Postgraduate Diploma in Cybersecurity

Purpose

The purpose of the Postgraduate Diploma in Cybersecurity qualification is to assist with shaping and producing professionals who are competent and astute in the design, implementation and management of information security systems, technologies, and frameworks and to fill a widening gap in industry, commerce and government which is made apparent by the shortage of qualified and skilled information technology professionals in general, and cybersecurity specialists in particular.

Information security answers every question regarding the individual's right to privacy in a world where society's private and sensitive information is no longer just in their own hands but also in the hands of those with whom they formally interact and do business transactions. Information security, therefore, has become a focal point of interest to individuals, industries, and governments in this era where innovation and technological advancement are relentlessly escalating, seemingly without limits. In this information age, there is an absolute overload of information in organisational data repositories, and there is also information constantly in transit. All this information exists at the mercy of miscreants who, on the basis of selfish motives, intend to intercept and either disrupt information flow or outright steal the information for malevolent and selfish purposes and benefit.

The qualification is therefore designed to close the information security gap by shaping practitioners and professionals. The critical skills that the learner will gain are required in all sectors of the economy, including financial markets, national defence, and sports and recreation. This Postgraduate Diploma in Cybersecurity qualification seeks to produce a professional who can understand the entire organisation's information needs in all their required structures, coupled with the follow-up capability to design technologies and strategies which enable these information structures to be implemented and maintained as the organisation's information needs are delivered, as well as protected and safeguarded.

Rationale

The rationale of the Postgraduate Diploma in Cybersecurity qualification is that there is a growing need for cyber-security professionals. Consideration was given to the prevailing technological landscape, which relentlessly keeps escalating when it comes to innovation. While most innovation is genuinely for good, it must be remembered that the cyber-underworld is also innovating to ensure that it is not too far behind the technology curve. Cybercriminals are constantly coming up with new techniques, strategies, and technologies to breach secure networks and other infrastructure for selfish gain and sometimes just for the evil of it, as is mostly the case with most hackers' motives.

There is an increasing urgency for businesses to invest in cybersecurity measures to mitigate reputational damage, financial losses and potential business disruptions. Cyber-attacks on businesses in Kenya, South Africa, and Zambia witnessed a significant rise last year, with a 76% increase overall. Kenyan businesses reported an 82% surge, while their South African and Zambian counterparts experienced a 62% increase each. The study highlights the dominant methods used by cyber criminals, with email attacks, such as phishing or spam attacks, being the most common (61%), followed by compromised passwords (48%) and data breaches (44%).

The above having been said, it was and is still clear that there is a need in various sectors to focus on and invest massively in cybersecurity. Internationally, a respectable number of institutions of higher learning have introduced qualifications or part-qualifications premised on cybersecurity, but the effort has not gathered the pace equivalent to that being witnessed in the cyber-underworld. Furthermore, the qualifications offered abroad are quite expensive and, for the most part, unaffordable to African learners. This creates a clique in terms of information technology security qualifications, whereas what is needed is a model that promotes the production of cybersecurity experts at an accelerated pace.

With everything being driven in the fourth industrial revolution, a new global economy is emerging, considering the high levels of data that business processes are generating. The need to study vast swaths of data and information passing through an organisation's data and information channels is being increasingly magnified. Complex cybersecurity systems have therefore become increasingly necessary in the quest by businesses to protect not only the vast swaths of data that are at their disposal but also the immense hardware and software infrastructure businesses invest in to automate the heart of their operations.

Technology is changing quite rapidly; threats, vulnerabilities, and the dangers associated with them are also escalating. The Postgraduate Diploma in Cybersecurity qualification has been crafted with these considerations in mind. The qualification contains one pivotal module, Ethical Hacking, which tracks leading certification badges in the cybersecurity technology domain. The Ethical Hacking module tracks the International Council of E-Commerce Consultants Ethical Hacking certification. The International Council of E-Commerce Consultants is the preeminent Ethical Hacking certification body in the world.

What is earned today is that the world of cybercrime now has the most advanced technological weapons at its disposal, and in many cases, they are ahead of the information security and cybersecurity technology that most businesses use to protect their systems and overall information technology infrastructure. Cybercriminals are constantly upgrading their skills to catch up, and in most cases, to surge ahead of the game. It must not be forgotten that, as much as white economies are built on the strength of technological innovation, cybercrime has become a massive economy which now stands at more than 6 trillion US dollars' worth, which is the third largest industry or economy in the world. Being an industry and an economy, it also operates in the same way white economies operate, in that its primary cause is to generate revenue for those who invest financial and human capital into it. It will innovate technologically as well as continue to develop the skills and technologies it depends on. Therefore, it stands to reason that if the white economy does not innovate ahead of the economic underworld in general and cybercrime in particular, the world and economies of goodwill will be obliterated by the world and economies of evil.

