in the Cybersecurity discipline. Cybersecurity involves technology, people, information and organization processes. This will give the learners the ability to relate the knowledge to a range of contexts to undertake professional cybersecurity work and research.

On completion of the qualification, qualifying learners will be able to

• Reflect and analyse current technologies/trends, practices, laws and research in cybersecurity.
• Develop and implement Cybersecurity policies and measures in an organization.
• Perform research reports in the Cybersecurity field.
• Analyse and research Information and Cybersecurity to address the issues and demands related to Information Technology (IT) Security and more specifically Cybersecurity.
• Compile research reports containing suggestions towards the improvement of cybersecurity and the related resources within an organization.

The qualification provides learners with the necessary Cybersecurity and research skills to advance into a Master's Degree in the Cybersecurity research field.

Rationale

According to Chief Security Officer (CSO) Online and a Frost and Sullivan Global Information Security Workforce Study, the world faces a current and growing workforce shortage of qualified cybersecurity professionals and practitioners. The Government and Non-Government sources project nearly 1.8 million cybersecurity-related positions going unfilled by 2022. The Cybersecurity workforce demand is acute, immediate, and growing. The qualification is developed to meet the need for trained cybersecurity specialists nationally and internationally.

Cybersecurity is a relatively new and rapidly growing field that started as a grassroots response to the practical, everyday needs of business and other organisations. Today, organisations of every kind need cybersecurity professionals to develop and manage a cybersecurity strategy to ensure that they minimize and manage the risk of cyberthreats on their IT systems. National and international policies relating to cybersecurity must be considered when developing this strategy. A key factor to cybersecurity is the human factor. The users of Information Technology (IT) systems must be educated about the dangers of cyber-attacks and that cyber safety is key. This qualification aims to equip an individual to confidently and professionally address cybersecurity risk management in an organization. The qualification allows learners to develop integrated competencies in cybersecurity by examining the issues within cybersecurity relating to technology, people, information, organization processes. Further, the qualification will enable qualifying learners to confidently and professionally address cybersecurity risk management in an organization. The qualification allows professionals to strengthen and deepen their knowledge in the Cybersecurity field.

The Association for Computing Machinery (ACM) Education Board recognized the urgent need for cybersecurity qualifications in 2015 and took measures to develop comprehensive curricular guidance in cybersecurity education. The CSEC2017 Joint Task Force Team produced a Report in the Computing Curricula Series named Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity. This report defines Cybersecurity as a computing-based discipline involving technology, people, information and organization processes to enable assured operations in the context of adversaries. It involves the creation, operations, analysis and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics and risk management.

The Postgraduate Diploma in Cybersecurity addresses a need for providing a qualification that specializes in Cybersecurity in Information Technology at a postgraduate level. This postgraduate diploma will provide graduates with the skills to develop and implement Cybersecurity policies and measures in an organization, develop in-depth disciplinary skills in cybersecurity and perform research in the Cybersecurity field. To cater for full-time working professional people, the qualification will be offered on a limited-contact basis through block release. The qualification will allow currently employed staff with an NQF level 7 qualification alternative access to Masters in Information Technology specializing in Cybersecurity.

The theory and practical experience of this qualification will equip the learners to make a meaningful contribution to the economy and national development by ensuring optimal protection and security management of Information Technology resources within organizations. This is in line with the national need for IT professionals. The Institute of Information Technology Professionals South Africa (IITPSA), formerly Computer Society South Africa (CSSA), a recognised professional body has a long and proud history of service to, and representation of, South Africa's ICT professionals and practitioners, attracting a broad and active membership from all levels of the ICT Industry. This qualification has been aligned with the IITPSA requirements. The IITPSA are in support of this qualification as it will help the industry to employ new staff with the necessary cybersecurity background.

Recognition of Prior Learning (RPL)

This qualification may be obtained in whole or in part through the Recognition of Prior Learning. Recognition of Prior Learning in the case of learners not complying with the formal entry requirements will be conducted in accordance with the policy and guidelines of the Institution concerning the recognition of other forms of formal, informal and non-formal learning and experience. The institution will apply in this qualification the RPL for both access and credits in line with the National Policy and Criteria for the Implementation of RPL (Amended in March 2019).

RPL for Access

Learners who do not meet the minimum entry requirements of the required qualification may be considered for RPL. There are two options:

• Advanced Standing, in which case the minimum entry requirements are waived by the admitting institution based on evidence of prior learning, work experience or any other relevant circumstances that may apply to an individual learner. No portfolio is required.

