COMPUTER PROFESSIONALS’

REGISTRATION COUNCIL OF
NIGERIA
DIGITAL SKILLS CERTIFICATION AWARD BASED ON
NSQF IN ICT

CERTIFIED CYBERSECURITY ANALYST (LEVEL 3)

DRAFT
1-1-2024
 2

NSQ Certified Cybersecurity Analyst (NSQ Level 3)

GENERAL INFORMATION

Qualification Purpose
This qualification is designed to equip learners with foundational knowledge and practical skills
in cybersecurity, enabling them to identify, mitigate, and respond to cyber threats under
supervision, while preparing them for further professional development in the field.

Qualification Objectives
The learner should be able to:

i. Understand cybersecurity principles.

ii. Understand threat intelligence in cybersecurity.
iii. Understand cybersecurity attacks, threats, and vulnerabilities.
iv. Understand cybersecurity incident response.
v. Understand legislation and ethical conduct within cybersecurity.
vi. Acquire professional skills and behaviour for cybersecurity.

Unit Assessment Requirements:

Assessment must be carried out during training and in a real workplace environment in which
learning and human development is carried out.
Assessment methods to be used include:
1. Question and Answer (QA),

2. Work Product (WP),

3. Assignment (ASS),

4. Examination (EX)
 3

Mandatory Units
Unit Ref. Number NOS Title Credit Learning Remark
No Value Hours
Unit IS/CCA/01/L3 Occupational Health and Safety 2 20 Mandatory
01
Unit IS/CCA/02/L3 Communication in the Work 2 20 Mandatory
02 Environment
Unit IS/CCA/03/L3 Teamwork 2 20 Mandatory
03
Unit IS/CCA/04/L3 Cybersecurity Principles 4 40 Mandatory
04
Unit IS/CCA/05/L3 Threat Intelligence in Cybersecurity 4 40 Mandatory
05
Unit IS/CCA/06/L3 Cybersecurity Testing, 4 40 Mandatory
06 Vulnerabilities and Controls
Unit IS/CCA/07/L3 Cybersecurity Incident Response 4 40 Mandatory
07
Unit IS/CCA/08/L3 Regulations, Standards, Policies and 4 40 Mandatory
08 Configuration Benchmarks
Unit IS/CCA/09/L3 Attack Vectors 4 40 Mandatory
09
Unit IS/CCA/10/L3 Ethical Behaviour in Cybersecurity 3 30 Mandatory
10
33 330
 4

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 01: Health, Safety and Environment

Guided Learning Hours: 20

Unit Purpose:
This unit covers the safe working practices and procedures to be observed when working in an
ICT environment and the statutory requirement, risk assessment procedures and relevant
requirements.

Learning Objective (LO)

LO1 1.1 Dress properly to the work environment.
Understand safety 1.2 Always Work safely, complying with health and
precautions in safety and other relevant regulations and guidelines.
workplace 1.3 Get any cuts, grazes and wounds treated by the
appropriate and qualified person.
1.4 Report illness and infection promptly to the
appropriate persons.
LO2 2.1 Summarise own responsibility under the Health and
Know how to maintain Safety Act as it relates to own occupation
personal health and 2.2 State general rules on hygiene that must be
hygiene followed.
2.3 Explain the importance of maintaining good
personal hygiene.
2.4 Describe how to deal with cuts, grazes and wounds
and why it is important to do so
LO3 3.1 State the importance of working in a healthy, safe
Be able to help maintain a and hygienic workplace.
hygienic, safe and secure 3.2 Promote health, hygiene and safety procedures
workplace. during work.
3.3 Practice emergency procedures during work.
3.4 Ensure that organizational security procedures are
followed.
3.5 Ensure the disposal of waste and pollution control
with organic and inorganic waste disposal methods.
LO4 4.1 Supervise identification of any hazards or potential
Prevent hazards and hazards and deal with these correctly.
maintain safe and 4.2 State where information about health and safety in
secure workplace your workplace can be obtained.
4.3 Describe the type of hazards in the workplace that
may occur and how to deal with them.
4.4 Identify hazards that can be dealt with personally
and those that should be reported to appropriate
personnel.
4.5 Follow organization procedures on how to warn
other people about hazards and why this is important
4.6 State why accidents and near accidents should be
reported to the appropriate personnel.
4.7 Describe the type of emergencies that may happen in
the workplace and how to deal with them.
 5

