| Strategy Confront | Descriptiohand examplesoftacticalmeasures The decision-makers concludes that the risk should be addressed because of |
| Reduce | the seriousness of its anticipated impact, the high possibility of its occurrence, and the timeliness of its occurrence. A decision to go with this alternative requires not only the availability of sufficient resources to support any countermeasures, but also the political will to implement drastic countermeasures, as well as a strong belief that the anticipated positive long-term results would eventually outweigh inevitable negative ramifications in the interim period. Common strategies that should be taken into consideration include legal prosecutions, the introduction of new legislation, the issuing of ban orders to departments, the arrest of prominent leaders, confrontations of a military nature, public exposure of foreign agents, and other similar strategies. The policymakers conclude that the risk, even if it is considered to be serious, |
| Contain | the unacceptable cost of potential negative ramifications; or the absence of the political will to introduce drastic countermeasures. Instead, the focus is being placed on playing down the seriousness of the risk (e.g., from high to low risk). The deployment of security forces, the conduct of strategic political intervention, the conduct of talks, and the upgrading of the physical security of sensitive locations are all examples of typical ME techniques that should be considered. This is at best an interim plan, and its goal is to mitigate the negative impacts |
| Avoid | encompassing can be chosen and implemented. It would often be used as an emergency measure in situations in which unexpected risks unexpectedly appear without any warning, and it would typically comprise a mixture of confrontational and reduction approaches, all of which would be carried out under the guidance of contingency planning. The decision-maker in charge of policy concludes that the danger is extremely unlikely to materialize in the short to medium term, but that it is unavoidable in the longer term. |
| Carry | Options that involve confrontation or a downgrade in status are not considered to be viable. As a result, the decision-maker concludes that the only way to steer clear of the risk in its entirety is to make changes to a previously held future vision that are both strategic and preventative in nature. The decision-maker is fully aware of the repercussions of the risk, but he or |
| she nevertheless concludes that it is worthwhile to take the risk and that the risk associated with the risk's continuous presence is offset by the prospect of a bigger opportunity being taken advantage of. A common illustration of this would be the situation in which operations of foreign intelligence are discovered but are permitted to continue since it is believed that they could lead to the discovery of a larger network. |
+
+Source: Researcher’s compilation from various sources
+
+# 6.7.6.1 Implementable Security Policy Architecture
+
+A Security policy is a general declaration of intent that gives direction on what position security plays inside the department (Turianskyi, 2018: 14). Security policy can be classified as a combination of system-specific, issue-specific, and organisational policy, and should be used to:
+
+Identify the departments’ most valued assets; Departments’ vision in relate to security; Summarise the roles of personnel within the department; Describe the role of directorate security within the department; Outline the departments’ contingency plan; and • Outline the departments’ legalities in relate to standard operation procedure.
+
+The Security Manager is responsible for coordination and execution of the STA to clearly define the departments’ threat picture and understand the weaknesses in the existing security measures. When threat and risk sources are clearly defined, the critical assets withing the core business of the department can be clearly identified (Vellani, 2020). The Security Manager should use the intelligence gathered to contribute to the development and communicating of the draft document to the Security Committee. The draft documents for consideration by the Security Committee will be submitted in the normal course at least four working days prior to the meeting date. This will enable the members to study the documentation and allow adequate opportunity for both formal and informal discussions.
+
+Each member should be allowed to play a full and constructive role in the affairs of the Security committee and shall be furnished with all relevant information/details before making any decision. Members shall conduct themselves in a befitting manner and show respect to one another. Decisions taken by the Committee are binding and can only be changed by the HOD.
+
+• Which are the departments’ processes of anticipating and analysing the probabilities of loss and damage to State property?
+• What are current layers of security measures?
+• What solutions should be implemented to address the correct implementation of security threat assessment?
+
+The security policy covers the following seven elements of the security programme of the department:
+
+Security organisation;
+Security administration;
+Information security;
+
+• Physical security; Personnel security; ICT security; and BCP.
+
+The security policy should include protection of the following:
+
+• Confidentiality: Ensuring that information and systems are accessible only to authorised users;
+• Integrity: Safeguarding the accuracy and completeness of information processing methods; and
+• Availability: Ensuring that authorised users have access to information and systems when required
+
+# 6.7.6.2 Requirements for a Security Policy
+
+The proposed security policy should entail the following:
+
+• It should be a clearly defined document that encompasses the Minimum Physical Security Standards;
+• It should cover all aspects of physical security and provide for different levels of physical security grading;
+• It should set out the obligations of the different role players about the implementation of the policy;
+• The policy should clearly give a direct guide to all personnel and relevant contractors and consultants of the department/institution to adhere / comply with the Minimum Physical Security Standards;
+• The policy should clearly specify that failure by an employee to comply with the policy and the Minimum Physical Security Standards constitutes serious misconduct and those disciplinary measures should be taken against such a person; and
+• Security Manager should develop operating standards to ensure that they achieve operational objectives.
+
+In order to successfully execute the STA, security managers need to place a key emphasis not only on the core and legislative responsibilities of the department, but also on the efficiency of the physical security measures currently in place and information security (Troy, 2020: 17). If the legislative mission of the department is understood and well-known, the security component of the department will be able to detect potential security risks that may affect the department. After a threat or risk has been discovered, a risk mitigation strategy can be effectively put into place to eliminate or avoid the threat or risk, as well as any potential hazards that have been identified.
+
+The creation of security rules and procedures occurs once the STA has been effectively implemented (Vellani, 2020). Before the HOD gives his or her blessing, check to see that the backing of the security policy comes from the labour unions. The security policy and procedures should cover not only the physical security measures but also the information security measures, the information technology security measures, the communication security measures, the personnel security vetting measures, and the personnel suitability checks (screening) measures.
+
+After consulting with all of the stakeholders and the security committee, the security manager should make sure that the policy is written in accordance with the guidelines provided by the MISS document, and that it refers to other policies, procedures, and plans that are related to the primary mandate of the department (South Africa, 2017). This should be done after ensuring that the policy is written in accordance with the guidelines provided by National Legislation. Following the completion of all of the consultations, the draft policy will be sent to the SSA for their consideration and approval. After the SSA has provided its approval of the draft policy, it should then sent to the head of the department for final approval (South Africa, 2017). After receiving approval from the HOD, the policy will then be disseminated to all of the departments’ business units, as well as contractors and other stakeholders, through awareness programmes, an intranet internal website, and by making it accessible to all workers. Subsequently, the security policy would then be put into effect.
+
+# 6.8 VALUE/ CONTRIBUTION OF THE STUDY
+
+The results of the research will contribute towards bridging the gap between welldeveloped security frameworks on the one hand, and a lack of implementation in South African government departments, on the other (Wagner et al., 2012; Yin, 2018: 11-12). The findings have revealed the nature and scope of issues encountered by security personnel responsible for implementing the security threat assessment and other risk control procedures. The research shows that departments that adhere to the methods outlined in this thesis, performed effective security threat assessment and saw considerable reductions in vulnerabilities. In that regard, this study and its results contribute to new knowledge and builds excellent practices to give effective and implementable guidelines and procedures for the STA at all levels of government. Furthermore, the information gathered from this study will help security professionals and senior management understand their critical role in supporting security policies and procedures.
+
+The research emphasises the need of understanding the departments' core business in order to identify critical asserts that seek to be protected. This will add value to security management and security committees, including the development of policies and standard operating procedures are developed, as well as appointment of skilled security managers. The findings reveal further that executive management should be actively involved in assessing emerging threats and providing effective security risk control procedures in order to improve current protection mechanism and charting new avenues for research.
+
+It is envisaged that the study will contribute meaningfully to learners who are studying towards security-related qualifications, as well as to the academic community once the research has been disseminated through the University of South Africa’s internet library system.
+
+# 6.9 POSSIBLE LIMITATIONS OF THE STUDY
+
+Although generalisability is not necessarily the particular focus of qualitative studies (Anderson & Poole, 2014: 13; Gupta & Awasthy, 2015: 28), the current study’s findings could possibly be limited by the non-involvement of more security stakeholders in other national governmental departments. However, there were key government departments in Gauteng Province that were reluctant to participate in the research, which impacted on the possible generalisability of the findings and therefore reflect a limitation of the research.
+
+# 6.10 CONCLUSION
+
+Threat assessment represents one part of a comprehensive approach to prevention and securing the safety of government departments, to positively assist the personnel and clients, where a good platform is created to report matters concerning security of the people, assets, and information. Because it is in South Africa's national interest to protect its departments, the SSA is legally mandated to gather, collate, and analyse intelligence, as well as provide advice and vetting services, to protect these departments from threats to national security. Terrorism, espionage, the proliferation of weapons of mass destruction, organised crime, and social instability are examples of such threats, as they are threats arising from inherent vulnerabilities within these departments. vulnerabilities in their physical security arrangements, personnel security, information technology security, or the integrity of their business processes.
+
+Government departments retain independent responsibility for managing security and non-security related business threats and vulnerabilities. If these vulnerabilities and threats are likely to have an impact on the national interest, and thus on national security, they fall under the SSA's offensive and defensive mandate. All these departments have their specific valuable assets that should be safeguarded for national security reasons. These areas are commonly referred to as the department's key assets, and they include its personnel, information, IT, and communication systems, as well as the department's reputation and ability to perform those critical business functions for South Africa's national interest and national security.
+
+# REFERENCES
+
+Abedian, I. 2004. Balancing the nation’s books: in Parsons, R., Abedian, I., DuToit, P., Dykes, D., Friedman, S., Kantor, B., Mnyanda, L., Roux, A & Steyn, G. Manual, markets and money double story books, Cape Town: Juta.
+
+Accenture. 2019. Insight into the cyber landscape in South Africa. Available from: https://www.accenture.com/_acnmedia/PDF-125/Accenture-Insight-Into-TheThreat-Landscape-Of-South-Africa-V5.pdf (Accessed: 18 February 2022).
+Adams, W. 2015. Handbook of practical program evaluation: Conducting semistructured interviews. Washington, D.C: George Washington University
+Adetiba, T.C. 2017. Regional and economic security: A driver for South African National Security? Journal of African Union Studies (JoAUS), 6(2): 199-223.
+Africa, S. 2009. The South African intelligence services: A historical perspective', In: Changing intelligence dynamics in Africa. eds. S. Africa & J. Kwadjo, (GFN-SSR)/ (ASSN). England: Birmingham.
+African Union Convention. 2014. Convention on cyber-security and personal data protection Retrieved from: https://au.int/sites/default/files/treaties/29560-treaty0048__african_union_convention_on_cyber_security_and_personal_data_prote ction_e.pdf (Accessed 6 June 2020)
+Ali, M. 2021. Occupational health and safety Act, 1993 (Act 85 of 1993) and Occupational health and safety bill (2020). Retrieved from: https://www.linkedin.com/pulse/occupational-health-safety-act-1993-85-bill-2020- muhammad-ali/ (Accessed: 12 May 2021).
+Allen, G. 2016. Introduction to the department of homeland security. Risk analysis and management for critical asset protection. Butterworth Heinemann: Elsevier Inc.
+Alshboul, A. 2010. Information systems security measures and countermeasures: Protecting organisational assets from malicious attacks. Chicago: Argosy University.
+Alshoubaki, W & Harris, M. 2022. Striving for protection: Whistleblowers in Jordan. New York: SAGE Open. https://doi.org/10.1177/21582440221095023
+Alvi, M.H. 2016. A manual for selecting sampling techniques in research. Munich personal ePEcArchive: Paper No1, 70218. UTC Retrieved from: https://mpra.ub.uni-muenchen.de/70218/1/MPRA (Accessed on 15 June 2021}
+Ameer-Mia, F. & Shacksnovis, L. 2019. Cybercrimes Bill – A positive step towards the regulation of cybercrimes in South Africa Technology and Sourcing 13(4): 137. Retrieved from: https://www.cliffedekkerhofmeyr.com/en/news/publications/2019/ (Accessed on 13 February 2021)
+Amundrud, O., Aven, T. & Flage-First, R. 2017. How the definition of security risk can be made compatible with safety definitions. Sage Journals. https://doi.org/10.1177/1748006X17699145
+Andales, J. 2022. Risk assessment: Identify, analyze, and mitigate potential hazards and the risks associated with it. Safety Culture. Retrieved from: https://safetyculture.com/topics/risk-assessment/ (Accessed on: 02 April)
+
+Anderson, C. 2010. Presenting and evaluating qualitative research. American Journal of Pharmaceutical Education, 74(8): 141. https://doi.org/10.5688/aj7408141
+
+Anderson, V. 2014. Research methods in human resource management: Investigating a business issue. $3^{\mathsf{r d}}$ ed. London: CIPD House.
+
+Anderson, J. & Poole, M. 2014. Assignment & thesis writing. South African edition. Cape Town: Juta.
+Antinyan, V, Staron, M, Sandberg, A. & Hansson, J. 2016. "A complexity measure for textual requirements", 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA).
+Ary, D., Cheser-Jacobs, L., Sorensen Irvine, C.K. & Walker, D.A. 2019. Introduction to research in education, $10^{\mathfrak{t h}}$ ed. Boston: Cangage.
+Asiaman, N., Mensah, H.K. & Oteng-Abayie, E.F. 2017. General, target and accessible population: Demystifying the concepts for effective sampling. The Qualitative Report, 22(6): 1607-1621.
+Association of Certified Fraud Examiners. 2014. Financial illicit transaction, law, prevention and deterrence and investigation. The Gregor Building. 176 West Avenue, United States of America: Elsevier. Retrieved from: https://www.acfe.com/-/media/files/acfe/pdfs/2014-report-to-nations.ashx (Accessed on 15 June 2021).
+Aurini, J.D., Heath, M. & Howells, S. 2016. The ‘how to’ of qualitative research. London: Sage.
+Aven, T. 2010. On the need for restricting the probabilistic analysis in risk assessments to variability, Risk Analysis. 30(3): 354-360.
+Aven, T. 2015. Risk assessment and risk management: Review of recent advances on their foundation. Ullanhaug: University of Stavanger.
+Azad, T.B. 2008. Securing citrix presentation server in the enterprise. New York: Elsevier Science.
+Azhar, C. 2010. Counter-terrorism and international cooperation against terrorism — An elusive goal: A South African Perspective. South African Journal on Human Rights, 26(35): 10-535, https://doi.org/10.1080/19962126.2010.11864998
+Babbie, E. 2017. The basics of social research. 7th ed. USA: Cengage Learning.
+Badenhorst, C. 2014. Research writing. Breaking the barriers. Pretoria: Van Schaik.
+Bak, N. 2013. Completing your thesis: A practical guide. Pretoria: Van Schaik.
+Basdeo, V. 2017. Criminal and procedural legal challenges of identity theft in the cyber and information age. SAJCJ 30: 363
+Bayne, J. 2020. An overview of threat and risk assessment. Maryland: SANS
+Beresford, A. 2015. Power, patronage, and gatekeeper politics in South Africa. African Affairs, 114(455): 226-248.
+
+Berg, J. & Gabi, V. 2011. Regulating private security in South Africa context, challenges and recommendations. Pretoria: African Policing Civilian Oversight Forum.
+
+Bertram, C. & Christiansen, I. 2014. Understanding research: An introduction to reading research. Pretoria: Van Schaik.
+Bickley, S. 2017. Security risk management: A basic guide for smaller NGOs. England: European Interagency Security Forum (EISF).
+Bishop, M. 2003. What is computer security? IEEE Security & Privacy Magazine IEEE Secure, 99(1): 67-69.
+Black, I.S. 2010. Defensive tactics and officer safety: The professional protection officer. New York: Elsevier
+Blackwell, A.F., Church, L. & Green, T. 2008. The abstract is ’an enemy’. In Proc. psychology of programming interest group (PPIG). Oxford: ButterworthHeinemann.
+Blanchard, D.C., Griebel, B. & Blanchardc, R.J. 2010. Risk assessment as an evolved threat detection and analysis process. Monoa: Elsevier Ltd.