The exit level outcomes of the Postgraduate Diploma in Cybersecurity qualification indicate a qualification that is structured to produce learners who are well-equipped and skilled to a level where they engage in critical thinking and analysis to create and make use of complex problem-solving frameworks and methodologies that help manage and contain incidents of combined threat and vulnerability within a business organisation. Learners are equipped with skills to confront and resolve cyber threats of varying complexity, as well as communicate threat and vulnerability scenarios to people operating at different levels of technical expertise.

The Postgraduate Diploma in Cybersecurity qualification is meant for those who desire roles in the complex and constantly mutating field of information technology security, both in the private and public sectors of the South African economy and beyond. The Postgraduate Diploma in Cybersecurity qualification enhances the learners' career opportunities, as there is a high demand for cybersecurity professionals. The qualification is designed to align with industry standards and trends, ensuring learners have up-to-date knowledge.

The range of typical learners targeted for enrolment onto the Postgraduate Diploma in Cybersecurity qualification encompasses individuals holding a degree in Information Technology, Engineering, or Mathematics-related fields, or possessing equivalent qualifications as determined periodically by the institution's Academic Council. These qualifications should be accredited by recognised institutions of higher education, whether obtained domestically in South Africa, elsewhere in Africa, or internationally. Additionally, the qualification must be pitched at the NQF Level 7 as per the South African Qualifications Authority.

Learners will gain specialised knowledge in various cybersecurity domains and develop practical skills through hands-on exercises. The qualification also facilitates professional networking and can serve as a steppingstone for further academic and professional growth. According to cyber security firm Fortinet's Global Cybersecurity Skills Gap (2023), 40% percent of South African companies struggle to hire and retain cyber security talent, and 64% agree that the shortage of cyber security skills creates additional cyber risks for organisations. In the past 12 months, 39% of South African organisations suffered security breaches. In addition, 86% indicated they had experienced more than one cyber-attack that could be partially attributed to a lack of cyber-security skills on their teams.

Successful completion of this qualification enables learners to seek diverse roles in the ambit of information technology security of which the following are possible opportunities:

• Cybersecurity Specialist
• Cybersecurity Consultant
• Cybersecurity Analyst
• Incident Responder
• Information Technology Security Engineer
• Penetration Tester
• Information Systems Security Auditor
• Information Systems Security Architect

The completion of the Postgraduate Diploma in Cybersecurity qualification provides benefits to society by strengthening cybersecurity defences, responding to cyber threats, promoting compliance with regulations, raising cybersecurity awareness, and contributing to economic and national security. Learners play a vital role in protecting individuals, organisations, and public interests from cyber risks, ultimately creating a safer digital environment.

In conclusion, cybersecurity threats can have significant financial implications for businesses. The Postgraduate Diploma in Cybersecurity qualification will equip learners with the knowledge and skills to protect organizations' digital assets, including sensitive data, intellectual property, and financial resources. By implementing effective cybersecurity measures, businesses can reduce the risk of data breaches, financial losses, and reputational damage. This protection of business assets helps foster a stable and resilient business environment, supporting economic growth and sustainability.

Recognition of Prior Learning (RPL)

The institution recognises the important role that the Recognition of Prior Learning (RPL) plays in ensuring equitable access and participation in Higher Education. In this process, non-formal and/or informal learning are measured, evaluated, and checked for equivalence or parity with the formal qualification entry requirements. The RPL assessment process will focus on ways of evaluating a person's knowledge and skills acquired through lifelong learning experiences (formal, non-formal, and informal) against a set of predetermined criteria.

All RPL applications are subject to evaluation by the Admissions and Selections Recognition of Prior Learning committee. It is assumed that the learning derived from work or life experience will be a major element in the profiles of non-standard entrants, primarily by means of a portfolio of evidence. Where appropriate, interviews will also be conducted to assess applicants for selection purposes.

RPL for access

• Learners who do not meet the minimum entrance requirements or the required qualification at the same NQF level as the qualification required for admission may be considered for admission through RPL.
• To be considered for admission in the qualification based on RPL, applicants should provide evidence in the form of a portfolio that demonstrates that they have acquired the relevant knowledge, skills, and competencies through formal, non-formal and/or informal learning to cope with the qualification expectations, should they be allowed entrance into the qualification.

RPL for exemption of modules

• Learners may apply for RPL to be exempted from modules that form part of the qualification. For a learner to be exempted from a module, the learner needs to provide sufficient evidence in the form of a portfolio that demonstrates that competency was achieved for the learning outcomes that are equivalent to the learning outcomes of the module.

