Postgraduate Diploma in Cybersecurity Risk Management

Purpose

The purpose of the Postgraduate Diploma in Cybersecurity Risk Management is to deepen risk management from current digital transformation technologies. The qualification will enable learners to successfully implement risk management plans for cloud computing, mobile technologies, and financial technologies. The qualification will deepen the risks associated with emerging technologies of recent implantation in organisations. The learner will acquire specialised knowledge of insecurity in managing information in cloud services and risks related to big data.

The qualification will prepare the learner to manage digital risks in the working environment. This qualification is designed for individuals who do not have an in-depth cybersecurity background but want to pursue a career in this exciting field. Through this Post-Graduate Diploma in Cybersecurity Risk Management, learners will develop the ability to identify, implement and manage cyber defences.

The qualification further aims to advance the knowledge and skills gained in the undergraduate qualifications. It provides two elective streams, Secure Networks and Secure Software, to further differentiate and provide options to meet specific market needs. In addition, it aims to prepare learners for a workplace that requires specialised knowledge and skills set in Cybersecurity.

It also aims to develop research capacity in the methodology and techniques of Information Technology (IT), thereby laying a foundation for consulting research at Masters' and Doctoral Levels. A graduate of this qualification will be able to engage in self-directed learning and demonstrate intellectual independence and analytical rigour. This qualification typically follows a bachelor's degree in IT and allows articulation into a Master's qualification in Cybersecurity.

Learners will consider technical approaches as well as commercial and human factors which affect how organisations respond to cyberattacks. Developing these technical skills and knowledge will prepare learners to successfully start their cybersecurity career in networks, and software of risk management.

Upon completion of the qualification, the learner will be able to

• Collect and manage information with an understanding of the concepts, models, and theories applicable, implementing security policies across organisational processes and applications.
• Manage and explore complex information and operate at an appropriate cognitive level to extract and use complex information.
• Analyse complex security frameworks accurately and demonstrate self-direction and originality in analysing and implementing the most appropriate standards and methods.
• Implement and configure security strategies and laws at the level of a professional in the ICT cyber security field, considering public and private organisations.

Rationale

Businesses are increasingly becoming more reliant on technology to operate. Accordingly, there is a huge demand for cybersecurity professionals with knowledge of cyber threats. This qualification provides a foundation for developing an effective IT risk management qualification, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The goal is to help organisations better understand and manage IT-related mission risks and how to deal with them.

In 2016, it was estimated that the attacks on the United States alone were between $57 billion and $109 billion. These threats are serious problems for companies of all sizes, and they can cause severe damage in a short amount of time. Therefore, cybersecurity qualifications are among the best investments any company can make.

The qualification will strongly focus on Cybersecurity, Risk Management and Mitigation, as well as the Legal Framework. Cybersecurity should be integrated into the overall risk management process of every organisation. By defining the risk strategy and acceptable risk levels, agency leaders and security teams can manage security risks adequately, including budgeting commensurate with the relevant risk.

The sector's requirements, and national priorities, have been considered, including the International Sustainable Development Goals (SDGs). With a skills shortage of between 20,000 and 70,000 high-end ICT professionals in South Africa alone, business and education must work together to close the gap; therefore, the risk has increased significantly, and this post-graduate Diploma degree has become so important.

The risk is that developed countries will also recruit skills from South Africa to make up for their shortfalls. Hence the requirement for a degree of this nature is paramount to the success of the South African economy. The Sector Skills Plan for the Media, Information and Communication Technologies Sector, Education and Training Authority for the period 2020 to 2025 indicated that in 2019, the sector was made up of 30,727 employers.

The Information Technology sub-sector accounts for 48% of this makeup. As reported by the SSP, this is considered a growing market, with a 16% increase in employers. The same study reported that the number of employees in the sector is 2,285,983. It is indicated that the Information Technology sub-sector is the most significant contributor to this sector, making up (1,956,584) 86% of employees in 2019.

Race and gender profiles of employees in the sub-sector indicate that transformation is accelerating, with 43,5% of the sector representative of African employees and 33.3% as White. Coloured employees account for 12,4% and Indian/Asian employees for 10.8% of the sector.