+Bless, C., Higson-Smith, C. & Sithole, S.L. 2014. Fundamentals of social research methods: An African perspective. $5^{\mathrm{th}}$ edition. Cape Town: Juta.
+Bordens, K.S. & Abbott, B.B. 2014. Research design and methods: A process approach. 9th ed. New York: Mc Graw Hill.
+Botha, M.M. & Van Heerden, C.M. 2014. The Protected Disclosures Act 26 of 2000, the Companies Act 71 of 2008 and the Competition Act 89 of 1998 with regard to blowing protection: Is there a link? Tydskrifvir die Suid-Afrikaanse Reg, 2014(2): 337-358.
+Botha, R. & Visser, J. 2012. Forceful arrests: An overview of Section 49 of the Criminal Procedure Act 51 of 1977 and its recent amendments. Potchefstroom Electronic Law Journal (PELJ), 15(2): 01-36
+Broder, J.F. & Tucker, E. 2012. Risk analysis and the security survey. $4^{t h}$ ed. Oxford: Butterworth-Heinemann
+Brotby, W.K. 2008. Information security governance: Guidance for information security managers. Rolling Meadows: T Governance Institute.
+Bryman, A. 2012. Social research methods. Oxford: Oxford University Press.
+Burchell, J. 2006. Deadly force and fugitive justice in the balance: The old and the new face of Section 49 of the Criminal Procedure Act. South African Journal of Criminal Justice, 13(2): 200 – 213.
+Burgess, C. 2018. Do cybercriminals ever get extradited? Retrieved from: https://securityboulevard.com/2018/04/do-cybercriminals-ever-get-extradited (Accessed 14 September 2020)
+Business Insider SA. 2020. Hackers on the dark web love South Africa - here’s why we suffer 577 attacks per hour Retrieved from:
+
+https://www.businessinsider.co.za/sa-third-highest-number-of-cybercrimevictims-2020-6 (Accessed on 05 June 2020
+
+Campbell-Young, S. 2016. Ineffective security the result of ineffective allocation of resources. Midrand: Phoenix Distribution.
+
+Cawthra, G. 2019. The death of security sector reform, the South African exemplar revisited. Conflict, Security & Development, 19(2): 223-235 https://doi.org/10.1080/14678802.2019.1570723
+Cepik, M. & Ambros, C. 2014. Intelligence, crisis, and democracy: Institutional punctuations in Brazil, Colombia, South Africa and India. Intelligence and National Security, 29(4): 523-551.
+Chou, T.S. 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3): 79.
+Cilliers, J. 2021. South Africa’s security sector in crisis-Reform must start now. New 24. Retrieved from: https://www.news24.com/news24/analysis/analysis-jakkiecilliers-south-africas-security-sector-is-in-crisis-reform-must-start-now-20210721 (Accessed: 19 February 2022).
+Clough, J. 2014. A world of difference: The Budapest Convention on cybercrime and the challenges of harmonisation. Australia: Monash University
+Cockerham, W.C. 2016. International encyclopaedia of public health. 2nd ed. United States of America: Elsevier.
+Community Emergency Response Team (CERT). 2014. High operating standards and professionalism. Retrieved from: https://www.certsa.org/ (Accessed on 20 February 2021)
+Corbin, J. & Strauss, A. 2015. Basics of qualitative research: Techniques and procedures for developing grounded theory. Los Angeles: SAGE.
+Council of Europe. 2001. Explanatory report to the convention on cybercrime. European Treaty Series No 185. Retrieved from: https://rm.coe.int/16800cce5b. (Accessed on 04 May 2021).
+Creswell, J.W. 2014. Research design: International student edition. 4th ed. Washington, DC: Sage.
+Crossman, A. 2019. What is participant observation research? Understanding an important qualitative research method. California: Science Tech Math.
+Crouch, M. & McKenzie, H. 2006. The logic of small samples. In: Interview-based qualitative research. Social Science Information, 45 (4): 18.
+Dalziel, H. 2015. Infosec management fundamental. 1st ed. Rockland: Syngress Publishing
+Daniel, J. 2012. Sampling essentials: Practical guidelines for making sampling choices. Los Angeles: SAGE.
+David, L. & Brydon-Miller, M. 2014. The safe encyclopaedia of action research. Thousand Oaks, CA: Sage Publishing.
+De Vaus, D. 2013. Research design in social research. Los Angeles: SAGE.
+
+Defence Science and Technology Organisation. 2010. Technical risk assessment handbook. Version 1.1. Canberra: Fairbairn Business Park Department of Defence.
+
+Denscombe, M. 2014. Research proposals: A practical guide. Berkshire: Open University Press.
+Department of International Relations and Cooperation. 2015. Revised strategic plan: 2015-2020. Pretoria: DIRCO.
+Department of Public Service and Administration/ DPSA. 2016. Public Service Regulations 2016 – Part 1: Pretoria: DPSA.
+Department of Water Affairs and Forestry. 2021. Implications of Recent Legislation (Other Than National Water Act) on Information Requirements. Retrieved from: https://www.dws.gov.za/iwqs/wrmais/mais1/appendix5.htm (Accessed 20 February 2022)
+Dhillon, G. 2006. Principles of information systems security: Texts and cases. $1^{\mathsf{S t}}$ ed. Hoboken, New Jersey: Wiley Publishing.
+Diphoko, W. 2021. South African government entities hit by cyber attacks and services affected. Pretoria: ILO. Retrieved from: https://www.iol.co.za/technology/sagovernment-entities-hit-by-cyber-attacks-and-services-affected-6527c606-4667- 4e0c-a162-16f8bc5b2f5a (Accessed: 20 February 2022).
+Dlomo, T.D. 2004. ‘An analysis of parliamentary intelligence oversight in South Africa with specific reference to the joint standing committee on intelligence’. Published Master’s Dissertation. Pretoria: University of Pretoria.
+Douglas, T. 2018. Phishing, malware, ransomware among top public-sector threats, reports find. Retrieved from: http://www.govtech.com/pcio/articles/PhishingMalware-Ransomware-Among-Top-Public-Sector-Threats-Reports-Find.html. (Accessed: 20 February 2022)
+Du Toit, D.F.P., Knipe, A., Van Niekerk, D., Van der Waldt, G. & Doyle, M. 2002. Service excellence in governance. Sandown: Heinemann.
+Dudovskiy, J. 2018. The ultimate guide to writing a dissertation in business studies: A step-by-step assistance. Retrieved from: http://research-methodology.net/aboutus/ebook/ (Accessed on 01 June 2021).
+Duff, A. 2010. Can an employer dismiss due to facebook? Packaging Review South Africa, 36(2): 1-15
+Dunn, D.S. 2013. The practical researcher. $3^{r d}$ ed. New York: Wiley.
+Durrheim, K. & Painter, D. 2016. Research in practice: Applied methods for the social sciences. 2nd ed. Cape Town: Juta.
+Dyer, L. & Bowmans, C.K. 2021. Digital business in South Africa: Overview. Thompson Reuters practical law. Retrieved from: https://uk.practicallaw.thomsonreuters.com/w-007-8319?TransitionType $\c=$ Default & contextData=(sc.Default)&firstPage=true. (Accessed on 13 March 2020).
+Efron, S.E. & Ravid, R. 2019. Writing literature review: A practical guide. New York: Guilford Publication Incl.
+
+Elo, S., Kaariainen, M., Kanste, O., Polkki, T., Utriainen, K. & Kyngas, H. 2014. Qualitative content analysis: A focus on trustworthiness. Journal of Advanced Nursing, Science-Sage. https://doi.org/10.1177/2158244014522633
+
+Fay, J.J. & Patterson, D. 2018. Contemporary security management. 4th ed. Butterworth: Elsevier Inc.
+
+Flick, U. 2020. An introduction to qualitative research. ${5^{t h}}$ ed. London: Sage.
+Fruhlinger, J. 2019. What is phishing? How this cyber attack works and how to prevent it. Available from: https://www.csoonline.com/article/2117843/what-is-phishing? (Accessed: 20 February 2022).
+Garaba, F. 2012. Public domain management of liberation movement heritage records in Eastern and Southern Africa. African Journal Library, Archive, and Information Science, 22(2): 33-142.
+Garcia, M.L. 2006. Vulnerability assessment of physical protection systems. Oxford: Butterworth-Heinemann.
+Garg, R. 2020. Geeks for geeks: What is information security. Noida: Uttar Pradesh.
+Gercke, M. 2014. Understanding cybercrime: Phenomena, challenges and legal response. Retrieved from: https://www.itu.int/en/ITUD/Cybersecurity/Pages/legislation.aspx. (Accessed on 01 June 2021)
+Govender, D. 2018. Management security information: Incidents, threats & vulnerabilities. Pretoria: UNISA Press.
+Govender, D., Sewpersad, S. & Mahambane, M.A. 2015. Security science programme: corporate investigation II. Pretoria: University of South Africa.
+Government of Canada. 2016. Our Security, our rights: National security green paper. Ottawa: Government of Canada.
+Grama, J. 2011. Legal issues in information security. Sudbury, MA: Jones & Bartlett Learning.
+Gravetter, F.J. & Forzano, L.B. 2010. Research methods for the behavioral sciences. $6^{t h}$ ed. Belmont, CA: Wadsworth.
+Greenleaf, G. 2013. Sheherezade and the 101 Data privacy laws: Origins, significance and global trajectories. Journal of Law, Information & Science, 40. Retrieved from: http://ssrn.com/abstract=2280877. (Accessed on 20 August 2021)
+Gritzalis, D., Iseppi, G., Mylonas, A. & Stavrou, V. 2018. Exiting the risk assessment maze: A meta-survey. ACM Comput. Surv, 51, 1–30.
+Gruyter, D.E. 2021. Project risk management: Risk-based security engineering. Berlin: Deutsche National bibliothek.
+Guest, G., Namey, E.E. & Mitchell, M.L. 2013. Collecting qualitative data. Los Angeles: SAGE.
+Gumedze, S. 2008. Regulating the private security industry in South Africa. Social Justice, 34(3): 109-110.
+Gutwirth, S., Leene, R., De Hert, P. & Poulett, Y. 2012. European data protection: In good health. London, New York: Springer Verlang Publishers.
+
+Hammond, M. & Wellington, J.J. 2013. Research methods: The key concepts. New York: Routledge.
+
+Hansson, S.O. Aven T. 2014. Is risk analysis scientific? A model for linking the various stages in the risk informed decision-making. New York: John Wiley & Sons, Inc.
+
+Harbach, M., Hettig, M., Weber. & Smith, M. 2014. Using personal examples to improve risk communication for security and privacy decisions. Hannover: Leibniz University Hannover.
+Haven, T.L. & Van Grootel, L. 2019. Preregistering qualitative research. Accountability in research. Policies and quality assurance, 32(26): 229–244.
+Hayes, J. & Drury, M. 2019. Cybersecurity in United Kingdom Lexology. Oxford: University of Oxford
+Henning, E., Gravett, S. & Van Rensburg, W. 2013. Finding your way in academic writing. $2^{\mathsf{n d}}$ ed. Pretoria: Van Schaik.
+Henning, J.J. 2014. Some manifestations of the statutory recognition of a partnership as an entity. Journal for Juridical Science 39(2): 53-66.
+Hennink, M., Hutter, I. & Bailey, A. 2020. Qualitative research methods, $2^{\mathsf{n d}}$ ed. London: Sage.
+Hlengwa, M. 2019. State security agency on vetting of officials. Research unit on audit outcomes, with minister. Cape Town: Parliamentary Monitoring Group.
+Hlongwane, S. 2013. Securitisation of South Africa. Why should we be afraid? Daily Maverick. Retrieved from: https://www.dailymaverick.co.za/article/2013-02-18- the-security-state-of-south-africa-why-you-should-be-afraid-very-afraid/. (Accessed on 15 May 2020)
+Hull, J.C. 2018. Risk management and financial institutions. $5^{\mathrm{{th}}}$ ed. New Jersey: John Wiley & Sons, Inc., Hoboken.
+Hutton, S. 2017. Why phishing attacks are increasingly targeting the public sector (and what you can do about it). Retrieved from: https://gcn.com/articles/2017/10/20/email-security-phishing.aspx (Accessed: 20 February 2022).
+Imperva. 2021. Vulnerability assessment. California: Application security. Retrieved from: https://www.imperva.com/learn/application-security/vulnerabilityassessment. (Accessed on 23 June 2022)
+Isa, M. 2020. SA suffers as cybercrime rises globally. Fin24. Retrieved from: https://www.news24.com/fin24/Finweek/Business-and-economy/sa-suffers-ascybercrime-rises-globally-20200106 (Accessed: 31 March 2022).
+Isnaini, K.N. & Solikhatin, S.A. 2020. Information security analysis on physical security in university x using maturity model. Journal Informatika, 14(2): 76-84.
+Jagatic, T.N., Johnson, N.A., Jakobsson, M. & Menczer, F. 2007. Social phishing. Communications of the ACM, 50(10): 94-100.
+Johansen, I.L. & Rausand, M. 2014. Foundations and choice of risk metrics. Safety Science, 62: 386–399.
+
+John, M. & White, J.M. 2014. Security risk assessment: Managing physical and operational security. London: Elsevier.
+
+Kabanda, S.K., Brown, I., Nyamakura, V. & Keshav, J. 2010. South African banks and their online privacy policy statements: A content analysis', SA Journal of Information Management 12(1): 1-7 https://doi.org/10.4102/sajim.v12i1.418
+
+Katsikas, S.K. 2013. Computer and information security handbook: Risk management. $3^{r d}$ ed. London: Elsevier.
+Kavis, M.J. 2014. Architecting the cloud: Design decisions for cloud computing service models (SaaS, PaaS, and IaaS). New Jersey: John Wiley & Sons.
+Khumalo, N.B., Bhebhe, S. & Mosweu, O. 2016. A comparative study of freedom of information legislation in Botswana, South Africa and Zimbabwe. Mousaion, 34(4): 108-131.
+Knoesen, A.L. 2012. ‘The use of physical surveillance in forensic investigation’. Published Master’s Dissertation. Pretoria: University of South Africa.
+Kumar, R. 2019. Research methodology: A step-by-step guide for beginners. 5th edition. Los Angeles: SAGE.
+Kuzminykh, I & Carlsson, A. 2018. Analysis of assets for threat risk model in avataroriented iot architecture. In internet of things, smart spaces, and next generation networks and systems; Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y., Eds.; Springer: Cham, Switzerland, (11)118: 52–63.
+Kuzminykh, I., Ghita, B., Sokolov, V. & Bakhshi, T. 2021. Information security risk assessment. Encyclopedia, 1: 602–617.
+Lanier, M.M. & Briggs, L.T. 2014. Research method in criminal justice and criminology. A mixed methods approach. New York: Madison Avenue.
+Lee, M.C. 2014. Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. Int. J. Comp. Sci. Inf. Tech. 6: 29–45.
+Leedy, P.D. & Ormrod, J.E. 2014. Practical research planning and design: Pearson New International edition. $10^{\mathrm{th}}$ ed. USA: Pearson.
+Lemke, F. & Petersen, H.L. 2013. Teaching reputational risk management in the supply chain. Bingley: Emerald Group Publishing Limited.
+Lohrmann, D. 2021. Data breach numbers, costs and impacts all rise in 2021. Government Technology. Retrieved from: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/data-breachnumbers-costs-and-impacts-all-rise-in-2021 (Accessed on 02 April 2020)
+Luo, X. 2017. Awareness education as the key to ransomware prevention. Information Systems Security, 16: 195-202.
+Mabasa, H.M. & Olutola, A.A. 2021. The structure of South African police: Towards a single police service. Cogent Social Sciences, 7(1): 2-13.
+Mahlatsi, L.W. 2019. ‘An exploration of the chasm in the protection of classified information in South African government departments’. Published Master’s Dissertation. Pretoria: UNISA.
+Maillart, J.B. 2014. The limits of subjective territorial jurisdiction in the context of cybercrime. ERA Forum 375.
+Majid, U. 2018. Research fundamentals: Study design, population, and sample size. URNCST Journal. 32(1):1-7.