Entry Requirements

The minimum entry requirement for this qualification is

• Advanced Diploma in Cybersecurity, NQF Level 7.

Or

• Advanced Diploma in Information Technology, NQF Level 7.

Or

• Advanced Diploma in Information and Communication Technology in Communication Networks, NQF Level 7.

Or

• Bachelor of Commerce in Information Technology, NQF Level 7.

Or

• Bachelor of Computer and Information Sciences in Network Engineering, NQF Level 7.

Or

• Bachelor of Science in Computer Science and Information Technology, NQF Level 7.

Or

• Bachelor of Science in Information Technology, NQF Level 7.

This qualification consists of the following compulsory modules at National Qualifications Framework Level 8, totalling 120 Credits.

Compulsory Modules, NQF Level 8, 120 Credits

• Information Security, 15 Credits.
• Web Application Security, 15 Credits.
• Cryptography and Network Security, 15 Credits.
• Research Methodology, 15 Credits.
• Cloud Security, 15 Credits.
• Ethical Hacking, 15 Credits.
• Cyber Investigation and Digital Forensics, 15 Credits.
• Cyber Law and Ethics, 15 Credits.

1. Explore the fundamental principles, concepts, and technologies used in implementing corporate cybersecurity frameworks.
2. Establish data protection guidelines and procedures to support understanding and compliance with relevant legal and ethical requirements related to cybersecurity.
3. Formulate best practices for incident response and disaster recovery in the event of a security breach.
4. Assess corporate information systems infrastructure and assets [people, networks, hardware and software] for potential security risks and vulnerabilities.
5. Examine new threats and technologies in the cybersecurity field by researching innovative ways and methodologies by which these new threats may be limited or eradicated.
6. Develop specific security policies, procedures, and practices to guide employers, employees, and other stakeholders in the secure use and protection of information systems and networks.
7. Create an effective communication framework to serve as corporate guidelines to assist with technical and nontechnical stakeholder response and involvement in organisational cybersecurity matters.
8. Evaluate the effectiveness of security controls and their accompanying technologies and recommend possible improvements when and where necessary
9. Probe current research methodologies within the information security domain to identify knowledge gaps in cybersecurity.

Associated Assessment Criteria for Exit Level Outcome 1

• Explore fundamental concepts and principles to understand the basis upon which information security in general, and cybersecurity in particular, is practiced.
• Examine cybersecurity frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organisation for Standardisation (ISO) 27001, Critical Security Controls (CIS), and Control Objectives for Information and Related Technologies (COBIT), to equip learners with the skills to build working and practical corporate cybersecurity strategies and solutions.
• Review cybersecurity technologies and innovations, including the harnessing of artificial intelligence and the irrefutability of blockchain architectures, to curb and thwart, to inform decisions on the adoption of new solutions to current and expected cyber threats.

Associated Assessment Criteria for Exit Level Outcome 2

• Formulate legal and ethical requirements arising out of the novelty of Cybersecurity as a technology domain to facilitate understanding of compliance.
• Critique data protection guidelines, including the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR), to equip learners with the necessary level of competence to develop data protection guidelines on their own as and when mission-critical situations arise in the work environment.
• Examine data protection guidelines and procedures to enhance learners' sense of personal initiative and independence when confronting problems requiring inventiveness.

Associated Assessment Criteria for Exit Level Outcome 3

• Inspect Incident and disaster recovery response techniques and practices to develop analytical and independent thinking within learners.
• Establish threat and vulnerability scenarios to enable learners to apply their judgment in matching specific incident response strategies, including disaster recovery planning and impact measurement, to their best application scenarios.
• Question industry scenarios to provide the basis for formulating tests that provide proof of learners' knowledge of disaster recovery steps and procedures.
• Best practices for incident response are broken down to form a basis for understanding how cybersecurity contributes to organisational reputation management.

Associated Assessment Criteria for Exit Level Outcome 4

• Investigate methods of assessing corporate information system infrastructure to provide insights into effective corporate infrastructure and asset management.
• Determine threat scenario tests to enhance learners' investigative and analytical skills in identifying potential risks and vulnerabilities.
• Examine practical development of organisation-specific cybersecurity playbooks to provide effective standard procedures to resolve incidents according to the type and extent of damage inflicted.
• Explore scenarios to understand the importance of people as assets and important role players in an organisational security system.

Associated Assessment Criteria for Exit Level Outcome 5

• Use new threat identification methodologies to raise awareness of random and new attacks.
• Analyse troubleshooting exercises to develop learners' critical thinking capabilities when approaching cyberattack incident scenarios as solution providers.
• Explore scenarios of new threats to enhance learners' knowledge on how to curb this while protecting information system infrastructure.