Younger employees dominate the sector, and it is estimated that 47% of employees are younger than 35. This is closely followed by ages 35 to 55 (46%) and those older than 55 contributing 7% to the cohort. The institution will consider this data in ensuring that learner support initiatives accommodate graduates and possibly older applicants in senior ICT positions wanting to access the qualification for career development or professionalisation.

Engagement with industry stakeholders, learners, and alumni considered numerous factors affecting skills demand and supply. This included the impact of factors such as Cloud Computing, the Internet of Things (IoT), Big Data Analytics, Information Security, IT Risk Management, Artificial Intelligence and Robotics and the impact of the 4th Industrial Revolution and their relevant skills impacts.

The institution will therefore continue to develop and align its offerings to the South African Policy Framework and development trajectory as underpinned in the National Development Plan (NDP), which challenges the country to achieve sustained levels of economic growth through 2030.

Recognition of Prior Learning (RPL)

The institution adheres to the Criteria and Guidelines to implement the Recognition of Prior Learning- and has thus incorporated the necessary elements into its institutional quality management system and policy suite. Learners` prior learning is recognised through a formal process of submission of a portfolio of evidence and evaluation by our staff in pursuit of identifying any formal or informal learning that the learner might have achieved previously. This is formally articulated in the institutional Recognition of Prior Learning policy submitted as evidence related to this application.

RPL is granted based on an appropriate assessment, in keeping with the above national policies, considering the necessary preparation and guidance to undertake such evaluations. This is because 'assessment, [as] an integral feature of all forms of RPL, does not exist in isolation from a range of other strategies that allow for different sources of knowledge and forms of learning to be compared and judged' (South African Qualifications Authority, 2013). The Academic Board of the institution gives final approval.

Entry Requirements

The minimum entry requirement for this qualification is

• Advanced Diploma in Information Technology, NQF Level 7.

Or

• Bachelor of Commerce in Information Technology Management, NQF Level 7.

Or

• Bachelor of Business Informatics, NQF Level 7.

This qualification consists of the following compulsory modules at National Qualifications Framework Level 8 totalling 120 Credits.

Compulsory Modules, Level 8, totalling 120 Credits

• Principles of Research, 15 Credits.
• Ethics in Cybersecurity Risk Management, 15 Credits.
• Introduction to Cybersecurity, 15 Credits.
• Cybersecurity Laws and Regulatory Compliance, 15 Credits.
• Information Assurance and Risk Management, 15 Credits.
• Cybersecurity Governance Frameworks, 15 Credits.
• Cybersecurity Risk Management Research Project, 30 Credits.

1. Demonstrate the ability to collect and manage information with an understanding of the concepts, models, and theories applicable, implementing security policies across organisational processes and applications.
2. Manage and explore complex information and operate at an appropriate cognitive level to extract and use complex information.
3. Analyse complex security frameworks accurately and demonstrate self-direction and originality in analysing and implementing the most appropriate standards and methods.
4. Implement and configure security strategies and laws at the level of a professional in the ICT cyber security field, considering public and private organisations.
5. Effectively manage a security team or organisational unit, performing the necessary functions regarding planning, resourcing, directing and control of strategy, policies, and procedures.
6. Communicate with all stakeholders, partners, colleagues, and superiors, formally and informally, using oral and written modalities and selecting appropriate communication media.
7. Adapt own attitude to make autonomous ethical decisions that affect knowledge production and complex organisational or professional issues.

Associated Assessment Criteria for Exit Level Outcomes 1

• Establish cybersecurity frameworks by successfully applying them to develop and implement organizational security policies that enhance compliance and risk management standards.
• Effectively collect and organize data from diverse internal and external sources to identify potential security vulnerabilities and threats, ensuring the data is relevant and actionable for risk assessment.
• Utilise appropriate tools (e.g., SIEM systems, intrusion detection tools) to efficiently collect, analyse, and manage security-related information from various organizational applications, ensuring that the information supports proactive security measures.