+Mandell, A. 2013. Security risk assessment info. Pretoria: Alwinco.
+Maree, K. 2007. First steps in research. Durban: Van Schaik.
+Marshall, C. & Rossman, G.B. 2016. Designing qualitative research. $6^{t h}$ ed. London: Sage.
+Masse, T., O’Neil, S. & Rollins, J. 2007. The department of homeland security’s risk assessment methodology: Evolution, issues, and options for congress. Austin: Congressional Research Service.
+Matzopoulos, R., Simonetti, J., Prinsloo, M., Neethling, I., Groenewald, P., Dempers, J., Martin, L.J., Rowhani-Rahbar, A., Myers, J.E. & Thompson, M.L. 2018. A retrospective time trend study of firearm and non-firearm homicide in Cape Town from 1994 to 2013. Cape Town: South African Medical Journal, 108(3): 197-204
+Maude, S.M. 2007. Public Finance Management Act, 1 of 1999 – A compliance strategy. Pretoria: University of South Africa.
+Maxwell, J.A. 2013. Qualitative research design: An interactive approach. $3^{\mathsf{r d}}$ ed. California: SAGE Publications.
+May, T. 2011. Social research: Issues, methods and process. $4^{t h}$ ed. England: Open University Press.
+Mbanaso, M. 2021. Cyber risk management. Swindon: Link Centre.
+Mbowe, J.E., Zlotnikova, I., Msanjila, S.S. & Oreku, G.S. 2014. A conceptual framework for threat assessment based on organisation’s information security policy. Journal of Information Security, 5: 166-177.
+Mbuvi, D. 2011. African states urged to ratify Budapest cybercrime convention. London: SAGE Publications.
+McDowell, W.H. 2013. Historical research: A guide. New York: Routledge.
+Mdluli, B.D. 2011. Fundamentals of security vetting in a democratic South Africa. Cape Town: JM Productions.
+Merriam, S. B. & Tisdell, E.J. 2016. Qualitative research: A guide to design and implementation, 4th ed. San Francisco: Wiley.
+Mills, R.F., Grimaila, M.R., Peterson, G.J. & Butts, J.W. 2011. A scenario-based approach to mitigating the insider threat. Dayton: ISSA.
+Moagi, N.J. 2009. Evaluating compliance of Public Finance Management Act by the Department of Labour in Limpopo Province. Polokwane: University of Limpopo.
+Mohlabeng, T. 2020. Undocumented immigrants pose a threat to SA’s national ILO. Retrieved
+
+security. from: https://www.iol.co.za/the-star/opinionanalysis/opinion-undocumented-immigrants-pose-threat-to-sas-national-securityda0de0eb-5fc0-463c-9ecb-254aa0ce5401 (Accessed: 18 February 2022).
+
+Monzon, L. 2021. SA data breach costs reached record highs during pandemic – IBM. IT News Africa. Retrieved from: https://www.itnewsafrica.com/2021/08/sa-databreach-costs-reached-record-highs-during-pandemic-ibm/ (Accessed on 02 April 2022)
+
+Mouton, J. 2014. Understanding social research. Pretoria: Van Schaik.
+Murphy, D. & Randall, W.F. 2016. Workplace safety: Establishing an effective violence prevention program. Butterworth: Elsevier Inc.
+NASP School Safety and Crisis Response Committee. 2014. Threat assessment for school administrators and crisis teams. Bethesda, MD: National Association of School Psychologists.
+Nathan, L. 2009a. Intelligence in South Africa: Spies threaten democracy. The World Today, 8/9(65): 26-28.
+Nathan, L. 2009b. Lighting up the intelligence community: An agenda for intelligence reform in South Africa. African Security Review, 18(1): 91-104.
+Nathan, L. 2012. A critique of the general intelligence law amendment. Retrieved from: http://www.politicsweb.co.za. (Accessed on: 5 May 2022).
+National Crime Registrar. 2020. Crime must fall: Functionality of crime information management and analysis centre at station level. Retrieved from: https://www.saps.gov.za/resource_centre/publications/brig_manamela_assessm ent_functionality_of_CIMAC_at_station_level.pdf (Accessed on 17 August 2021).
+National Terrorism Advisory Committee. 2014. National terrorism advisory system. Retrieved from: https://www.dhs.gov/national-terrorism-advisory-system
+Nayab, N. 2020. How to determine validity in qualitative research. Project management methods and ideologies. USA: Bright Hub PM.
+Netshakhuma, N.S. 2019. The role of archives and records management legislation after colonialism in Africa case of Southern Africa. Records Management Journal, https:// doi.org/10.1108/RMJ-09-2018-0024
+Nkuna, J.T. 2020. ‘An exploration of vetting investigation in the South African Police Service. MA Dissertation’. Pretoria: UNISA.
+Nkwana, M. & Govender, D. 2017. Protection of security information in government departments: A South African case study. Acta Criminologica: African Journal of Criminology & Victimology, 35(5): 1-20.
+Nkwana, M.J. 2015. ‘Protection of security information within the government departments of South Africa’. Published Master’s Dissertation. Pretoria: UNISA.
+Nobanee, H., Alhajjar, M., Abushairah, G. & Al Harbi, S. 2021. Reputational risk and sustainability: A bibliometric analysis of relevant Literature. Basel: MDPI.
+Noble, H. & Heale, R. 2019. Triangulation in research, with examples. Belfast: Evidence Based Nursing.
+Nyanchama, M. 2005. Enterprise vulnerability management and its role in information security management. Information Systems Security, (14): 29-56.
+
+Odendal, N. 2021. Cable theft and vandalism costing economy R187 billion. Engineering news. Retrieved from: https://www.engineeringnews.co.za/article/cable-theft-and-vandalism-costingeconomy-r187bn-2021-07-26/rep_id:4136. (Accessed on 5 May 2022).
+
+Onwubiko, C. & Lenaghan, A.P. 2007. Managing security threats and vulnerabilities for small to medium enterprises. New York: Institute of Electrical and Electronics Engineers (IEEE) Publishing.
+Palmer, D. 2016. Government is hit by 9,000 security breaches a year-but reporting them remains chaotic. Britain: Z.D Net.
+Patel, D.A. & Bharadwaj, S. 2020. Budapest convention on cyber-crime, 2020. Retrieved from: https://studymaterial.unipune.ac.in:8080/jspui/bitstream/12345678 (Accessed on 5 May 2022).
+Patil, S.G. 2019. How to plan and write a budget for research grant proposal. Journal of Ayurveda and Integrative Medicine. Bangalore: Elsevier B.V.
+Patrick, H., van Niekerk, B. & Fields, Z. 2016. Security-information flow in the South African Public Sector. Journal of Information Warfare, 15(4): 68–85
+Philpott, D. 2013. Security consulting. $4^{t h}$ ed. Oxford: Butterworth-Heinemann.
+Pinnock, B. 2020. What recent data breaches tell us about cybersecurity in South Africa BusinessTech Retrieved from: https://businesstech.co.za/news/industrynews/433797/what-recentdata-breaches-tell-us-about-cybersecurity-in-southafrica/ (Accessed 30 September 2021).
+Public Safety Canada. 2019. Statement from ministers Goodale, Lametti and Sajjan on the passage of Bill C-59 in Parliament. Ottawa: Government of Canada.
+Raacke, J.B. & Raacke, J. 2012. Research methods. Boston: Pearson.
+Rader, E., Wash, R. & Brooks, B. 2012. Stories as informal lessons about security. London: SOUPS.
+Ramluckan, T. 2019. The applicability of the Tallinn manuals to South Africa. 14th International Conference on Cyber Warfare and Security (ICCWS) (2019) 348-355 Retrieved from: https://www.proquest.com/openview/ac4cc9f3edd6ada5ae1cfe8 (Accessed 12 May 2020)
+Rees, C. 2016. Rapid research methods for nurses, midwives and health professionals. United Kingdom: Wiley.
+Renfroe, N.A. & Smith, J.L. 2016. Threat/ vulnerability assessments and risk analysis. Applied research associates. Retrieved from: https://www.wbdg.org/resources/threat-vulnerability-assessments-and-iskanalysis. (Accessed: (14 April 2021)
+Right2Know Campaign, 2017. R2K submission on the Cybercrimes Bill. Retrieved from: https://www.R2k.Org.Za/2017/08/11/R2k-Submission-on-the-CybercrimesBill-2017 (Accessed 23 December 2020)
+Rishi, V. 2019. Cyber security breaches survey 2019. UK statistics authority, Britain. Retrieved from: https://assets.publishing.service.gov.uk/government/uploads/ Accessed 23 December 2020)
+
+Ritchie, J., Lewis, J., McNaughton, C. & Ormston, N.R. 2014. Qualitative research practice: A guide for social science students and research. 2nd ed. London: SAGE.
+
+Rogers, R. 2008. Nessus network auditing. $2^{\mathsf{n d}}$ ed. Rockland: Syngress Publishing.
+
+Rosencrance. 2022. Vulnerability assessment: Vulnerability analysis. Newton: TechTarget. Retrieved from https://www.techtarget.com/searchsecurity/definition/ (Accessed on the 23 June 2022).
+Ruel, E.E., Wagner, W.E & Gillespie, B.J. 2016. The practice of survey research: Theory and applications. London: Sage.
+Sahoo, N. 2021. Is your organisation secured from cyber risk? New York: VISTA InfoSec. Retrieved from: https://www.vistainfosec.com/blog/types-of-vulnerabilityassessment/ (Accessed on the 28 June 2022)
+Saleh, Z.I., Refai, H. & Mashhour, A. 2011. Framework for security risk assessment: faculty of computer science and information systems. New York: Springer Publications.
+SAPS. 2011. Annual report 2010/11. Retrieved from: https://www.saps.gov.za/about/stratframework/annual_report/2010_2011/7_prg5 _protection_security_services.pdf (Accessed on the 28 June 2022)
+Sharma, R. 2020. Legislation related to cyber crimes in United Kingdom. Retrieved from: https://www.researchgate.net/publication/347439774 (Accessed 15 January 2021)
+Singh, D. 2019. Policing for safe cities and citizen security in urban South Africa. A fundamental human right. Just Africa, 1: 6-14.
+Smith, C.L. & Brooks, D.J. 2013. Security science: The theory and practice of security. Butterworth: Elsevier Inc.
+Smith, R. 2019. The international comparative legal guide to cybersecurity. A practical cross-border insight into cybersecurity work. $2^{\mathsf{n d}}$ ed. 29: 185-191. Malaysia: Global Legal Group.
+Solove, D.J. & Schwartz, P.M. 2011. Privacy law fundamentals. USA: IAPP Publishers.
+Sotic, A., Mitrovic. V., Rajic. R. 2014. Risk perception during construction works execution. The Online Journal of Applied Knowledge Management 2(3), 44-55.
+South Africa. 1977. Criminal Procedure Act (Act no. 51 of 1977). South Africa. 1993. Pretoria: Government Printers.
+South Africa. 1980. The National Key Points Act (Act No 102 of 1980). Pretoria: South African Government.
+South Africa. 1985. Control of Access to Public Premises and Vehicles Act 53 of 1985 (CAPPVA). Pretoria: South African Government.
+South Africa. 1993. Occupational Health and Safety Act (Act No. 85 of 1993). Pretoria: Government Printers.
+
+South Africa. 1994. National Strategic Intelligence Act (Act No. 39 of 1994). Government Gazette 161228. Pretoria: Government Printers.
+
+South Africa. 1995. Labour Relations Act. Pretoria: Government Printers.
+South Africa. 1996. The Constitution of the Republic of South Africa, 1996. Pretoria: Government Printer. 71
+South Africa. 1998. Minimum Information Security Standards. Pretoria: Government Printer.
+South Africa. 2001. Private Security Industry Regulatory Act (PSIRA) (No. 56 of 2001). Pretoria: South African Government.
+South Africa. 2013. Protection of Personal Information Act. (Act No. 2013). Pretoria: Government Printer.
+South Africa. 2015. BRICS (Brazil, Russia, India, China, South Africa). Retrieved from: https://www.gov.za (Accessed 19 April 2021).
+South Africa. 2016. Government Gazette 40487 of 9 December 2016. ‘Cybercrimes and Cybersecurity Bill’ Republic of South Africa.
+South Africa. 2017. Cybercrimes and Cybersecurity Bill: Republic of South Africa 2017: General Notice 871 in Government Gazette 40487 of 9 December 2016.
+Southern African Migration Project. 2016. Criminal tendencies: Immigrants and illegality in South Africa. Migration Policy Brief No. 10. Retrieved from: https://samponline.org/wp-content/uploads/2016/10/brief10.pdf (Accessed: 20 February 2020).
+Southern African Legal Information Institute. 2018. My Vote Counts NPC v Minister of Justice and Correctional Services and Another. 2018 (5) SA 380 (CC). Retrieved from: http://www.saflii.org/za/cases/ZACC/2018/17.html (Accessed: 20 February 2020).
+Surju, J. 2018. ‘A case study exploring how middle managers implement deliberate strategy in a government department’. Unpublished Master’s Dissertation. Pretoria: UNISA.
+Sutherland, E. 2017. Governance of cybersecurity – the case of South Africa. The African Journal of Information and Communication (AJIC), 20: 83-112.
+Sutton, F.S. 2015. Process risk and reliability management: operational integrity management. $2^{n d}$ ed. London: Gulf Professional Publishing.
+Tavakoli, H. 2012. A dictionary of research methodology and statistics in applied linguistics. Iran: Rahnama press.
+Taylor, L. & Shepherd, M. 2008. In FISMA Certification and accreditation handbook. Amsterdam: Syngress.
+Thanh, N.C. & Thanh, T.T.L. 2015. The interconnection between interpretivist paradigms and qualitative methods in education. American Journal of Educational Science, 1(2): 24-27.
+
+Thoka, E.M. 2020. ‘An evaluation of security of security threats and vulnerabilities to a national key point: Case study of Medupi power station’. Unpublished Thesis Pretoria: UNISA.
+
+Thomas, G. 2013. How to do your research project: A guide for students in education and applied social sciences. $2^{\mathsf{n d}}$ edition. London: Sage.
+Thomashausen, A. 2007. ‘Knowing the role of international law and the United Nations’ instruments in combating and prosecuting terrorism’. Pretoria: IQPCC Conference.
+Thompson, E.E. 2019. The insider threat assessment and mitigation of risks. New York: CRC Press.
+Tight, M. 2017. Understanding case study research: Small-scale research with meaning. London: Sage.
+Tilley, N. & Laycock, G. 2018. Developing a knowledge base for crime prevention: Lessons learned from the British experience. Crime Prevention and Community Safety, 20(4): 228-242.
+Trochimm, W.M.K. 2020. Changes and additions. In Troy, C. 2020. A quick guide to descriptive research. London: Research Prospect.
+Troy, C. 2020. A quick guide to descriptive research. London: Research Prospect.
+Turianskyi, Y. 2018. Balancing cyber security and internet freedom in Africa. Africa Portal Journal, (31): 14-24.
+UNISA. 2020. University of South Africa COVID-19 position statement on research ethics. Pretoria: UNISA.
+Vellani, K.H. 2020. Strategic security management a risk assessment: Guide for decision makers. $2^{\mathsf{n d}}$ ed. New York: CRC Press.
+Wagner, C., Kawulich, B. & Garner, M. 2012. Doing social research: Global context. United Kingdom: McGraw-Hill Education.
+Walliman, N. 2015. Research methods. the basics. Abingdon: Routledge Publisher.
+Warren, C.A.B. & Karner, T.X. 2015. Discovering qualitative methods. Ethnography, Interviews, documents and images. Guilford Press: New York.
+Watts, S. 2017. IT security vulnerability vs threat vs risk: What’s the difference? Phoenix: University of Phoenix.
+Welman, C., Kruger, F. & Mitchell, B. 2012. Research methodology. $3^{r d}$ ed. Cape Town: Oxford University press.
+Whitman, M.E & Mattord, H.J. 2015. Principles of information security. ${5^{t h}}$ ed. Georgia: Kennesaw State University.
