You’re looking to understand what to study and master to prepare for the SAQA-registered qualification Advanced Occupational Diploma: Chief Information Officer – Cybersecurity (SAQA ID 121968).
This qualification blends strategic leadership, cybersecurity governance, legal frameworks, and technical system assurance.
Below is a curated list of 100 key learning items, broken down across the Knowledge, Practical Skills, and Work Experience modules as defined in the qualification.
Principles of corporate governance and King IV in IT context
Roles and responsibilities of a Chief Information Officer (CIO)
Cybersecurity governance frameworks (NIST, ISO 27001, COBIT)
Enterprise risk management (ERM) principles
Governance vs management in cybersecurity
Cyber resilience strategies and frameworks
Strategic alignment of cybersecurity with business goals
Leadership principles for cybersecurity teams
Change management in cybersecurity transformation
Stakeholder communication and board reporting
Cybersecurity maturity assessments
Business continuity and disaster recovery governance
Information security policy formulation and enforcement
Ethical leadership and integrity in technology roles
Cyber risk appetite and tolerance setting
Integrating cybersecurity into corporate strategy
Budgeting and financial management for cybersecurity
Legal responsibilities of information custodians
Data governance and protection principles
Performance metrics for cybersecurity programs
Information security fundamentals: CIA triad (Confidentiality, Integrity, Availability)
Threat and vulnerability management
Risk analysis methodologies (OCTAVE, FAIR, ISO 31000)
Cyber defense architecture and layered security
Cryptography fundamentals and encryption protocols
Secure software development lifecycle (SSDLC)
Network security design and segmentation
Cloud security models (IaaS, PaaS, SaaS)
Access control models (RBAC, ABAC, Zero Trust)
Identity and access management (IAM)
Endpoint and mobile device security
Data loss prevention (DLP) techniques
Incident response frameworks (NIST 800-61, SANS)
Security Information and Event Management (SIEM)
Security operations center (SOC) management principles
Business impact analysis (BIA)
Cyber threat intelligence and situational awareness
Emerging technologies: AI, IoT, Blockchain in security
Digital forensics fundamentals
Secure network architecture and design
South African cybersecurity legislation (Cybercrimes Act, POPIA, ECTA)
Compliance management (ISO 27001, GDPR, PCI DSS)
Legal frameworks for digital evidence and forensics
Preparing legal briefs and internal policy documents
Representing cybersecurity cases to executive boards
Managing investigations and liaising with law enforcement
Ethical hacking vs. cybercrime boundaries
Data privacy impact assessments (DPIA)
Drafting internal cybersecurity policies
Communicating legal implications to non-technical leaders
Cyber awareness program design
Training needs analysis for cybersecurity teams
Designing phishing simulation campaigns
Instructional design for cybersecurity education
Developing e-learning materials and workshops
Coaching cybersecurity analysts and managers
Building a cybersecurity culture across departments
Evaluating training effectiveness
Gamification in cybersecurity learning
Creating communication plans for awareness campaigns
Developing cybersecurity strategy documents
Aligning cybersecurity strategy to business goals
Setting KPIs and metrics for cybersecurity performance
Policy gap analysis and benchmarking
Writing strategic roadmaps and implementation plans
Evaluating technology investments
Developing enterprise-wide security policies
Executive decision-making under cyber crisis
Board-level cybersecurity communication
Leading incident response at the executive level
Cross-functional collaboration for security initiatives
Managing vendor and third-party cybersecurity risks
Building high-performance cybersecurity teams
Crisis management and post-breach recovery planning
Leading cybersecurity audits and reviews
Integrating cybersecurity into mergers & acquisitions
Ethical dilemmas and decision-making in leadership
Developing and delivering cybersecurity curricula
Supervising cybersecurity interns or junior staff
Leading workshops and knowledge-sharing sessions
Assessing learner competencies in cybersecurity
Using LMS and learning analytics for improvement
Managing cybersecurity certification programs
Overseeing IT infrastructure and cybersecurity alignment
Evaluating systems security architecture
Managing system lifecycle (design, testing, deployment)
Performing IT audits and compliance reviews
Coordinating with DevOps teams for secure deployment
Managing configuration and change control
Securing communication systems (email, VoIP, messaging)
Managing encryption and key management systems
Implementing secure remote access solutions (VPN, MFA)
Preventing data leakage in communication systems
Managing mobile and endpoint communication policies
Ensuring confidentiality in executive communications
Developing workforce competency frameworks
Forecasting cybersecurity staffing needs
Building succession and career development plans
Designing cybersecurity organizational structures
Evaluating and improving team performance metrics
If you want to self-study or prepare ahead:
Focus on the NIST Cybersecurity Framework, COBIT 2019, and ISO/IEC 27001:2022.
Supplement with executive leadership and governance material (e.g., Harvard Cybersecurity for Managers course).
Review South African Cybercrimes Act (2021) and POPIA deeply.
Practice with CISSP, CISM, or NIST RMF materials — they align strongly with this qualification’s ELOs.
Would you like me to turn this into a 12-month structured study roadmap (with recommended free/paid resources, books, and certifications aligned to these 100 items)
https://cybersecurityinstitute.co.za/talent-accelerator/
Below is a comprehensive 12-month roadmap covering knowledge, practical, and work-based components, aligned to the SAQA qualification structure, international best practices (NIST, ISO 27001, COBIT 2019), and CIO-level leadership outcomes.