Associated Assessment Criteria for Exit Level Outcomes 2

• Extract relevant security data from large, dispersed sources (e.g., cloud-based systems, multi-national networks, third-party vendors) using tools like data analytics platforms, SIEMs, and threat intelligence feeds.
• Analyse vast and complex datasets to identify patterns, trends, or anomalies related to security risks, justifying the need for adjustments in risk management policies.
• Correlate data from multiple sources (e.g., logs, network traffic, user behaviour analytics) to justify and adapt risk management strategies.

Associated Assessment Criteria for Exit Level Outcomes 3

• Critically analyse complex security frameworks (e.g., NIST, ISO/IEC 27001, COBIT) to identify strengths, weaknesses, and areas for improvement within an organizational context.
• Develop, implement and customise cybersecurity solutions that align with the unique requirements of an organization, considering its size, industry, and risk profile.
• Evaluate the effectiveness of the chosen methods by conducting post-implementation reviews, audits, or security tests (e.g., penetration testing, red team exercises), and adjusting strategies as necessary.

Associated Assessment Criteria for Exit Level Outcomes 4

• Configure and deploy security strategies, such as firewall rules, encryption protocols, and access controls, in accordance with best practices for both public and private sector organizations.
• Implement cybersecurity frameworks and compliance requirements (e.g., GDPR, HIPAA, SOC 2) across various organizational processes, ensuring adherence to relevant legal and regulatory standards.
• Design and configure security architecture (e.g., VPNs, multi-factor authentication, zero trust networks) tailored to the specific operational needs of an organization.
• Conduct audits and reviews of security implementations to ensure they remain aligned with evolving legal, regulatory, and business environments.

Associated Assessment Criteria for Exit Level Outcomes 5

• Effectively lead a cybersecurity team by setting clear goals, defining roles, and assigning responsibilities aligned with the organization's security objectives.
• Manage cybersecurity incidents by coordinating team responses, directing resources effectively, and ensuring that incidents are resolved in a timely and controlled manner.
• Conduct regular reviews of the team's performance and effectiveness in executing security strategies, providing feedback and coaching to improve skills and performance.
• Monitor the progress of cybersecurity initiatives and adjust plans or resources as necessary to meet deadlines and maintain alignment with organizational priorities.

Associated Assessment Criteria for Exit Level Outcomes 6

• Clearly articulate cybersecurity concepts, strategies, and policies to various stakeholders (e.g., technical teams, management, clients) in both verbal and written formats.
• Effectively prepare and deliver presentations, reports, and briefings on security issues, project statuses, and compliance matters, using appropriate visual aids and data representations.
• Engage in active listening, encouraging feedback and discussions during meetings, ensuring that all perspectives are considered in decision-making processes.
• Develop documentation (e.g., security policies, incident reports, training materials) that is clear, concise, and accessible to different audiences, ensuring proper understanding and compliance.

Associated Assessment Criteria for Exit Level Outcomes 7

• Apply a thorough understanding of ethical standards and legal requirements related to cybersecurity, data privacy, and professional conduct, applying them to decision-making processes.
• Apply informed ethical decisions autonomously, considering the potential impact on the organization, stakeholders, and the broader community, especially in complex situations.
• Evaluate the ethical implications of security policies, practices, and technologies, ensuring that organizational actions align with ethical standards and societal values.
• Contribute to the development of ethical guidelines and practices within the organization, ensuring that all cybersecurity initiatives reflect high ethical standards.

INTEGRATED ASSESSMENT

This qualification consists of three types of modules. The academic subjects consist of

• lectures
• prescribed readings
• case studies
• tutorials
• individual or small group practical exercises.

Learners are formatively assessed on class tests and the artefacts produced for assignments and projects.

Summative Assessment

A final summative test is written for each subject. The final continuous assessment result is a weighted average of all these assessments, as specified in the study guide for each subject.

This module is continuously assessed against the milestones set for the process, such as literature reviews or experimental design, assessed against the chapters of the thesis produced to document the results of these activities. The final assessment by an examination panel assesses the final thesis artefact and the researcher's presentation.

This qualification contains no experiential learning components.