+Williams, J. 2017. Rigorous risk management a must-have for public sector organisations. Retrieved from: Rigorous risk management a must-have for public sector organisations | ACCA Global (Accessed on 02 April 2022)
+Word, S. 2019. Assets definition: Are your assets current, fixed or intangible & what are they worth? California: SAGE.
+Yamagata-Lynch, L.C. 2010. Activity systems analysis methods: Understanding complex learning environments. New York: Springer Publications.
+Yin, R.K. 2018. Case study research and applications: Designs and methods. 6th edition. LA: Sage.
+
+# UNISA university of south africa
+
+# UNISA2022ETHICSREVIEWCOMMITTEE
+
+Date: 09 July 2022
+
+Researcher: Mr Lehlohonolo Wonderboy Mahlatsi
+
+Supervisor: Dr Bernard Khotso Lekubu
+
+# A CRITICAL REVIEW OF THE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENTBYA SELECTION OF GOVERNMENTDEPARTMENTIN GAUTENG
+
+Qualification: PhD (Criminal Justice)
+
+Thank you for the application for research ethics clearance by the Unisa 2022 Ethics Review Committee for the above-mentioned research. Ethics approval is granted for 3 years.
+
+The low-risk application was reviewed by the CLAw Ethics Review Committee on in
+compliance with the Unisa Policy on Research Ethics and the Standard Operating Procedure
+on Research Ethics Risk Assessment.
+The proposed research may now commence with the provisions that: 1. The researcher will ensure that the research project adheres to the relevant guidelines set out in the Unisa Covid-19 position statement on research ethics attached. 2. The researcher(s) will ensure that the research project adheres to the values and principles expressed in the UNIsA Policy on Research Ethics. 3. Any adverse circumstance arising in the undertaking of the research project that is relevant to the ethicality of the study should be communicated in writing to the CLAW Committee. 4. The researcher(s) will conduct the study according to the methods and procedures set out in the approved application.
+
+5. Any changes that can affect the study-related risks for the research participants, particularly in terms of assurances made with regards to the protection of participants' privacy and the confidentiality of the data, should be reported to the Committee in writing, accompanied by a progress report. 6. The researcher will ensure that the research project adheres to any applicable national legislation, professional codes of conduct, institutional guidelines and scientific standards relevant to the specific field of study. Adherence to the following South African legislation is important, if applicable: Protection of Personal Information Act, no 4 of 2013; Children's act no 38 of 20o5 and the National Health Act, no 61 of 2003. 7. Only de-identified research data may be used for secondary research purposes in future on condition that the research objectives are similar to those of the original research. Secondary use of identifiable human research data requires additional ethics clearance. 8. No field work activities may continue after the expiry date 2025:07:09. Submission of a completed research ethics progress report will constitute an application for renewal of Ethics Research Committee approval. Note: The reference number TS67-2o22 should be clearly indicated on allforms of communication with the intended research participants, as well as with the Committee.
+
+Yours sincerely,
+
+
+
+
+
+Prof L Fitz Chair of CLAW ERC E-mail: fitzlq@unisa.ac.za Tel: (012) 433-9504
+
+Prof OJ Kole
+Acting Executive Dean: CLAW
+E-mail: koleoj@unisa.ac.za
+Tel: (012) 429-8305
+
+
+The Divisional Commissioner CRIMEINTELLIGENCE
+
+PERMISSION TO CONDUCT RESEARCH IN THE SOUTH AFRICAN POLICE SERVICE:UNIVERSITY OF SOUTH AFRICA:DOCTORATE DEGREE:A CRITICAL REVIEW OF THE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENT BYA SELECTION OF GOVERNMENT DEPARTMENTS IN GAUTENG: RESEARCHER:LWMAHLATSI
+
+# PERMISSION TO CONDUCT RESEARCH IN THE SOUTH AFRICAN POLICE SERVICE:UNIVERSITY OF SOUTH AFRICA:DOCTORATE DEGREE:A CRITICAL REVIEW OF THE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENT BYA SELECTION OF GOVERNMENT DEPARTMENTS IN GAUTENG: RESEARCHER:LWMAHLATSI
+
+The researcher, LW Mahlatsi, intends to collect data by approaching approximately ten (10) participants at Security Standards, Crime Intelligence, Counter intelligence in Gauteng Office in Johannesburg and the study will also include Crime Intelligence Vetting Units in the SAPS Head Office Pretoria in line with the proposed topic/title. This office hereby requests your support on the condition that your office agrees with our recommendations and confirm the proposed official research is viable. Additionally, your office has the authority to set terms and conditions for the researcher to comply with set standards to be foilowed during the research study process and does not harm the SAPS' image. Kindly find the relevant documents of the requested application topic/titled “ A critical review of the implementation of the Security Threat Assessment by a selection of Government Departments in Gauteng” for your consideration: Annexure A: Application to conduct research; Annexure B: Signed undertaking; Annexure C: Research proposal; and Annexure D: Research approval from University of South Africa. The researcher will conduct the research at his/her own expenses. The researcher will conduct the research without the disruption of the duties of the participating members of the Service. In addition, the researcher must communicate and make prior arrangements with the respective commanders of the participating members of the study. 8.2 The researcher, LW Mahlatsi, shouid bear in mind that participation in the interviews must be voluntary. Information will at all times be treated as strictly confidential. The researcher, LW Mahlatsi, will provide an electronic copy of the final report to the Service. The researcher, LW Mahlatsi, will ensure that the research report complies with all conditions for the approval of research.
+
+# PERMISSION TO CONDUCT RESEARCH IN THE SOUTH AFRICAN POLICE SERVICE: UNIVERSITY OF SOUTH AFRICA:DOCTORATE DEGREE:A CRITICAL REVIEW OF THE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENT BY A SELECTION OF GOVERNMENT DEPARTMENTS IN GAUTENG: RESEARCHER:LWMAHLATSI
+
+10.Should your office be in agreement with this research request and to facilitate smooth coordination between your ofice and the researcher, the following information is kindly requested to be forwarded to our office within 18 days after receipt of this letter.
+
+· Signed Certificate/Letter: Confirm the proposed research request is viable; · Contact person: Rank, Initials and Surname; and I Contact details: Telephone number and email address.
+
+Your cooperation will be highly appreciated.
+
+Date:
+
+# ANNEXURE 3: LETTER TO DEPARTMENT OF PUBLIC WORKS FOR PERMISSION TO CONDUCT THE STUDY
+
+Private Bag X65, PRETORIA, 0001 Int Code: +27 12 Tel: 406 1300 Fax: 321 3898 E-mail: Solly.Mwanza@dpw.gov.za website: www.publicworks.gov.za
+
+Attention: Mr Mahlatsi 570 Louis Trichardt Street Wonderboom South 0084
+
+Dear Mr. L Mahlatsi
+
+# REQUESTFORPERMISSIONTO CONDUCTA RESEARCHWITHIN DPWI ON “A CRITICALREVIEW OF THE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENT BY A SELECTION OF GOVERNMENTDEPARTMENTSIN GAUTENG”:MRLMAHLATSI
+
+1.Your request dated 01/o8/2022 pertaining to the above mentioned matter is hereby acknowledged.
+
+2. The Department has decided to grant you permission to conduct a research study within DPWl on the topic “A Critical review of the implementation of the Security Threat Assessment by a selection of Govemment Departments in Gauteng".
+
+3.You are hereby requested to submit the outcome of your approved research to the Department, through the Director: Human Resources Development for future references and service delivery improvement strategies to be sourced from your findings and recommendations.
+
+4. The Department wisheszyou everything of the best in your academic and career developments.
+
+
+
+# ANNEXURE 4: DIRCO APPROVAL TO CONDUCT THE STUDY
+
+
+
+#
+
+Department: Intemational Relations and Cooperation REPUBLIC OF SOUTH AFRICA
+
+Private Bag X152, PRETORIA, 0001 + OR Tambo Bld, 460 Soutpansberg Road, Rietondale, PRETORIA, 0084 Tel: +27 (0) 12 351 1000 \* www.dirco.gov.za
+
+Mr Lehlohonolo Wonderboy Mahlatsi
+Philosophiae Doctor/Doctor of Philosophy [PhD]: Criminal Justice at the University of South Africa (UNISA)
+LehlohonoloMa@joburg.org.za
+GAUTENG
+Republic of South Africa
+
+Dear Mr Mahlatsi,
+
+Research study: A critical review of the implementation of the Security Threat Assessment by a selection of Government Departments in Gauteng.
+
+The Acting Director-General of the Department of International Relations and Cooperation (DIRCO), approved your request to utilise DlRCO whilst conducting research for the fulfilment of the PhD Degree from the University of South Africa.
+
+
+
+tsaBedteeaazzbeee sreeUb
+
+
+ANNEXURE 5: SAPS APPROVAL TO CONDUCT THE STUDY
+UNIVERSITY OF SOUTHAFRICA
+
+RE:PERMISSION TO CONDUCT RESEARCH IN THE SOUTH AFRICAN POLICE SERVICE: UNIVERSITY OF SOUTH AFRICA:DOCTORATEDEGREE:A CRITICAL REVIEW OFTHE IMPLEMENTATION OF THE SECURITY THREAT ASSESSMENT BY A SELECTION OF GOVERNMENTDEPARTMENTSIN GAUTENG: RESEARCHER:LWMAHLATSI
+
+1. The above subject matter refers.
+2. You are hereby granted approval for your research study on the above-mentioned topic in terms of National lnstruction 4 of 2022.
+3. Further arrangements regarding the research study may be made with the following
+
+The Divisional Commissioner; Crime Intelligence ·Contact Person: Major General Lushaba ·Contact Details: (012)3601408
+
+4. Kindly adhere to paragraph 8 of our attached letter signed on 2022-08-18 with the same abovementioned reference number.
+
+THE HEAD: RESEARCH
+SOUTHAFRICANPOLICESERVICE
+PRETORIA
+0001
+
+Privaatsak/Private Bag X94
+
+
+| No. and year of law Act 23 of 1994 | Short title Public Protector Act, | Extent of repeal or amendment |
| 1994 | 1. The amendment of section 6 by the- (a) substitution for paragraph (b) of subsection (4) of the following paragraph: “(b) to endeavour, in his or her sole discretion, to resolve any dispute or rectify any act or omission by- (i) mediation, conciliation or negotiation; (ii) advising, where necessary, any complainant regarding appropriate remedies; or (ii) any other means that may be ex- pedient in the circumstances; and"; (b) substitution for paragraph (c) of subsection (4) of the following paragraph: “(c) at a time prior to, during or after an investigation- (i) if he or she is of the opinion that the facts disclose the commission of an offence by any person, to bring the matter to the notice of the relevant authority; and charged with prosecutions; or (ii) if he or she deems it advisable, to refer any matter which has a bearing on an investigation, to the appropriate public body or authority; and affected by it or to make an appropriate recommendation regarding the redress of the prejudice resulting therefrom or make any other appropriate recommendation he or she deems expedient to the affected public body or authority[; and]."; and (c) deletion of paragraph (d) of subsection (4). |
| Act 2 of 2000 | Promotion of Access to Information Act, 2000 | 1. The amendment of section 1 by the- (a) insertion, after the definition of “application" of the following definition: “biometrics' means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recogni- tion;”; |
+
+110
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | (b) omission of the definition of “Human Rights Commission"; (c) substitution for the definition of “personal information" of the following definition: “‘personal information' means information relating to an identifiable natural person, including, but not limited to- (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assigned to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g)the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person, but excludes information about an individual who has been dead for |
+
+112
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | (ii) a description of all remedies available in respect of an act or a failure to act by the body; |
| and (iv) such other information as may be prescribed; (b)insofar as this Act is concerned- (i) a description of the guide referred to in section 10, if available, and how to obtain access to it; |
| [(d)](ii) sufficient detail to facilitate a request for access to a record of the body, a description of the subjects on which the body holds records and the categories of records held on each subject; |
| [(e)](ii) the latest notice, in terms of section 15(2), if any, regarding the categories of records of the body which are available without a person having to request access in terms of this Act; |
| [(f)](iv) a description of the services | available to members of the public from the body and how to gain access to those services; and [(g)](v) a description of any arrangement or provision for a person (other than a public body referred to in paragraph (a) or (b)(i) of the definition of "public body" in section 1) by consultation, making representations or otherwise, to participate in or influence- [(i)](aa) the formulation of policy; or [(ii)](bb) the exercise of powers or perfor- mance of duties, by the body; (c) insofar as the Protection of Personal Information Act, 2013, is concerned- (i) the purpose of the processing; (ii) a description of the categories of data subjects and of the |
+
+118
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| application, as the case may be.". | (b) that the requester may lodge an internal appeal, a complaint to the Information Regulator or an application with a court, as the case may be, against the tender or payment of the request fee in terms of subsection (1), or the tender or payment of a deposit in terms of subsection (2), as the case may be; and (c) the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may.". 8. The amendment of section 25 by the- (a) substitution for paragraph (c) of subsection (2) of the following paragraph: “(c) that the requester may lodge an internal appeal, a complaint to the Information Regulator or an application with a court, as the case may be, against the access fee to be paid or the form of access granted, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be."; and (b) substitution for paragraph (c) of subsection (3) of the following paragraph: “(c) state that the requester may lodge an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be, against the refusal of the request, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be.". 9. The amendment of section 26 by the substitution for paragraph (c) of subsection (3) of the following paragraph: “(c) that the requester may lodge an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be, against the extension, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or |
+
+124
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | 10. The amendment of section 29 by the substitution of subsection (9) for the following subsection: “(9) If an internal appeal, complaint to the Information Regulator or an application to a court, as the case may be, is lodged against the granting of a request for access to a record, access to the record may be given only when the decision to grant the request is finally confirmed." 11. The amendment of section 49 by the- (a) substitution of paragraphs (b) and (c) of subsection (3)for the following paragraphs: “(b) that the third party may lodge an internal appeal, complaint to the Information Regulator or an application, as the case may be, against the decision within 30 days after notice is given, and the procedure for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be; and (c) that the requester will be given access to the record after the expiry of the applicable period contemplated in paragraph (b), unless such internal appeal, complaint to the Information Regulator or application with a court is lodged within that period."; and (b) substitution of subsection (4) of the following subsection: “(4) If the information officer of a public body decides in terms of subsection (1) to grant the request for access concerned, he or she must give the requester access to the record concerned after the expiry of 30 days after notice is given in terms of subsection (1)(b), unless an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be,is lodged against the decision within that period.". 12. The amendment of section 51 by- (a) by the substitution of subsection (1)for the following subsection: “(1) [Within six months after the commencement of this section or the coming into existence of the private body concerned, thel The head of a private body must [compile] make a manual available in terms of subsection (3) containing- (a) in general- (i) the postal and street address, phone and fax number and, if available, electronic mail address of the head of the body; and (ii) such other information as may be prescribed; |
+
+126
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | [(b)] (i) a description of the guide referred to in section 10, if available, and how to obtain access to it; of section 52(2), if any, regarding the categories of record of the body which are available without a person having to request access in terms of this Act; [(d)](ii) a description of the records |
| [(c)] (ii) the latest notice in terms |