OR

• Applicants may provide evidence in the form of a portfolio that demonstrates that the applicant has acquired sufficient relevant knowledge, skills, and competencies to be able to reasonably meet the expectations for learning demanded by the qualification for which they are seeking access.
• In instances where RPL is applied for the purposes of access, no credits will be awarded for any previous learning. However, the candidate may choose the option of being assessed for credit.

RPL for credits

Learners who do meet the necessary entry requirements for admission to a qualification may be awarded some or all the credits towards the qualification. There are two possibilities:

• Learners may apply for RPL to be exempted from a module or some modules by providing sufficient evidence in the form of a portfolio that demonstrates that a level of competency, equivalent to the learning outcomes of the module or modules, has been achieved. Credits will be awarded for such modules.

OR

• Learners may apply for RPL to be awarded all the credits required for the qualification. Sufficient evidence must be provided that demonstrates a level of competency equivalent to all the learning outcomes of the qualification.

Entry Requirements

The minimum entry requirement for this qualification is

• Bachelor of Information Technology, NQF Level 7.

Or

• Bachelor of Computer Science, NQF Level 7.

Or

• Advanced Diploma in Information Technology, NQF Level 7.

Or

• Advanced Diploma in Computer Systems Engineering, NQF Level 7.

This qualification consists of the following compulsory modules at National Qualifications Framework Level 08 totalling 120 Credits.

Compulsory Modules, Level 8,120 Credits

• Information and Cybersecurity Principles, 15 Credits.
• Professional Skills in Cybersecurity, 15 Credits.
• Research Methodology, 12 Credits.
• Research Report, 18 Credits.
• Information Security Management, 15 Credits.
• Information Security Governance, 15 Credits.
• Cyber Safety, 15 Credits.
• Technical Aspects in Information and Cybersecurity, 15 Credits.

1. Apply the theory and practice of Information and Cybersecurity in IT in an organisation via a problem-based case study application.
2. Integrate Culture and Awareness into an Information and Cybersecurity strategy.
3. Conduct a systematic investigation into an Information and Cybersecurity topic.
4. Examine how Information and Cybersecurity is managed and governed in a provided IT context
5. Identify and manage the risks of cyber threats by using a range of specialised knowledge, skills, frameworks, technologies and ethical standards associated with Information and Cybersecurity in a given context.
6. Construct an effective communication report related to a provided information and cybersecurity context.

Associated Assessment Criteria for Exit Level Outcome 1

• Identify and analyse vulnerabilities, risks and threats in a case study.
• Evaluate and critique relevant security services.
• Compare and contrast between Security and Privacy.
• Identify and discuss the ethical implications that apply to Cybersecurity.
• Explain and evaluate the Information and Cybersecurity Standards Operation Procedures and their impact on security solutions.

Associated Assessment Criteria for Exit Level Outcome 2

• Evaluate and critique strategies applied to Information and Cybersecurity.
• Assess the role of Organizational Culture in Information and Cybersecurity.
• Identify and analyse Social Media privacy concerns.
• Design and implement Information and Cybersecurity Education, training and awareness initiative.

Associated Assessment Criteria for Exit Level Outcome 3

• Identify and solve Information and Cybersecurity problems.
• Apply appropriate research methodological approach for the investigation.
• Collect, organise, analyse and critically evaluate information to solve the Information and Cybersecurity problem.
• Examine and evaluate the ethical implications for the investigation.
• Create a research report adhering to relevant reporting standards.

Associated Assessment Criteria for Exit Level Outcome 4

• Analyse the relevant Information and Cybersecurity Standards and best practices.
• Select and apply appropriate IT risk management strategy.
• Evaluate IT Risk management processes within an organization.
• Analyse and apply IT Governance principles within an organization.
• Critique and evaluate the Management models within the Information and Cybersecurity space.
• Develop and implement Information and Cybersecurity Policy framework for an organization.

Associated Assessment Criteria for Exit Level Outcome 5

• Evaluate and apply a threat model within an organization.
• Identify and motivate appropriate security controls for a specific risk situation.
• Identify and critique challenges of implementing security controls within the Information and Cybersecurity given context.
• Analyse and apply security controls within a given context.

Associated Assessment Criteria for Exit Level Outcome 6

• Communicate effectively in the context of individual or teamwork.
• Prepare and deliver a high-quality presentation on findings or proposals.
• Produce high-quality written reports.