Learning Objective (LO)

4.8 State where to find the first-aid equipment and
locate the authorized personnel.
4.9 Lift and handle materials in line with work
environment procedure.
4.10 State other ways of working safely that are relevant
to own position responsibility and its importance.
4.11 Describe organizational emergencies procedures, in
particular fire, and how these should be followed.
4.12 State the possible causes for fire in the workplace.
4.13 Describe how to minimize the possibility of fire in
the workplace.
4.14 State where to find the alarms and how to set them
up.
4.15 State why a fire should never be approached unless
it is safe to.
4.17 Describe organizational security procedures and
why these are important
4.18 State the importance of reporting all usual or non-
routine incidents to the appropriate personnel.
 6

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 02: Communication and Interpersonal Skill

Guided Learning Hours: 20

Unit Purpose:
This units seeks to develop the competency of the learner to be able to express oneself fluently in
a well-defined manner understandable to the client with problems to solve and with group of
colleagues.

Learning Objective (LO)

LO1 1.1 Notify client about new systems features to keep them
Communicate with Client up to date.
1.2 Notify client about new systems features to keep them
up to date.
1.3 Communicate with the client about any changes on the
website/application
1.4 Confirm that no request from client is pending.
1.5 Communicate to the team about the market trends to
ensure that they are kept up to date.
LO2 2.1 Check that all team members/peers are in line with the
Communicate with requirements
Peer/Team Members 2.2 Give clear directions to team members/peers to follow
2.3 Check that a proper mechanism is in place to motivate
all team members
2.4 Provide a suitable and comfortable work environment
for peers and team members
2.5 Give report of team members activities
LO3 3.1 Provide a standard operating procedure for
Communicate with communication with the seniors.
Managers 3.2 Follow all instructions given by seniors in each job role.
3.3 Execute all instructions coming from the seniors using
proper mechanism
3.4 Communicate all the emergencies and bugs/updates to
the relevant Managers
 7

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 03: Teamwork

Guided Learning Hours: 20

Unit Purpose:
The purpose for this unit is to impact into the learner the necessary skills, knowledge and
understanding required to develop team spirit and positive working relationship with colleagues.

Learning Objective (LO)

LO1 1.1 Identify the need for developing positive working
Positive working relationship relationship with colleagues
with colleagues 1.2 Recognize the importance of relating with other
people in a way that makes them feel valued and
respected
1.3 Assist team members when required.
1.4 Report to the personnel when request for assistance
fall outside area of responsibility
1.5 Communicate information to colleagues about own
work that might affect others
LO2 2.1 Recognize own role and responsibilities within team
Take responsibility within the 2.2 Perform individual tasks in line with the team rules
team and regulations.
2.3 Participate effectively in teamwork
LO3 3.1 Work in line with organizational standard
Compliance with policy of 3.2 Use organizational code of practice
organisation 3.3 Explain organizational code of conduct
 8

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 04: Cybersecurity Principles

Guided Learning Hours: 40

Unit Purpose:
The learner will gain an understanding of cybersecurity, its consequences and implications.

Unit 04: Cybersecurity Principles

Learning Objective (LO)
LO1 1.1 Describe the concepts of cybersecurity
Understand cybersecurity 1.2 Explain the importance of cybersecurity
1.3 Explain the consequences and implications of
inadequate cybersecurity
1.4 Define core terminologies used in cybersecurity
LO2 Understand 2.1 Explain the terms: good actors and bad actors
Behaviours of Threat Actors 2.2 Describe the behaviours of good actors and bad actors
2.3 Explain the motivations of good actors and bad actors
2.4 Identify key sectors that are most vulnerable to cyber-
attacks
LO3 2.1 Describe the term security by design
Understand security by 2.2 Examine the principles of security by design
design principles 2.3 Show the consequences of not considering security
during design phase
3.4 Describe the advantages and disadvantages of security
by design
 9

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 05: Threat Intelligence in Cybersecurity

Guided Learning Hours: 40

Unit Purpose:
The learner will gain an understanding of threat intelligence, Open-Source Intelligence, and the
importance of using reliable sources of information.