| of the body which are available in accordance (c) insofar as the Protection of Personal InformationAct,2013,is concerned- (i) the purpose of the processing; |
| with any other legislation; and [(e)](iv) sufficient detail to facilitate a request for access to a record of the body, a description of the subjects on which the body holds records and the categories of records held on each subject; [and] |
| | (ii) a description of the categories of |
| data subjects and of the information or categories of information relating thereto; (iii) the recipients or categories of recipients to whom the personal information may be supplied; (iv)planned transborder flows of personal information; and (v)a general description allowing a preliminary assessment of the suitability of the information security measures to be implemented by the responsible party to ensure the confidential- ity, integrity and availability of the information which is to be processed.". [(f) in general such other information as may be prescribed.]"; and (b) by the substitution for subsection (3) of the following subsection: “(3) [Each manual must be made available as prescribed] The manual referred to in subsection (1), or the updated version thereof as referred to in subsection (2) must be made available- |
+
+128
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | Regulator may decide to take no action on complaint |
| 77D. (1) The Information Regulator, after investigating a complaint received in terms of section 77A, may decide to take no action or, as the case may be, require no further action in respect of the complaint if, |
| in the Information Regulator's opinion- |
| (a) the complaint has not been submitted within the period referred to in section 77A(2) and there are no reasonable |
| |
| grounds to condone the late submission; |
| |
| (b) the complaint is frivolous or vexatious |
| or is not made in good faith; or |
| (c)it appears to the Information Regulator |
| |
| that, having regard to all the circum- |
| unnecessary or inappropriate. | stances of the case, any further action is |
| (2) In any case where the Information |
| Regulator decides to take no action, or no |
| further action, on a complaint, the |
| Information Regulator must inform the |
| for it. | complainant of that decision and the reasons |
| |
| Pre-investigation proceedings of Regulator |
| |
| 77E. Before proceeding to investigate any |
| matter in terms of this Chapter, the |
| Information Regulator must, in the |
| prescribed manner, inform- |
| (a) the complainant of the Information |
| Regulator's intention to conduct the |
| investigation; and |
| (b) the information officer of the public |
| body or the head of the private body, as |
| the case may be, to whom the complaint relates of the- |
| (i) details of the complaint; and |
| (ii) right of the information officer or |
| the head to submit to the Informa- |
| tion Regulator, within a reasonable |
| period, a written response in relation to the complaint. |
| Settlement of complaints |
| |
| 77F. If it appears from a complaint, or |
| any written response made in relation to a |
| complaint under section 77E(b)(ii), that it |
| may be possible to secure a settlement |
| |
| between the parties concerned, the |
| Information Regulator may, without |
| |
| investigating the complaint or, as the case |
| may be, investigating the complaint further, |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| in the prescribed manner, use its best |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| endeavours to secure such a settlement. |
+
+138
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | Investigation proceedings of Regulator |
| 77G.(1) For the purposes of the |
| investigation of a complaint the Information |
| Regulator has powers similar to those of the |
| High Court in terms of section 80 relating to the disclosure of records to it and |
| non-disclosure of records by it. |
| (2) Section 81 of the Protection of |
|
| Personal Information Act, 2013, applies to |
| the investigation of complaints in terms of this Chapter. |
| Assessment |
| 77H. (1) The Information Regulator, on its own initiative, or at the request by or on |
|
|
| behalf of an information officer or head of a |
| private body or any other person may make an assessment in the manner prescribed of |
| whether a public or private body generally |
| complies with the provisions of this Act |
|
| insofar as its policies and implementation procedures are concerned. |
| (2) The Information Regulator must make |
| the assessment if it appears to be appropri- ate, unless, where the assessment is made on |
| |
| request, the Information Regulator has not |
| been supplied with such information as it |
| may reasonably require in order to- (a) satisfy itself as to the identity of the |
| |
| person making the request; and (b) enable it to identify the private or public |
| body concerned. |
| (3) The matters to which the Information |
| Regulator may have regard in determining |
| whether it is appropriate to make an |
| assessment include- |
| (a) the extent to which the request appears |
| to it to raise a matter of substance; |
| (b) determining that the request is not |
| frivolous or vexatious; and |
| (c) whether or not the person making the |
| request is entitled to make an application |
| in terms of this Act in respect of the |
| information in question. |
| |
| (4) If the Information Regulator has |
| |
| |
| |
| |
| |
| |
| received a request under this section it must |
| |
| |
| |
| |
| notify the person referred to in subsection |
| |
| |
| |
| |
| |
| (1)- |
| |
| |
| |
| |
| |
| |
| |
| (a) whether it has made an assessment as a |
| |
| |
| |
| |
| |
| |
| |
| result of the request; and |
+
+140
+
+| No. and year of law Act 25 of 2002 | Short title | Extent of repeal or amendment |
| Electronic Communi- cations and Transactions Act, 2002 | 1.The amendment of section 1 by the substitution for the definition of “personal information" of the following definition: ‘personal information' means information relating to an identifiable natural person, including, but not limited to- (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assigned to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspon- dence; (g)the views or opinions of another individual about the person; and |
| | “‘prohibited conduct' means any act or omission in contravention of the Act, other than an act or omission as contemplated in section 55(2)(b) or that constitutes an offence under this Act, by- (a) an unregistered person who is required to be registered to engage in such an act; or |
+
+148
+
+
+| Number and year of law Act No. 51 of 1977 Act,1977 | Short title Criminal Procedure 5: “A contravention of section 8, 9 or 10 of the Cybercrimes Act, 2020- (b) | Extent of repeal or amendment The addition of the following items to Schedule |
| (ii) | (a)involving amounts of more than R500 000,00; involving amounts of more than R100 000,00, if it is proven that the offence was committed- (i)by a person, group of persons, syndicate or any enterprise act- ing in the execution or further- ance of a common purpose or conspiracy; or by a person or with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer program, a computer data stor- age medium or a computer sys- tem of another person in respect of which the offence in question was committed; or (c)if it is proven that the offence was committed by any law enforcement officer- (i)involving amounts of more than R10 000; or (ii) as a member of a group of persons, syndicate or any enter- prise acting in the execution or furtherance of a common pur- pose or conspiracy; or (iii)with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to |
| Act No. 68 of | | offence in question was com- mitted. A contravention of section 11(2) of the Cybercrimes Act, 2020." South African Police|The deletion of section 71. Service Act, 1995 |
+
+Wet op Kubermisdade, 2020
+
+85
+
+# Bylae
+
+(Artikel 58) WETTE HERROEP OF GEWYSIG
+
+| Nommer en jaar van wet Wet No.51 van 1977 1977 | Kort titel Strafproseswet, | Omvang van herroeping of wysiging |
| | Die volgende items word by Bylae 5 gevoeg: n Oortreding van artikel 8, 9 of 10 van die Wet op Kubermisdade, 2020- (a)waarby bedrae van R500 000,00 betrokkeis (b) waarby bedrae van R100 000,00 betrokke is, indien bewys word dat die misdryf gepleeg is- (i)deur 'n persoon, groep persone, sindikaat of enige onderneming handelende in die uitvoering of bevordering van 'n gemeenskap- like doel of sameswering; of (ii)_deur ‘n persoon of met die sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaamhede of wettige magtiging, toesig gehad het oor, in beheer was van, of toegang gehad het tot data, ‘'n rekenaarprogram, rekenaardatabergingsmedium of 'n rekenaarstelsel van 'n ander persoon ten opsigte waarvan die betrokke misdryf gepleeg is; of (c)indien bewys word dat die misdryf deur enige wetstoepassingsbeampte gepleeg is- (i)_waarby bedrae van R10 000 betrokke is; of (ii)as 'n lid van 'n groep persone, sindikaat of enige onderneming handelende in die uitvoering of ter bevordering van 'n gemeen- |
| | skaplike doel of sameswering; of (iii) met die sameswering of bystand van iemand anders,wat as deel van sy of haar pligte, werksaam- hede of wettige magtiging toesig gehad het oor, in beheer was van, of toegang gehad het tot data,'n rekenaarprogram, 'n rekenaardatabergingsmedium of 'n rekenaarstelsel van iemand anders ten opsigte waarvan die betrokke misdryf gepleeg is. |
| van 1995 | 'n Oortreding van artikel 11(2) van die Wet op Kubermisdade, 2020." Artikel 71 word geskrap. Artikel 24B word geskrap. |
| Wet No.68 Wet No.65 van 1996 | Wet op Suid- Afrikaanse Polisiediens, 1995 Wet op Films en Publikasies, 1996 | |
+
+Act No. 19 of 2020
+86
+
+
+| Number and year of law Act No.105 Criminal Law of 1997 Amendment Act, 1997 | Short title | Extent of repeal or amendment |
| Schedule 2: | The addition of the following item to Part II of “A contravention of section 8, 9 or 10 of the Cybercrimes Act, 2020- (a)involving amounts of more than R500 000,00; (b)involving amounts of more than R100 000,00, if it is proven that the offence was committed- (i) by a person, group of persons, syndicate or any enterprise act- ing in the execution or further- ance of a common purpose or conspiracy; or (ii)_by a person or with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer program, a computer data stor- age medium or a computer sys- tem of another person in respect of which the offence in question was committed; or (c)if it is proven that the offence was committed by any law enforcement officer- (i)involving amounts of more than R10 000; or (ii) as a member of a group of |
| | persons, syndicate or any enter- prise acting in the execution or furtherance of a common pur- pose or conspiracy; or (iii)_with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer_program,a computer data storage medium or a computer system of another person in respect of which the |
| Act No. 32 of 1998 | National Prosecut- ing Authority Act, | offence in question was com- mitted." The deletion of sections 40A and 41(4). |
| Act No. 111 of1998 Act No. 38 of | Correctional Ser- vices Act,1998 Financial Intelli- gence Centre Act, | The deletion of section 128. The deletion of sections 65, 66 and 67. |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+87
+
+
+| Nommer en jaar van wet Wet No.105 | Kort titel | Omvang van herroeping of wysiging |
| van 1997 van 2001 Intelligensiesentrum, 2001 | Strafregwysigings- wet,1997 | gevoeg: is- tenopsigte (c)indien bewys word dat die misdryf gepleeg is- (i)_waarby bedrae van of | “n Oortreding vanartikel 8, 9of 10 van die Wet op Kubermisdade, 2020- (a)waarby bedrae van meer as R500 000,00 betrokke is; (b)waarby bedrae van meer as R100 000,00 betrokke is, indien bewys word dat die misdryf gepleeg (i)deur 'n persoon, groep persone, sindikaat of enige onderneming handelende in die uitvoering of bevordering_van'n gemeen- skaplike doel of sameswering; of (ii) deur 'n persoon of met die |
| sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaamhede of wettige magtiging toesig gehad het oor, in beheer was van of toegang gehad het tot data, 'n rekenaarprogram, 'n rekenaar- databergingmedium of 'n reke- naarstelsel van iemand anders waarvan die betrokke misdryf gepleeg is; of deur enige wetstoepassingsbeampte R10 000,00 betrokke is; of (ii)as 'n lid van 'n groep persone, sindikaat of enige onderneming handelende in die uitvoering of ter bevordering van 'n gemeen- skaplike doel of sameswering; (iii)met die sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaam- hede of wettige magtiging toesig gehad het oor, in beheer was van of toegang gehad het tot data, 'n die meer as |
| Wet No.32 van 1998 | Wet op die Nasionale Vervolgingsgesag, | rekenaarprogram, ‘n rekenaar- databergingsmedium of n reke- naarstelsel van iemand anders tenopsigte waarvan betrokke misdryf gepleeg is.". Artikels 40A en 41(4) word geskrap. Artikel 128 word geskrap. |
| Wet No. 111 van 1998 Wet No.38 Wet op Finansiele | 1998 Wet op Korrektiewe Dienste,1998 |
+
+Act No. 19 of 2020
+88
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Act No. 25 of 2002 | Electronic Commu- nications and Trans- actions Act, 2002 | (a) The deletion of sections 85, 86, 87 and 88. (b) The substitution for section 89 of the following section: “Penalties 89. [(1)] A person convicted of an offence referred to in sections 37(3), 40(2), 58(2),80(5)[,] or 82(2) [0r 86(1), (2) or (3)] is liable to a fine or imprisonment for a period not exceeding 12 months. [(2) A person convicted of an offence referred to in section 86(4) or (5) or section 87 is liable to a fine or imprison- |
| Act No. 70 of 2002 | Regulation of Inter- (a) ception of Commu- nications and Provi- sion of Communication related Information Act, 2002 | ment for a period not exceeding five years.]". The amendment of section 1 by the substi- tution for paragraph (a) of the definition of “serious offence” of the following para- graph: “(a) offence mentioned in [the] Schedule 1; or". (b) The amendment of section 4 by the addi- tion of the following subsection: “(3) Notwithstanding subsection (2), a law enforcement officer or a person who is authorised in terms of the Criminal Proce- dure Act, 1977, the Cybercrimes Act, 2020, or any other law to engage or to apprehend a suspect or to enter premises in respect of the commission or suspected commission of any offence, may during the apprehension of the suspect or during the time that he or she is lawfully on the premises, record what he or she observes or hears if- (a)the recording relates directly to the purpose for which the suspect was apprehended or the law enforcement officer or_person entered the pre- mises; and (b) the law enforcement officer or person has- (i)identified himself or herself as such; and (ii) verbally informed any_person concerned that his or her direct communications are to be re- corded, before such recording is made." (c) The substitution for subsection (4) of section 17 of the following subsection: “(4) A real-time communication-related direction may only be issued if it appears |
+
+Wet op Kubermisdade, 2020
+
+89
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Wet No.25 van 2002 | Wet op Elektroniese Kommunikasies en Transaksies, 2002 | (a) Artikels 85, 86, 87 en 88 word geskrap. (b) Artikel 89 word deur die volgende artikel vervang: “Strawwe 89. [(1)] 'n Persoon wat skuldig bevind is aan 'n misdryf bedoel in artikels 37(3), 40(2),58(2), 80(5)[,l of 82(2) [of 86(1), (2) of (3)] is strafbaar met 'n boete of gevangenisstraf vir 'n tydperk wat nie 12 maande oorskry nie. [(2)'n Persoon wat skuldig bevind is aan 'n misdryf bedoel in artikel 86(4) of |
| Wet No. 70 van 2002 | Wet op die Reeling van Onderskepping van Kommunikasies en Verstrekking van Kommunikasie- verwante Inligting, 2002 | (5) of artikel 87 is strafbaar met 'n boete of gevangenisstraf vir 'n tydperk wat nie vyf jaar oorskry nie.]" (a) Artikel 1 word gewysig deur paragraaf (a) van die omskrywingvan“ernstige misdryf" deur die volgende paragraaf te vervang: “(a) misdryf vermeld in [die] Bylae 1; of". (b) Artikel 4 word gewysig deur die volgende subartikel by te voeg: “(3)Ondanks subartikel (2), kan 'n wetstoepassingsbeampte of n persoon wat ingevolge die Strafproseswet, 1977, die Wet op Kubermisdade, 2020, of enige ander wetsbepaling, gemagtig is om ‘n verdagte te betrek of in hegtenis te neem of om ‘n perseel te betree ten opsigte van die pleging of vermeende pleging van enige misdryf, tydens die inhegtenisname van die verdagte of terwyl hy of sy wettig op die perseel is, opneem wat hy of sy waarneem of hoor indien- (a) die opname direk in verband staan met die doel waarvoor die verdagte in hegtenis geneem is of die wets- toepassingsbeampte of persoon die perseel betree het; en (b)die wetstoepassingsbeampte of persoon- (i) hom- of haarself as sodanig geidentifiseer het; en |
+
+Act No. 19 of 2020
+90
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| (d) The substitution for subsection (4) of |
| being or will probably be committed; (b) the gathering of information concern- ing an actual threat to the public health or safety, national security or compelling national economic inter- ests of the Republic is necessary; (c) the gathering of information concern- ing a potential threat to the public health or safety or national security of |