Goal: Prepare for the QCTO-aligned CIO (Cybersecurity) qualification and executive readiness.
Duration: 12 months (≈ 10–12 hrs/week)
Outcome: Readiness for assessment + capability to operate as a Chief Information Officer (Cybersecurity).
Focus: Understand global frameworks, leadership role, and governance models.
Study King IV IT governance principles
Read COBIT 2019 Overview Guide
Learn NIST Cybersecurity Framework (Identify–Protect–Detect–Respond–Recover)
Watch: MIT OpenCourseWare – Cybersecurity for Managers
Exercise: Map cybersecurity objectives to business goals in your current or a sample company.
Deliverable: Write a 2-page Cybersecurity Governance Policy Draft.
Focus: Core security frameworks and risk analysis.
Study ISO/IEC 27001:2022 controls (A.5–A.18)
Learn CIA Triad, defense-in-depth, risk management process
Do a risk assessment exercise using ISO 31000
Tools: Risk Register Template + Excel
Deliverable: Complete a Cyber Risk Register and Treatment Plan.
Focus: Threats, vulnerabilities, and intelligence frameworks.
Study MITRE ATT&CK Framework
Read: CISA Cyber Threat Intelligence Guide
Learn about phishing, malware, ransomware, insider threats
Case study: SolarWinds / Equifax breach
Deliverable: Threat intelligence brief to executive audience (2–3 pages).
Focus: South African laws + international compliance.
Study Cybercrimes Act (2021), POPIA, ECT Act, GDPR
Learn compliance mapping between POPIA & GDPR
Practice drafting a Data Privacy Impact Assessment (DPIA)
Course: Coursera – Internet Law and Policy
Deliverable: Legal Compliance Matrix for Cybersecurity in SA.
Focus: Technical principles for CIO oversight.
Learn network security architecture (firewalls, VPN, IDS/IPS, Zero Trust)
Study Cloud Security – AWS Well-Architected Framework (Security Pillar)
Overview: DevSecOps and CI/CD security
Lab: Set up a virtual lab (VirtualBox + Kali Linux + SIEM demo e.g. Splunk Free)
Deliverable: Secure Infrastructure Architecture Plan.
Focus: Crisis management and resilience.
Study NIST SP 800-61 (Computer Security Incident Handling Guide)
Learn BCM & DR Planning (ISO 22301 basics)
Create an Incident Response Plan (IRP)
Exercise: Run a tabletop incident simulation
Deliverable: Incident Response and BCM Policy.
Focus: PM-03 module (Strategic Planning and Policy Development).
Study Strategic Planning Techniques (Balanced Scorecard, SWOT, PESTEL)
Draft a Cybersecurity Strategic Plan (3–5 years)
Learn KPI design for cybersecurity performance
Workshop with stakeholders on policy alignment
Deliverable: Cybersecurity Strategic Plan and Policy Suite.
Focus: PM-04 module (Executive Leadership Practices).
Read: Harvard Business Review – Leading Cybersecurity Change
Learn crisis communication and board reporting skills
Simulate an executive breach briefing
Practice leading cross-functional security reviews
Deliverable: Board Presentation Deck for Cybersecurity Update.
Focus: WM-04 (Cybersecurity Workforce Planning and Development).
Study NIST NICE Framework (job roles and competencies)
Conduct a skills gap analysis for a cybersecurity team
Learn succession and talent development planning
Build career path matrix for cyber roles
Deliverable: Cybersecurity Workforce Development Plan.
Focus: PM-02 (Cyber Training and Education).
Study adult learning principles (Addie Model)
Design cyber awareness campaign (email, video, poster)
Develop training curriculum for non-technical staff
Evaluate training impact (metrics + surveys)
Deliverable: Cyber Awareness Training Plan & Content Outline.
Focus: ELO 2 – Secure IT Systems.
Study System Development Life Cycle (SDLC) + security integration
Conduct system testing and validation against security requirements
Evaluate vendor and third-party security controls
Case study: Cloud migration security assessment
Deliverable: System Security Assurance Report.
Focus: Prepare for QCTO external summative assessment.
Compile Portfolio of Evidence (PoE) including:
All deliverables from previous months
Workplace logs or simulated experience
Certificates of short courses (e.g., CISM/CISSP modules)
Review QCTO assessment guidelines (BANKSETA AQP)
Conduct mock assessment (Q&A and case study review)
Deliverable: Final PoE & Assessment Readiness Checklist.
Category
Resource
Type
Governance
COBIT 2019 Toolkit (Free ISACA resources)
Book / Framework
Cybersecurity Strategy
NIST CSF + ISO 27001
Framework
Legal & Compliance
POPIA Guidelines / Cybercrimes Act
Legislation
Leadership
HBR Guide to Leading Teams in the Digital Age
Book
Risk & Incidents
NIST SP 800-61 / ISO 22301
Standard
Awareness & Training
KnowBe4 Free Awareness Tools
Online tool
Technical Labs
TryHackMe / Immersive Labs / Microsoft Learn Security
Practice Labs
By the end of this roadmap, you will be able to:
✅ Lead cybersecurity governance and policy at enterprise level
✅ Oversee secure ICT system provisioning and assurance
✅ Advise executives on cyber law and risk
✅ Develop and deliver cyber education programs
✅ Prepare portfolio for QCTO external assessment (BANKSETA AQP)