Learning Objective (LO)

LO1 1.1 Identify key concepts of cyber threat intelligence
Understand cyber threat 1.2 Explain the following terms in relation to cybersecurity:
intelligence  Threats
 Exploits
 Vulnerabilities
 Risk
1.3 Describe threat intelligence lifecycle
1.4 Explain emerging attack techniques and how to recognise
them
1.6 Explain the importance of using reliable and valid Open-
Source Intelligence information
1.7 Identify organization’s current threat status
1.8 Recommend countermeasures based on 1.7
LO2 2.1 Describe range of threat models
Understand threat models 2.2 Identify the steps within a threat model
2.3 Evaluate a threat model
LO3 3.1 Identify types of malicious software
Understand malicious 3.2 Describe the effects of different types of malicious
software software on an infected system
3.3 Explain the motives for using specific malicious software
attacks
3.4 Explain how specific malicious software attacks are made
more effective due to human factors
LO4 4.1 Explain the term ‘social engineering’
Know about social 4.2 Show examples of how Open-Source Intelligence can be
engineering used for social engineering
4.3 Demonstrate ways a social engineering attack could take
place
 10

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 06: Cybersecurity Testing, Vulnerabilities and Controls

Guided Learning Hours: 40

Unit Purpose:
The learner will gain an understanding of common types of testing in cybersecurity including
mitigations following testing. They will understand vulnerabilities within cybersecurity and the
steps to be taken when a vulnerability is identified. Learners will also gain knowledge of controls
within cybersecurity and will be able to apply a basic control.

Learning Objective (LO)

LO1 1.1 Explain different types of cybersecurity testing
Understand common types of 1.2 Identify why cybersecurity testing is important
testing in cybersecurity 1.3 Demonstrate types of cybersecurity testing
1.4 Show mitigations following cybersecurity testing
1.5 Demonstrate why it is important to retest following any
changes made
1.6 Display how the outcomes of cybersecurity testing can
be reported
LO2 2.1 Identify cybersecurity vulnerabilities
Be able to reduce or remove 2.2 Demonstrate the steps to be taken when a vulnerability
potential cybersecurity has been identified
vulnerabilities 2.3 Apply the correct response to the vulnerability
2.4 Develop an appropriate communication to mitigate
future vulnerabilities
LO3 3.1 Identify cybersecurity controls
Understand controls in 3.2 Develop a basic cybersecurity framework
cybersecurity 3.3 Evaluate a cybersecurity framework
3.4 Identify how specific malicious software attacks are
made more effective due to human factors
LO4 4.1 Demonstrate how to apply controls
Be able to apply a 4.2 Implement a basic cybersecurity control
cybersecurity control 4.3 Justify the implementation of a chosen cybersecurity
control
4.4 Explain why a control might not be applied
 11

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 07: Cybersecurity Incident Response

Guided Learning Hours: 40

Unit Purpose:
The learner will gain an understanding of a cybersecurity incident response plan and checklist.
They will also cover the knowledge required to be able to develop an incident postmortem report.

Learning Objective (LO)

LO1 1.1 Describe what a cybersecurity incident response
Understand what is meant by a plan is used for
cybersecurity incident response 1.2 Explain when a cybersecurity incident response
plan plan is used
1.3 Describe the stages of a cybersecurity incident
response lifecycle
LO2 2.1 Explain why it is important to maintain an up-to-
Be able to develop a date cybersecurity incident log
cybersecurity incident response 2.2 Explain the steps to be included within a
plan cybersecurity incident response plan
2.3 Explain why it is important to have a cybersecurity
incident response plan
2.4 Develop a cybersecurity incident response plan for
an organisation
LO3 3.1 Explain what is meant by incident postmortem
Be able to develop an incident 3.2 Explain the structure of an incident postmortem
postmortem report 3.3 Consider the importance of the following when
carrying out an incident postmortem:
 Integrity
 Rigour
 Discipline
3.4 Create a postmortem report of an incident
3.5 Reflect upon the report and make recommendations
based on the findings
 12

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 08: Understand Regulations, Standards, Policies and Benchmarks

/Configuration Guides

Guided Learning Hours: 40

Unit Purpose:
The learner will gain an understanding of the legislation surrounding cybersecurity. They will
understand regulations, standards, and frameworks relating to cybersecurity and the importance
of benchmarks/configuration guides within cybersecurity.