|
| the Republic is necessary; (d) the making of a request for the provision, or the provision to the competent authorities of a country or territory outside the Republic, of any |
| assistance in connection with, or in the form of, the interception of com- munications relating to organised crime, an offence mentioned in Schedule II or any offence relating to terrorism or the gathering of informa- tion relating to organised crime or terrorism, is in- (i) accordance with an international mutual assistance agreement; or |
| (ii) the interests of the Republic's international relations or obliga- |
| tions; or (e) the gathering of information concern- ing an offence mentioned in Schedule II, or property which is or could probably be an instrumentality of a serious offence, or is or could prob- ably be the proceeds of unlawful activities, is necessary, and that the provision of real-time commu- nication-related information is necessary |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+91
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging | (a)"n ernstige misdryf of 'n misdryf in Bylae II genoem, gepleeg is of word of waarskynlik gepleeg sal word; |
| | | of |
| (b) die insameling van inligting aan- gaande 'n werklike bedreiging van die openbare gesondheid veiligheid, nasionale sekuriteit of dwingende nasionale ekonomiese |
| belang van die Republiek nodig is; (c) die insameling van inligting aan- gaande ‘'n potensiele bedreiging van die openbare gesondheid |
| veiligheid of nasionale sekuriteit van die Republiek nodig is; (d) die rig van 'n versoek vir die voorsiening, of die voorsiening aan die bevoegde owerhede van 'n land of gebied buite die Republiek, van enige hulp in verband met, of in die vorm van, die onderskepping van kommunikasies met betrekking tot |
| georganiseerde misdaad, 'n misdryf in Bylae II genoem of enige misdryf met betrekking tot terrorisme of die insameling van inligting met be- trekking tot georganiseerde misdaad of terrorisme- (i) ooreenkomstig 'n internasionale (ii) in belang van die internasionale (e)die aangaande ‘n misdryf in Bylae II genoem, of eiendom wat 'n middel is of waarskynlik kan wees by'n ernstige misdryf of die opbrengs is of waarskynlik kan wees van onwettige aktiwiteite nodig is, en dat die verstrekking van intydse kommunikasie-verwante inligting nodig is vir die doeleindes van die ondersoek van so 'n misdryf of die insameling van sodanige inligting." (d) Subartikel (4) van artikel 19 word deur die volgende subartikel vervang: “(4)'n Argief-bewaarde kommuni- kasie-verwante lasgewing kan slegs uitgereik word indien dit vir die betrokke regter van die Hoe Hof, streekhoflanddros of landdros voorkom, op die feite in die betrokke aansoek beweer, dat daar redelike gronde is om te glo dat- |
+
+Act No. 19 of 2020
+92
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Criminal Law | | (f) 1 2 | The addition of the following Schedule after Schedule I: “Schedule II Any offence referred to in- (a)section 3(1), 5,6,7(1),8,9(1) or (2), or 10; or (b) section 17 (in so far as the section relates to the offences referred to in paragraph (a)), of the Cybercrimes Act, 2020, which involves an amount of R50 000, 00 or more. Any offence which is substantially similar to an offence referred to in item 1 which is or was committed in a foreign State, which involves an |
| Act No.32 of 2007 | (Sexual Offences and Related Mat- ters)Amendment Act,2007 | | amount of R50 000, 00 or more.". (a) The Index to the Criminal Law (Sexual Offences and Related Matters) Amend- 11A Harmful disclosure of pornography |
| ment Act, 2007, is hereby amended- (i) by the insertion of the following Part and items after item 11: “Part 3A Persons 18 years or older: Harmful disclosure of pornography and orders to protect complainant against harmful effects of disclosure of pornography |
+
+Wet op Kubermisdade, 2020
+
+95
+
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Wet No.32 van 2007 | Wysigingswet op | (f) Die volgende Bylae word na Bylae I bygevoeg: “Bylae II Enige misdryf bedoel in- (a)artikels3(1),5,6,7(1),8,9(1) of (2), of 10; of (b)artikel17 (vir sover die artikelin verband staan met die misdrywe in paragraaf (a) bedoel), van die Wet op Kubermisdade, 2020, waarby 'n bedrag van R50 000,00 of meer betrokke is. 2 Enige misdryf wat wesenlik soort- gelyk is aan 'n misdryf in item 1 bedoel wat in 'n vreemde Staat gepleeg word of was, waarby‘n bedrag van R50 000,00 of meer betrokke is.". |
| die Strafreg (Seksuele Misdrywe en Verwante Aangeleenthede), 2007 | (a) Die Inhoudsopgawe tot die Wysigingswet op die Strafreg (Seksuele Misdrywe en Verwante Aangeleenthede), 2007, word hierby gewysig- (i) deur die volgende Deel en items na item 11 in te voeg: “Deel 3A "Persone 18 jaar of ouer: Skadelike openbaarmaking van pornografie en bevele omklaer teen dieskadelike uitwerking van openbaarmaking van pornografie te beskerm 11A Skadelike openbaarmaking van pornografie 11B Bevele om klaer teen skadelike openbaarmaking van porno- grafie te beskerm hangende afhandeling van strafregtelike verrigtinge 11C Elektroniese kommunikasie- diensverskaffer moet besonder- hede aan hof verskaf 11D Bevele by afhandeling van strafregtelike verrigtinge”; (ii) deur die opskrif tot Deel 2 van Hoofstuk 3 deur die volgende opskrif te vervang: “Seksuele uitbuiting en seksuele aanvoring van kinders, blootstelling of vertoon van of veroorsaking van blootstelling of vertoon van kinder- pornografie of pornografie aan kinders,kinderpornografie en gebruikmaking van kinders vir |
+
+96
+
+Act No. 19 of 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | 11B.(1) 'n Klaer (hierna die applikant genoem) wat 'n klag by die Afrikaanse Polisiediens indien dat misdryf inartikelA(1),(2)of(3)bg na bewering teen hom of haar gepleeg is, kan op 'n ex parte-grondslag op die voorgeskrewe vorm en wyse, landdroshof aansoek doen om beskermingsbevel hangende die handeling van die strafregtelike verrigtinge om- (a)enige persoon te belet om pornografie wat met die klag verband hou, openbaar te maak, of veroorsaak dat dit openbaar gemaak word of die applikant te dreig met die open- baarmaking of veroorsaking van die openbaarmaaking daarvan; of (b) 'n elektroniese kommunikasiediens- verskaffer wiese elektroniese kommunikasiediens gebruik word om die pornografie te huisves of openbaar te maak wat met die klag verband hou, te beveel om daardie pornografie te verwyder of toegang daartoe te deaktiveer. (2) Die hof moet 'n aansoek ingevolge subartikel (1) aan die hof voorgele, so gou as redelik moontlik oorweeg en kan, vir daardie doel, enige bykomende getuienis wat die hof gepas ag, oorweeg, met inbegrip van mondelinge getuienis of getuienis by wyse van beedigde ver- klaring,wat deel van die oorkonde van die verrigtinge moet uitmaak. (3) Indien die hof oortuig is dat daar- (a)_prima facie getuienisis dat"n misdryf in artikel 11A(1), (2) of (3) bedoel, na bewering teen applikant gepleeg is; en (b) redelike gronde is om te glo dat 'n persoon in subartikel (1)(a) bedoel, daardie pornografie openbaar gemaak het of openbaarmaking veroorsaak het of die applikant gedreig het met die openbaarmaking veroorsaaking van die openbaar- making van die pornografie; of (c)redelike gronde is om te glo dat die elektroniese kommunikasiediens van die elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel, gebruik word om daardie pornografie te huisves of openbaar te maak, kan die hof, onderworpe aan sodanige voorwaardes wat die hof gepas ag, die bevel bedoel in subartikel(1) in die |
+
+Act No. 19 of 2020
+104
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (4) The order, referred to in subsection (3), must be served on the person referred to in subsection (1)(a) or electronic com- munications service provider referred to in subsection (1)(b),in the prescribed man ner: Provided, that if the court is satisfied that the order cannot be served in the prescribed manner, the court may make an order allowing service to be effected in the formo1 pecified in thatorder. (5)An order referred to in subsection (3) is of force ife ctfromthe timeit1S issued by the court and the existence thereof has been brought to the attention of the person referred to in subsection (1)(a) or electronic communications service pro- vider referred to in subsection (1)(b). (6) A person referred to in subsection (1)(a), other than the person who is ac- cused of having committed the offence in question, or an electronic communications service rovider, referred to in subsection (1)(b) may,within 14 days after the order has been served on him, her or it in terms of subsection (4)or within such further period as the court may allow, upon notice to the magistrate's court concerned, in the prescribed form and manner, apply to the court for the setting aside or amendment of the order referred to in subsection (3). (7)(a) The court must as soon as is reasonably possible consider an applica- tion submitted to it in terms of subsection 6)and that purpose, consider such additional evidence as it deems fit, including oral evidence or evidence by affidavit, which must form part of the record of the proceedings. (b) The court may if good cause has been shown for the variation or setting aside of the protection order, issue an order to this effect. (8)The court nay for purposes of subsections (2) and (7), in the prescribed form and manner cause to be subpoenaed any person as a witness at those proceed- ings or to provide any book, document or object, if the evidence of that person or book, document or object appears to the court essential to the just decision of the |
+
+Wet op Kubermisdade, 2020
+
+105
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | (4)Die bevel in subartikel (3) bedoel, moet aan die persoon in subartikel (1)(a) of elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel, op die voorgeskrewe wyse beteken word: Met dien verstande dat indien die hof oortuig is dat die bevel nie op die voorgeskrewe wyse beteken kan word nie, die hof bevel kan gee wat betekening in die vorm ofop diewyse in daardie bevel gespesifiseer, toelaat. (5)'n Bevel in subartikel (3) bedoel, is van krag vanaf die oomblik wat dit deur die hof uitgereik word en die bestaan daarvan onder die aandag van die persoon bedoel in subartikel (1)(a) of elektroniese kommunikasiediensverskaffer bedoel in subartikel (1)(b), gebring is. (6) Iemand in subartikel (1)(a) bedoel, anders as die persoon wat van die pleging van die betrokke misdryf beskuldig word, of 'n elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel kan, binne 14 dae nadat die bevel ingevolge subartikel (4) aan hom of haar beteken is, of binne sodanige verdere tydperk wat die hof mag toelaat, by kennisgewing aan die betrokke landdroshof, opdievoor- geskrewe vorm en wyse, by die hof aansoek doen om die tersydestelling of wysiging van die bevel in subartikel (3) bedoel. (7)(a) Die hof moet aansoek ingevolge subartikel (6) aan die hof voorgele, SO gou as redelik moontlik oorweeg en kan vir daardiedoel sodanige bykomende getuienis soos die hof gepas ag, oorweeg, met inbegrip van mondelinge getuienis of getuienis by wyse van beedigde verklaring, wat deel van die oorkonde van die verrigtinge moet uit- maak. (b) Die hof kan, by die aanvoer van goeie gronde vir die wysiging of tersydestelling van die beskermingsbevel, 'n bevel te dien effekte uitreik. (8) Die hof kan, vir doeleindes van subartikels (2) en (7), op die voorgeskrewe vorm en wyse enige persoon laat dagvaar as 'n getuie by daardie verrigtinge of om enige boek, dokument of voorwerp voor te le, indien die getuienis van daardie persoon of boek, dokument of voorwerp 'n |
+
+Act No. 19 of 2020
+106
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (b) may, in the prescribed manner, re- quest such additional evidence by way of affidavit from the electronic |
| communications service provider as it deems fit;: |
| (c)must give_ a decision in respect thereof; and (d)must inform the electronic communi- |
| cations service provider in the pre- scribed form and manner of the out- come of the application. (5) (a) The court may, on receipt of an |
| affidavit from an electronic communica- tions service provider which contains the information |
| referred to in subsection |
| (1)(b), consider the issuing of a protection |
| order in terms of section 11B(3) against the person or electronic communications |
|
|
| | service provider on the date to which the proceedings have been adjourned. (b) Any information furnished to the court in terms of subsection (1)(b) forms | part of the evidence that a court may consider in terms of section 11B(3). |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+113
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | beveel die |
| (a)daardie persoon om pornografie te vernietig en om 'n verklaring |
| beedigde in die voorgeskrewe vorm aan die aanklaer in die bevel geidentifiseer, voor te le, dat die pornografie aldus vernietig is; |
| of (b)"n elektroniese kommunikasiediens- verskaffer wie se diens gebruik word om daardie pornografie te huisves of openbaar te maak, beveel om daardie pornografie te verwyder of toegang daartoe te deaktiveer. |
|
|
| elektroniese kommunikasiediensver- |
| moet in die voorgeskrewe vorm wees en |
| (2)Die bevel in subartikel (1)(b) bedoel, moet op die voorgeskrewe wyse aan die |
| |
| | |
| | |
| | |
| | skaffer beteken word: Met dien verstande dat, indien die verhoorhof oortuig is dat |
| | |
| | |
| | die bevel nie op die voorgeskrewe wyse |
| | beteken kan word nie, die hof 'n bevel kan |
| | gee wat betekening in die vorm of op die |
| | wyse in daardie bevel gespesifiseer, |
| | toelaat. |
| | (3)Enige persoon of elektroniese |
| | kommunikasiediensverskafer_ wat_ ver- |
| | suim om aan 'n bevel in subartikel (1) |
| | bedoel te voldoen, is skuldig aan‘n |
| | misdryf. |
| | (4)'n Elektroniese kommunikasiediens- |
| | verskaffer kan, binne 14 dae na die bevel |
| | bedoel in subartikel (1)(b), ingevolge |
| | subartikel (2) daaraan beteken is, by kennisgewing |
| | aan die betrokke ver- hoorhof, op die voorgeskrewe vorm en wyse, by die verhoorhof aansoek doen om |
| | die tersydestelling of wysiging van die bevel. |
| | |
| | redelikerwys |
| | (5) (a) Die verhoorhof moet so gou as |
| | moontlik 'n aansoek |
| | ingevolge subartikel (4) daaraan voorgele, |
| | oorweeg en kan vir daardie doel sodanige |
| | bykomende getuienis oorweeg wat die hof |
| | gepas ag, met inbegrip van mondelinge |
| | getuienis of getuienis by wyse van |
| | beedigde verklaring, wat deel van die |
| | oorkonde moet uitmaak. |
| | |
| | |
| | (b) Die hof kan, by die aanvoer van |
| | |
| dien effekte uitreik. | grondevir die wysiging of tersydestelling van die bevel, 'n bevel te goeie |
+
+116
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | (6)Die verhoorhof kan, by die toepassing van subartikel (5)(a), enige persoon op die voorgeskrewe vorm en wyse laat dagvaar as getuie by daardie verrigtinge of om enige boek, dokument of voorwerp voor te lé, indien die getuienis van daardie persoon of boek, dokument of voorwerp vir die hof noodsaaklik blyk te wees vir die regverdige beslissing van die saak. (7) Enige _persoon wat ingevolge subartikel (6) gedagvaar is om verrigtinge by te woon en wat versuim om- (a) dit by te woon of teenwoordig te bly; (b) te verskyn by die plek en op die datumwaarheendiebetrokke verrigtinge verdaag kan word; (c) teenwoordig te bly by daardie ver- rigtinge aldus verdaag; of (d) enige boek, dokument of voorwerp in die dagvaarding gespesifiseer, voor te 1e, is skuldig aan 'n misdryf. (8) By die toepassing van hierdie artikels, beteken‘verhoorhof'- (a)n landdroshof ingestelkragtens artikel 2(1)(f)(i) van die Wet op Landdroshowe, 1944; (b)'n hof vir 'n streeksafdeling ingestel kragtens artikel 2(1)(g)(i) van die Wet op Landdroshowe, 1944; of (c) 'n Hooggeregshof bedoel in artikel 6(1) van die Wet op Hoer Howe, 2013. (9) Wanneer 'n persoon ook al aan 'n misdryf in artikel 11A(1), (2) of (3) skuldig bevind word, moet die verhoorhof 'n bevel gee dat die persoon wat aldus skuldig bevind is, alle koste moet vergoed wat redelikerwys aangegaan is deur- (a)'n klaer na aanleiding van enige lasgewing ingevolge artikel 11C(1)(b) uitgereik; of (b)'n elektroniese kommunikasiediens- verskaffer om daardie pornografie te verwyder of toegang daartoe te deaktiveer, waarop die bepalings van artikel 300 van die Strafproseswet, 1977, met die nodige veranderinge deur die samehang vereis, by daardie bevel van toepassing sal wees." (d) Hoofstuk 3 word hierby gewysig- (i)deur die opskrif by Deel 2 Hoofstuk 3 deur die volgende opskrif te vervang: van |
+
+Act No. 19 of 2020
+118
+
+
+| Number and year of law | Short title | Extent of repeal or amendment | (a)distribution; |