Associated Assessment Criteria for Exit Level Outcome 6

• Evaluate scenarios to understand cybersecurity policies, procedures, and practices that are aligned to Cybersecurity Frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organisation for Standardisation (ISO) 27001, Critical Security Controls (CIS), and Control Objectives for Information and Related Technologies (COBIT).
• Select policy and procedure authoring activities to enhance learners' skills in the development of information and cybersecurity policies and procedures.
• Explore scenarios as a collective way of practically guiding employers and employees in the secure use and protection of information systems and networks.

Associated Assessment Criteria for Exit Level Outcome 7

• Assess incident cases to understand how to effectively communicate with both technical and non-technical personnel, procedures associated with corporate responses to cyberattack incidents.
• Appraise communication frameworks based on prominent industry cases to provide adequate and competent practice in the development of in-house communication frameworks used to communicate cyberattack incident response procedures.
• Examine examples of training and communication programs to enhance the understanding of how to conduct stakeholder education as a way of improving cybersecurity awareness within organisational workplaces.

Associated Assessment Criteria for Exit Level Outcome 8

• Examine vulnerability assessments, including virtual pen testing, Red Hat, external and internal pen testing, and continuous vulnerability scanning to provide solution tools that apply to a wide range of incident scenario types.
• Present standard Operating Procedures for cybersecurity to enlighten learners on the importance of periodically reviewing security controls to accommodate newer, less-known threats in revised documents.
• Explain security controls and associated technologies to enable independent thinking and the production of new ideas in problem scenarios.
• Explore practical exercises to test and evaluate security controls as well as associated technologies, which inform recommendations in terms of the cybersecurity direction to be adopted by the organisation.

Associated Assessment Criteria for Exit Level Outcome 9

• Examine research methodologies to showcase proficiency in selecting and justifying the chosen methodology for identifying the gaps within the field of cybersecurity.
• Review research activities to understand their impact within the domain of cybersecurity.
• Apply research methodologies to proficiently understand the findings, clear articulation of identified gaps in the cybersecurity industry and the rationale behind the process.

INTEGRATED ASSESSMENT

The institution's Assessment Strategy is aligned to Council on Higher Education Accreditation Criteria (2012), the National Policy and Criteria for Designing and Implementing Assessment for NQF Qualifications and Part-Qualifications and Professional Designations in South Africa.

Assessments at different NQF Levels

The institution has recognised a change in its learners' profile and, more significantly, in the learning needs of learners, nationally and internationally. Correspondingly, there have been several advancements in education technology that better support learner success. In pursuit of global relevance and enhanced learner success, the institution has decided to participate in this global trend and will initiate the natural progression from distance to online learning for its qualifications. To this end, the institution has undertaken a review of its Assessment Strategy. The Assessment Strategy is outlined within the institution's Assessment Policy. As such, the following is provided as rationale for the assessments at NQF level 8.

Integrated assessment at the institution requires careful consideration to implement formative and summative assessment methods which offer an inclusive and holistic view of learners' Assessments are aligned with the pre-defined learning outcomes per module, culminating with the qualification exit level outcomes. Formative and summative assessments are diverse in nature, and these encompass projects, case studies, and scenario-based questions. Formative assessments allow for regular feedback to learners, highlighting areas of success and improvement. Summative assessments evaluate learners after a learner's learning journey. An imperative to integrated assessments is the provisioning of feedback to not only learners but also internally, as the results of assessments play a critical role in informing the development of future assessments, assessment practices, and the continuous improvement of the qualification.

The formative assessments at this level are structured in such a way that they require learners to practice and demonstrate several higher-order skills, including the ability to articulate, evaluate, and appropriately use evidence. The two formative assessments constitute 20% of the final mark each. Summative assessments carry a 60% weighting and comprise an online summative assessment, which requires learners to demonstrate immediate connections between theories, concepts, and skills and their immediate utility in current or future career scenarios. Completing module projects provides evidence of high-level cognitive skills (i.e., creation, application, analysis, and evaluation) and requires learners to develop strategies and plan how to approach complex problems that are relevant to the proposed scenario. These projects generally have a strong research focus geared towards preparing the learner for master's level study.

Assessment Structure

The final mark is calculated as follows

• Formative Assessment 1> 20%
• Formative Assessment 2> 20%
• Summative Assessment > 60%

How to Pass a Module

To pass a module, the following requirements must be met

• The compulsory completion of ALL assessment activities"�
• To pass a module, a sub-minimum of 50% is required in each form of assessment, and a final combined mark of 50% is required
• Entrance to the Summative Assessment is dependent on meeting the sub-minimum requirements of the formative assessments for each semester."