Learning Objective (LO)

LO1
Understand regulations and
polices relating to cybersecurity
LO2
Understand information security
standards and frameworks
LO3
Understand the usefulness of
configuration guides
1.1 Explain the importance of regulations and, policies
in cybersecurity
1.2 Demonstrate the understanding of various
regulations in cybersecurity
1.3 Demonstrate the application of different
regulations
1.4 Demonstrate the understanding of different policies
to various aspects in an organization
2.1 Identify ISO standards related to cybersecurity
2.2 Demonstrate the understanding of cybersecurity
frameworks
2.3 Demonstrate how ISO standards are used to
support cybersecurity
2.4 Describe the usefulness of the ISO/IEC 27001
family in cybersecurity
3.1 Explain what benchmarks and configuration guides
are used for
3.2 Demonstrate the understanding of various types of
configurations guides
3.3 Give two examples each of software and hardware
configuration guides content
 13

Certified Cybersecurity Analyst (NSQ Level 3)

Unit 09: Attack Vectors

Guided Learning Hours: 40

Unit Purpose:
Learners will gain an understanding of different types of attack vectors, and the defense
mechanisms to mitigate them.

Learning Objective (LO)

LO1 1. Define attack vectors
Understand Common Attack 1
Vectors 1. Identify different attack vectors
2
1. Describe the methods used in each attack vector
3
1. Explain the potential impacts of each attack vector
4
LO2 2. Identify the impact of attack vectors on data integrity
Analyse the Impact of Attack 1
Vectors on the CIA Triad 2. Evaluate the impact of attack vectors on data
2 confidentiality
2. Assess the effect of attack vectors on data availability
3
LO3 3. Identify common defence mechanisms for attack
Know Countermeasures for 1 vectors
Common Attack Vectors 3. Explain best practices to prevent social engineering
2 attacks
3. Monitor system logs for indicators of attack vectors
3
3. Detect attack cyber security attacks
4
3. Respond to 3.4 by following incident response
5 procedures

Certified Cybersecurity Analyst (NSQ Level 3)
Unit 10: Ethical Behaviour in Cybersecurity
Guided Learning Hours: 30
Unit Purpose:
Learners will gain an understanding of the ethical principles and challenges within the field of
cybersecurity.
Learning Objective (LO)
LO1
Understand ethical theories and
frameworks in the context of
cybersecurity
LO2
Evaluate the legal and social
responsibilities of cybersecurity
professionals
LO3
Promote ethical culture and
awareness within cybersecurity
teams and organizations.
14
1.1 Explain ethical theories in cyber securities
1.2 Analyse cybersecurity cases in the context of ethical
frameworks,
1.3 Identify the ethical issues involved in 1.2
1.4 Explain different ethical approaches in resolving
conflicts in cybersecurity.
1.5 Apply ethical reasoning to make informed decisions
in hypothetical cybersecurity scenarios.
1.6 Justify the approach based on ethical theories.
2.1 Identify laws and regulations that govern ethical
behaviour in cybersecurity
2.2 Explain the ethical implications of data breaches,
cyberattacks, and surveillance on society and
individual privacy
2.3 Explain the role of professional codes of ethics, such
as those from (ISC)², ISACA, or IEEE, in guiding
cybersecurity practices
2.4 Evaluate the social responsibilities of cybersecurity
professionals, including balancing security needs
with the rights of individuals
3.1 Identify and address potential ethical vulnerabilities
within organizational cybersecurity policies and
practices
3.2 Evaluate potential consequences of cybersecurity
actions on stakeholders
3.3 Create a personal code of ethics that reflects both
professional standards and personal values