| | (c) (d) (e) (f) (g) (h) (i) (i) offence. (a)attends; (b)views; or pornography. mance involving child pornog- | (b)making available; transmission; offering for sale; selling; offering to procure; procuring; accessing; downloading; or viewing, of child pornography, is guilty of an (6) Any person who unlawfully and intentionally processes or facili- tates a financial transaction, knowing that such transaction will facilitate a contravention of subsections (1)to (5), is guilty of an offence."; and (iv)by the addition to section 20 of the following subsections: “(3)Any person who unlawfully and intentionally- (c)_participates in, a live performance involving child pornography, is guilty of the offence of attending, viewing or participating in, a performance involving child (4) Any person(“A") who unlaw- fully and intentionally recruits a child complainant (“B"), with or without the consent of B, whether for finan- cial or other reward, favour or com- pensation to B or a third person ("C") or not, for purposes of- (a)creating, making or producing of child pornography, is guilty of the offence of recruiting a child for child pornography; or (b)_participating in a live perfor- mance involving child pornog- raphy, as contemplated in sub- section (3), is_guilty _of the offence of recruiting a child for participating in a live perfor- |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+121
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (d) Any person or electronic communi- cations service provider that is convicted of an offence referred to in section 11C(7), is liable, on conviction to a fine or to imprisonment for a period not exceeding two years or to both such fine and impri- sonment. (e) Any electronic communications ser- vice provider or person that is convicted of an offence referred to in section 11D(3) or (7), is liable on conviction to a fine or to imprisonment for a period not exceeding 2 years or to both such fine and imprison- ment. (4) Any person who contravenes the provisions of section 19A(3), (4)(f), (g), (h), (i) or (j), or (5)(f),(g), (h), (i) or (j) is liable- (a)in the case of a first conviction, to a fine or to imprisonment for a period not exceeding five years or to both such fine and imprisonment; (b) in the case of a second conviction, to a fine or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment; or (c)in the case of a third and subsequent conviction, to a fine or to imprison- ment for a period not exceeding 15 years or to both such fine and impri- sonment. (5)Any person who contravenes the provisions of section 17(7), 19A(1), (2), (4)(a),(b),(c),(d), or (e),(5)(a),(b),(c), (d) or (e) or 20(3) or (4), is liable- (a)in the case of a first conviction, to a fine or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment; or (b) in the case of a second and subse- quent conviction, to a fine or to imprisonment for a period not ex- ceeding 15years or to both such fine and imprisonment. (6)Any person who contravenes the provisions of section 19A(6), is liable- (a)in the case of a first conviction, to a fine of R1 000 000 or to imprison- ment for a period not exceeding 5 |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+125
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging (d) Iemand of 'n elektroniese |
| (c) | kommunikasiediensverskaffer wat aan 'n misdryf bedoel in artikel 11C(7) skuldig bevind word, is strafbaar by skuldigbevinding met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 2 jaar of met beide daardie boete en gevangenisstraf. (e)‘n Elektroniese kommunikasie- diensverskaffer of persoon wat aan ‘n misdryf bedoel in artikel 11D(3) of (7) skuldig bevind word, isstrafbaarby skuldigbevinding met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 2 jaar of met beide daardie boete en gevangenisstraf. (4) Iemand wat die bepalings van artikel 19A(3),(4)(f), (g), (h),(i) of (j), of (5)(f), (g),(h), (i) of (j) oortree, is strafbaar- (a)indiegeval van 'neerste skuldigbevinding, met ‘n boete of met gevangenisstraf vir 'n tydperk van hoogstens 5 jaar of met beide sodanige boete en gevangenisstraf; (b)indie geval van 'n tweede skuldigbevinding, met 'n boete of met gevangenisstraf vir ‘n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf; of in die geval van 'n derde en daaropvolgende skuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 15 jaar of met beide daardie boete en gevangenisstraf. (5)Iemand wat die bepalings van artikel 17(7), 19A(1), (2), (4)(a), (b), (c) (d) of (e),(5)(a),(b),(c),(d) of (e) of 20(3) of (4) oortree, is strafbaar- (a)in die geval van 'n eerste skuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf; of (b)in die geval van'n tweede en daaropvolgendeskuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 15 jaar of met beide daardie boete en gevangenisstraf. (6)Iemand wat die bepalings van artikel 19A(6) oortree, is strafbaar- (a) in die geval van n eerste skuldigbevinding,met 'n boete van R1 000 000 of met gevangenisstraf vir 'n tydperk van hoogstens 5 jaar of metbeidedaardie boete en |
+
+Act No. 19 of 2020
+126
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Act No. 75 of 2008 | | (b)in the case of a second or subsequent conviction, to a fine of R2 000 000 or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment. (7)Any person who contravenes the provisions of section 54(3), is liable,on conviction to a fine or to imprisonment for a period not exceeding 5 years or to both such fine and imprisonment. (8) Any electronic communications ser- vice provider who contravenes the provi- sions of section 54(4), is liable, on convic- tion to a fine not exceeding R1 000 000 or to imprisonment for a period not exceed- ing 5 years or to both such fine and imprisonment." |
| Child Justice Act, 2008 | (a) The addition of the following item to Schedule 2: “26. Any offence contemplated in- (a)section 2, 3 or 4 of the Cybercrimes Act,2020; (b) section 5,6, 7 or 11(1) of the Cybercrimes Act, 2020, where the damage caused does not exceed an amount of R5000; (c) section 14, 15 or 16 of the Cyber- crimes Act, 2020; or (d)section 8, 9 or 10 of the Cybercrimes Act, 2020, where the amount in- volved does not exceed R1500. 27. An offence contemplated in section 11A(1) and (2) of Criminal Law (Sexual Offences and Related Matters) Amend- ment Act, 2007." (b) The addition of the following item to Schedule 3: “23. Any offence contemplated in- (a)section 5,6, 7 or 11(1)of the Cybercrimes Act, 2020,where the damage caused exceeds an amount of R5000; (b) section 8, 9 or 10 of the Cybercrimes Act, 2020, where the amount in- volved exceeds R1500; or (c)section 11(2) of the Cybercrimes Act, 2020. 24. An offence contemplated in section 11A(3) of Criminal Law (Sexual Offences |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+127
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Molao 75 wa 2008 | | (b) in die geval van 'n tweede en daaropvolgende skuldigbevinding, met 'n boete van R2 000 000 of met gevangenisstraf vir 'n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf. (7)Iemand wat die bepalings van artikel 54(3) oortree, is strafbaar by skuldig- bevinding met n boete of met gevangenisstraf vir 'n tydperkvan hoogstens vyf jaar of met beide daardie boete en gevangenisstraf. (8)'n Elektroniese kommunikasiediens- verskaffer wat die bepalings van artikel 54(4)oortree, is strafbaar by skuldig- bevinding met 'n boete van hoogstens R1 000 000 of met gevangenisstraf vir 'n |
| Molao wa Bosiamisi wa Ngwana, | tydperk van hoogstens vyf jaar of met beide daardie boete en gevangenisstraf." (a) Go tsenngwa ga ntlha e e latelang mo eejuleng 2: "26. Tlolomolao nngwe le nngwe e e umakilweng mo- (a)karolong2, kgotsa 4 ya Cybercrimes Act, 2020; (b) dikarolong 5, 6, 7 kgotsa 11(1) tsa Cybercrimes Act, 2020, fa tshenyegelo e e dirilweng e le kwa tlase ga bokana ka R5000; (c) karolo 14, 15 kgotsa 16 ya Cybercrimes Act, 2020; kgotsa (d) karolo 8, 9 kgotsa 10 ya Cybercrimes Act, 2020, fa tlhotlhwa e e amegang e le kwa tlase ga R1500. 27. Tlolomolao nngwe le nngwe e e umakilweng mo karolong 11A (1) le (2) ya Criminal Law (Sexual Offences and Re- lated Matters)Amendment Act,2007.". (b) Go tsenngwa ga ntlha e e latelang mo eejuleng 3: "23. Tlolomolao nngwe le nngwe e e umakilweng mo- (a)karolong 5, 6, 7 kgotsa 11(1) ya Cybercrimes Act, 2020, fa tshenyegelo e e dirilweng e le kwa godimo ga bokana ka R5000; (b) karolo 8, 9 kgotsa 10 ya Cybercrimes Act, 2020, fa tlhotlhwae e amegang e le kwa godimo ga R1500; kgotsa 3 |
\ No newline at end of file
diff --git a/dataset/data/docs/sibe_2022_Forbes_Africas-Chaotic-Legal-And-Regulatory-Cyberse.md b/dataset/data/docs/sibe_2022_Forbes_Africas-Chaotic-Legal-And-Regulatory-Cyberse.md
new file mode 100644
index 0000000000000000000000000000000000000000..556f7bf4ff27f733227fd3a95b9a40a3cbdaf91d
--- /dev/null
+++ b/dataset/data/docs/sibe_2022_Forbes_Africas-Chaotic-Legal-And-Regulatory-Cyberse.md
@@ -0,0 +1,53 @@
+INNOVATION
+
+# Africa's Chaotic Legal And Regulatory Cybersecurity Landscape Requires Harmonization
+
+
+
+By Robinson Sibe, Forbes Councils Member. for Forbes Technology Council, COUNCIL POST | Membership (fee-based)
+
+Aug 02, 2022, 10:00am EDT
+
+Dr. R.T. Sibe is the CEO/Lead Forensic Examiner of Digital Footprints Nig. Limited. He is a member of the Forbes Technology Council.
+
+
+
+GETTY
+
+There are more than 600 million total internet users in Africa. This is more than the total number of internet users in North America, South America and the Middle East. The last two decades have witnessed increased technology adoption in Africa. While this has obviously increased the efficiency of Africa's workforce, it has also come with associated risks—one of which is the risk of cyberattacks. Although this risk is global and not exclusive to Africa, Africa's preparation and response have not been coordinated as one would wish for.
+
+According to a recent Interpol report (download required), about $90\%$ of African businesses are operating without the necessary cybersecurity protocols and, therefore, are exposed to cyberattacks. The report also noted that there were more than 700 million threat detections in Africa within a one-year period. French newspaper Le Monde (via the Council on Foreign Relations) previously reported that the servers of the Chinese-built Africa Union headquarters in Ethiopia were bugged and that data had been routinely transmitted at night through a backdoor between 2012 and 2017. While China has denied this allegation, this is a classic example of how the continent is exposed—even at such high-level institutions.
+
+# Scramble For Response
+
+Over the years, there have been efforts from different African countries to address the cybersecurity challenge. While most jurisdictions have taken steps, many others have been lagging. For instance, some countries have enacted laws and regulations around the cybersecurity space. In Nigeria, the parliament enacted the Cybercrime Act 2015. The National Information Technology Development Agency (NITDA) also rolled out the Nigerian Data Protection Regulation (NDPR) in 2019.
+
+In South Africa, President Cyril Ramaphosa signed the Cybercrimes and Cybersecurity Act in 2021. This law mandates electronic communication service providers and financial institutions to act when their systems suffer a cybersecurity attack or breach. South Africa had previously signed the Protection of Personal Information Act No. 4 of 2013 Act into law.
+
+Ghana passed its Cybersecurity Act 2020 to coordinate the nation's response to the prevention and management of cyberattacks and breaches. Ghana previously signed into law the Data Protection Act, 2012 to protect the privacy and personal data of individuals. Egyptian President Abdel Fattah al-Sisi ratified the nation's "Anti-Cyber and Information Technology Crimes" law in 2018, and Egypt promulgated its Data Protection Law, which also reflects some aspects of the EU's GDPR.
+
+# Regional And Continental Response
+
+At the regional level, there have been some efforts as well. For instance, the Economic Community of West African States (ECOWAS) adopted the ECOWAS Regional Cybersecurity and Cybercrime Strategy at the 2020 Second Ordinary Session. ECOWAS had previously adopted the Supplementary Act on Personal Data Protection in 2010.
+
+At the continental level, the African Union (AU) adopted the Convention on Cyber Security and Personal Data Protection—also known as the Malabo Convention—in 2014. This was followed by the release of the Personal Data Protection Guidelines for Africa—a collaborative measure between the Internet Society and the AU—in 2018. According to the United Nations Conference on Trade and Development (UNCTAD), out of the 54 countries in Africa, only 33 $(61\%)$ have a data protection law in place.
+
+# Africa's Challenging Landscape And The Need For Harmonization
+
+Despite the commendation of AU's efforts in this regard, the Malabo Convention has had a hard start. For instance, as of 2021, only eight out of 55 AU members (Angola, Ghana,
+
+Guinea, Mauritius, Mozambique, Namibia, Rwanda and Senegal) had ratified the convention, which needs to be ratified by at least 15 countries. Interestingly, the countries that had not ratified the convention include continental giants such as Nigeria, South Africa and Kenya. Therefore, this Malabo Convention remains largely a document with little action.
+
+Clearly, while Africa may not be in short supply of laws, the implementation has been largely abysmal. Beyond this, the myriad of national and regional laws on the same issue may be confusing—particularly as the continent seeks to dismantle trade barriers through the Africa Continental Free Trade Area (AfCFTA). For AfCFTA to be successful, the continent needs continental risk management—a key aspect of which is tackling the emerging cybersecurity risks. The pockets of discordant laws across the continent leave the landscape chaotic.
+
+# Conclusion
+
+African enterprises continue to make exploits despite the chaotic cybersecurity landscape. The last few years have seen the emergence of seven unicorns, and all are relying on technology to do business. Africa's growing financial institutions continue to leverage technology to serve the continent and beyond. These enterprises are facing the continent's challenging and rapidly evolving cybersecurity landscape. Billions of dollars are lost annually across the continent from cybercrime and cybersecurity breaches.
+
+Therefore, it is imperative for the continent to put forward a united front in the cybercrime war, cybersecurity and data protection regulation. African nations need to ratify the Malabo protocol and continue to fine-tune the laws and regulations reflective of the evolving threat landscape. How Africa manages cybersecurity risk will determine the growth trajectory in the next decade.
+
+Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
+
+Follow me on LinkedIn. Check out my website.
+
+
\ No newline at end of file
diff --git a/dataset/data/docs/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md b/dataset/data/docs/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md
new file mode 100644
index 0000000000000000000000000000000000000000..023c88f6119a5d562928272edc347b3bffb01b1b
--- /dev/null
+++ b/dataset/data/docs/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md
@@ -0,0 +1,524 @@
+# STATESECURITYAGENCY
+
+NO.609
+
+04DECEMBER2015
+
+# THE NATIONAL CYBERSECURITY POLICY FRAMEWORK (NCPF)
+
+
+
+
+
+NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+# Table of Contents
+
+ABBREVIATIONS P EXECUTIVE SUMMARY 5 DEFINITIONS 8
+
+1. Introduction 10
+2. The South African Context .12
+3. Purpose of the NCPF .14
+4. Key Objectives of the NCPF. .15
+5. Capacity to Respond to Cybersecurity lmperatives .15
+6. Cybersecurity Hub and Additional CSiRTs. .18
+7. Verification of Information Security Products and Systems .19
+8. NCII Protection.. .20
+9. Cryptography .21
+10. Online E-ldentity Management in Cyberspace. .21
+11. Promote and Strengthen Local and International Cooperation.. .23
+12. Capacity Development, Research and Development .24
+13. Cyber-warfare. .24
+14. Promotion of a Cybersecurity Culture. .25
+15. Technical and Operational Standards Compliance. .25
+16. The Role and Responsibility of the State .26
+17. The role and Responsibility of the Private Sector .. .29
+18. The Role and Responsibility of Civil Society .29
+19. Conclusion. 30
+
+# ABBREVIATIONS
+
+CII Critical Information Infrastructure
+CRC Cybersecurity Response Committee
+CSIR Council for the Scientific and Industrial Research
+CSIRT Computer Security Incident Response Team
+DOJ&CD Department of Justice and Constitutional Development
+DOD&MV Department of Defence and Military Veterans
+DST Department of Science and Technology
+DTPS Department of Telecommunications and Postal Services
+ECS Electronic Communications Security
+ECT Electronic Communications and Transactions
+FIRST Forum for Incident Response and Security Teams
+GCA Global Cybersecurity Agenda
+GRC Governance, Risk Management and Compliance
+HLEG High-Level Experts Group
+ICT Information and Communications Technology
+ICASA Independent Communications Authority of South Africa
+IPR Intellectual Property Rights
+ISP Internet Service Provider
+ITU International Telecommunication Union
+JCPS Justice, Crime Prevention and Security (Cluster)
+MOU Memorandum of Understanding
+NCAC National Cybersecurity Advisory Council
+NCII National Critical Information Infrastructure
+NCPF National Cybersecurity Policy Framework
+NPA National Prosecuting Agency
+PKI Public Key Infrastructure
+SAPS South African Police Service
+SIEM Security Information and Event Management
+SITA State Information Technology Agency
+SOE State Owned Entity
+SSA State Security Agency
+UNODC United Nations Office on Drugs and Crime
+WSIS World Summit on the Information Society
+
+# EXECUTIVESUMMARY
+
+1. Information and Communications Technologies (lCTs) are indispensable in modern society.The interconnectivity of computer networks contributes significantly to economic growth, education, citizens' participation in social media and many others.
+2. This new electronic environment is commonly known as cyberspace. The dependence of the daily functioning of society on information communication technology solutions has led to a concomitant need for the development of adequate security measures. This is because the danger that Cybersecurity threats pose, is real.
+3.The numerous cyber-attacks launched in recent years against advanced information societies aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of international and also local security threats. Given the seriousness of cyber threats and of the interests at stake, it is therefore imperative that the comprehensive use of information communication technology solutions be supported by a high level of security measures and be embedded in a broad and sophisticated Cybersecurity culture. For this reason, the cyber threats need to be addressed at both the global and national levels.
+4. National Cybersecurity is a broad term encompassing the many aspects of electronic information, data and media services that affect a country's security, economy and welbeing. Ensuring the security of a country's cyberspace therefore comprises a range of activities at different levels.
+5.World-wide Cybersecurity strategies are being developed and are aimed at setting policy goals, measures and institutional responsibilities in a succinct manner. Generally, the primary concern is to ensure the confidentiality, integrity and availability (C-I-A) of computer data and systems and to protect against or prevent intentional and non-intentional incidents and attacks. Priority is also given to critical information infrastructure protection (CIIP).
+6. These strategies normally also contain measures against or reference to cybercrime. Measures against cybercrime provide a criminal justice response to C-l-A attacks against computers and thus complement technical and procedural Cybersecurity responses. However, cybercrime comprises also offences committed by means of computer data and systems, ranging from the sexual exploitation of children to fraud, hate speech, intellectual property rights (IPR) infringements and many other offences. Furthermore, any crime may involve electronic evidence in one way or the other. While this may not be labelled “cybercrime", a cybercrime strategy would nevertheless need to ensure that the forensic capabilities be created that are necessary to analyse electronic
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+evidence in relation to any crime, or that all law enforcement officers, prosecutors and judges are provided at least with basic skills in this respect.[1]
+
+7.This South African National Cybersecurity PolicyFramework is aligned to these goals and is necessitated to ensure a focussed and an all-embracing safety and security response in respect of the Cybersecurity environment and establishes and addresses the following:
+
+a) The development and implementation of a Government led, coherent and integrated Cybersecurity approach to address Cybersecurity threats;
+b) Establishing a dedicated policy, strategy and decision making body to be known as the JCPS Cybersecurity Response Committee,to identify and prioritise areas of intervention and focussed attention regarding Cybersecurity related threats. The Cybersecurity Response Committee will be chaired by the State Security Agency (SSA) and will be supported operationally by a Cybersecurity Centresituated at the SSA
+c) The capability to effectively coordinate departmental resources in the achievement of common Cybersecurity safety and security objectives (including the planning, response coordination and monitoring and evaluation);
+d) Fighting cybercrime effectively through the promotion of coordinated approaches and planning and the creation of required staffing and infrastructure;
+e) Coordination of the promotion of Cybersecurity measures by all role players (State, public, private sector, and civil society and special interest groups) in relation to Cybersecurity threats, through interaction with and in conjunction with the Cybersecurity Hub (to be established within the Department of Telecommunications and Postal Services);
+f) Strengthening of intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber terrorism and cyber warfare;
+g) Ensuring of the protection of national critical information infrastructure;
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+h) The promotion of a Cybersecurity culture and compliance with minimum security standards;
+i) The establishment of public-private partnerships for national and action plans in line with the NCPF; and
+j) Ensuring a comprehensive legal framework governing cyberspace.
+
+8. The National Cybersecurity Policy Framework (NCPF) is aligned with and dealt within the JCPS Cluster's mandate and obligations under Outcome $_{3:}$ All people are and feel safe in South Africa. In this regard, Output 8 of Outcome 3 requires the development and implementation of a Cybersecurity policy and the development of capacity to combat and investigate cybercrime that seeks to promote thefollowing
+
+a) Measures to address national security threats in terms of cyberspace;
+b) Measures to promote the combating of cybercrime;
+c) Measures to build confidence and trust in the secure use of ICT; and
+d) The development, review and update of existing substantive and procedural laws to ensure alignment.
+
+9.The NCPF is intended to provide a holistic approach pertaining to the promotion of Cybersecurity measures by all role players and will be supported by a National Cybersecurity Implementation Plan which will be developed by the JCPS Cluster in consultation with relevant stakeholders, identifying roles and responsibilities, timeframes, specific performance indicators, and monitoring and evaluation mechanisms. The development and large-scale implementation of a system of security measures as implemented elsewhere in the world will form part of the National Cybersecurity Implementation Plan.
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+# DEFINITIONS
+
+# In the context of this policy,
+
+"National Critical Information Infrastructure" means all ICT systems, data systems, data bases,networks (including people, buildings,facilities and processes), that are fundamental to the effective operation of the Republic1;
+
+"Computer Security Incident Response Team (CsiRT)" is a team of dedicated information security specialists that prepares for and responds to Cybersecurity breaches (Cybersecurity incidents);
+
+"Cybersecurity" is the practice of making the networks that constitute cyberspace secure against intrusions,maintaining confidentiality, availability and integrity of information, detecting intrusions and incidents that do occur, and responding to and recovering from them.
+
+"Cybersecurity Hub" means a CSiRT established to pool public and private sector threat information for the purposes of processing and disseminating such information to relevant stakeholders including the Cybersecurity centre.
+
+"Cyberspace" means a physical and non-physical terrain created by and/or composed of some or all of the following:
+
+computers, computer systems, networks and their computer programs, computer data, content data, traffic data, and users;
+
+"Cyber warfare" means actions by a nation/state to penetrate another nation's computers and networks for purposes of causing damage or disruption²;
+
+"Cyber espionage" means the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature),from individuals, competitors, rivals, groups, Governments and enemies for personal, economic, political or military advantage3;
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+"Cyber terrorism" means use of Internet based attacks in terrorist activities by individuals and groups, including acts of deliberate large scale disruptions of computer networks, especially computers attached to the Internet, by the means of tools such as computer viruses4;
+
+"Cybercrime" means illegal acts, the commission of which involves the use of information and communication technologies;
+
+"ICT"(Information and Communication Technologies) mean any communications device or application including radio, television, cellular phones, satellite systems, computers, network hardware and software and other services such as videoconferencing :
+
+"Information society” means people-centred, inclusive and development-oriented information, where everyone can create, access, utilise and share information and knowledge, enabling individuals, communities and people to achieve their full potential in promoting their sustainable development and improving the quality of their life.
+
+"JCPS CRC" means Justice, Crime Prevention and Security Cluster's Cybersecurity Response Committee.
+
+"Malware” means malicious software, and is programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behaviour. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or dangerous software or program code. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.(Symantec published a report in 2oo8 indicating that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.“According to F-Secure,"As much malware [was] produced in 20o7 as in the previous 20 years altogether." $^5)$
+
+"Organisation and user's assets” include connected computing devices, personnel, infrastructure,applications, services, telecommunication systems, and a totality of transmitted and/or stored information in the cyber environment.
+
+"Organ of State" means an Organ of the State as defined in section 239 of the Constitution.
+
+"Phishing" indicates, as an example, the fraudulent way of attempting to acquire sensitive information such as usernames, passwords and credit card details by someone masquerading as a trustworthy entity in an electronic communication,to lure the unsuspecting public.These modus
+
+# NATIONAL CYBERSECURITY POLICY FRAMEWORK FOR SOUTH AFRICA
+
+operandi are constantly evolving and is included here as typical examples of Cybersecurity / cybercrime threats that many people will encounter when using computers and information communication technology. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enterdetails at a fakewebsitewhose look andfeelare almost identical to the legitimate one.
+
+# 1. Introduction
+
+1.1 A number of strategic interventions and tactical interventions have been successfully implemented over the past few years and other interventions are in the process of being implemented within the Justice, Crime Prevention and Security (JCPS) Cluster in the fight against crime with the objective of making South Africa Safe. As part of Government's Outcome based priorities, the JCPS Cluster signed on 24 October 2010, the JCPS Delivery Agreement, relating to Outcome 3: “All People in South Africa Are and Feel Safe". This Outcome focuses on certain areas and activities, clustered around specific Outputs,where interventions will make a substantial and a positive impact on the safety of the people of South Africa. One such area relates to Output 8: which requires the development and implementation of a Cybersecurity Policy and the development of capacity to combat and investigate cybercrime. In line herewith, this document therefore sets out a National Cybersecurity Policy Framework (NCPF) for South Africa.
+
+1.2 It is generally accepted that Information and Communications Technologies (ICTs) have become indispensable in modern society. The increased interconnectivity of computer networks and the expansion of broadband including mobility are contributing significantly to economic growth, digital integration, education, electronic governance, citizens' participation in governance and many others. This new electronic environment is commonly known as cyberspace. It has created a “global village” with instantaneous communication possible between persons on the opposite sides of the world. The NCPF Policy Framework therefore recognises that Cybersecurity threats and the combating thereof have a personal, national and international context.
+
+1.3Cyberspace comes with new types of challenges to the governments of the world and it therefore introduces a further dimension to National Security. It is a borderless platform that enables more sophisticated threats such as cybercrime, cyber terrorism, cyber war and cyber espionage. The numerous cyber-attacks launched in recent years against advanced information societies aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of security threats. The acknowledgment that such attacks pose a threat to international security reached new heights in 2007 owing to the first-ever co-ordinated cyber-attack against an entire country and also because of large-scale cyber-attacks against information systems in many other countries as well. The co-ordinated cyber-attacks against government agencies, banks,
+
+# NATIONALCYBERSECURITY POLICYFRAMEWORKFOR SOUTHAFRICA
+
+media and telecommunications companies in Estonia demonstrated the vulnerability of a society's information infrastructure as an aspect of national security that needs attention in all countries. There are views that Internet is becoming more and more militarized.The problem is very specific to malware being distributed through terror groups.
+
+1.4The recurrence and growing incidence of cyber-attacks indicate the start of a new era in which the security of cyberspace requires a global dimension and the protection of National Critical Information Infrastructure must be elevated, in terms of national security, on par with traditional defence interests.
+
+1.5National Cybersecurity is a broad term encompassing many aspects of electronic information, data, and media services that affect a country's security, economy and welbeing. Ensuring the security of a country's cyberspace thus comprises of a range of activities at different levels.Towards this end, the most important policy domains include reducing the vulnerability of cyberspace, preventing cyber threats and attacks in the first instance and,in the event of an attack, ensuring a swift recovery of the functioning of critical information systems.
+
+1.6 Thus, a Cybersecurity strategy must appraise the vulnerability of a country's critical information infrastructure, devise a system of preventative measures against cyber-attacks, and decide upon the alocation of tasks relating to Cybersecurity management at the national level. Moreover, it is also important to improve the legal framework against cyber-attacks, to enhance international and institutional co-operation, and to raise public awareness and develop training and research programmes on Cybersecurity.
+
+1.7 The above threats necessitate a comprehensive and all-encompassing approach in dealing with cyber threats.In short, a Cybersecurity culture, driven in main by the State, is critical to ensure that citizens take advantage of the information age, whilst remaining conscious of the threats and vulnerabilities of cyberspace. The NCPF recognises the need to balance, on the one hand, the risks associated with the use of information systems and, on the other hand, the indispensability of extensive and free use of information technology to the functioning of open and modern societies. The growing threats to Cybersecurity should not hinder the crucial role of information and communications technology in stimulating the growth of economies and societies.
+
+1.8In response to the above challenges, Governments worldwide have established policies and structures that govern interaction and collaboration between Government, private sector, academia and civil society in an effort to prevent, react to, combat and mitigate Cybersecurity vulnerabilities and attacks.
+
+1.9 The NCPF recognises that the State is charged with implementing a Government led, coherent and integrated Cybersecurity approach which, amongst others,will:
+
+# NATIONAL CYBERSECURITY POLICYFRAMEWORK FOR SOUTHAFRICA
+
+a) Promote a Cybersecurity culture and demand compliance with minimum security standards;
+b) Strengthen intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime,cyber terrorism and cyber warfare and other cyber ills;
+c) Establish public-private partnerships for national and international action plans;
+d) Ensure the protection of National Critical Information Infrastructure; and
+e) Promote and ensure a comprehensive legal framework governing cyberspace.
+
+1.10 This framework is intended to implement an allencompassing approach pertaining to allthe role players (State, public, private sector, civil society and special interest groups) in relation to Cybersecurity. This framework will be supported by a National Cybersecurity Implementation Plan which will be developed by the SSA in consultation with relevant stakeholders, identifying roles and responsibilities, timeframes, specific performance indicators, and monitoring and evaluation mechanisms.
+
+# 2. The South African Context
+
+2.1 South Africa like many other countries has become dependent on the Internet to govern, to conduct business and for other social purposes. The Internet has become indispensable to many South Africans and will continue to be, as more people access the information highway. Taking into consideration the increase in national and international bandwidth in South Africa, cybercrimes and threats are and will continue to increase. These cybercrimes and threats have the potential to impact on our national security and economy.
+
+2.2 Currently there are various pieces of legislation, some with overlapping mandates administered by different Government Departments and whose implementation is not coordinated. Furthermore, the legislation when viewed collectively does not adequately address South Africa's Cybersecurity challenges.
+
+2.3 The absence of an aligned legal and regulatory framework, and the challenge of uncoordinated Cybersecurity eforts is not unique to South Africa, other jurisdictions arefaced with the same challenges.
+
+2.4Statistics in 2011 indicate that South Africa was in the top three countries that are targeted for phishing purposes, the other countries are the USA and the UK. In addition to phishing, other e-Crime incidents in the RSA have increased to the value of millions of rands. The banking sector is especially vulnerable to cybercrime. In light of the above and many more unreported incidents, there is a need to combat cybercrime.
+
+2.5 The borderless nature of cybercrimes introduces a further dimension to National Security. Numerous cyber-attacks have been launched against a number of countries,such as the attack on Estonia in 2007, which crippled the country's electronic systems. South Africa is not immune to such atacks. The protection of South Africa's critical information infrastructure and the coordination thereof is therefore essential. South Africa needs to develop mechanisms that will ensure proactive and coordinated national response to cyber threats and incidents including combating cybercrime. The Government's leadership role in this regard is important, whilst acknowledging that Cybersecurity is everyone's responsibility, public sector, private sector and civil society.
+
+2.6 The role of the ICTs in social and economic development of a country has been widely acknowledged; however the full potential of ICTs cannot be realized unless there is confidence and trust in the secure use of ICTs. Government should take responsibility to ensure that theprivate sector and civil society are not only aware of the dangers of operating in cyberspace but also take necessary measures not to become victims of cybercrime. It is thus prudent to develop within South Africa a culture of Cybersecurity that will address the needs of the public sector, private sector and civil society.
+
+2.7 Opportunities of ICT and the challenges of Cybersecurity are fuelled by advances in technology. Consequently, there is a need to develop the requisite skills to exploit the opportunities of an information economy and meet the dynamic challenges of Cybersecurity. South Africa will always lag behind or be vulnerableunless we develop requisite skills. There is a need to create an enabling environment for Cybersecurity training, education,research and development and skills development programmes in South Africa.
+
+2.8 South Africa is a consumer of ICTs and depends on overseas manufactured technologies to secure its cyberspace.The downside of this, is that our critical information infrastructure will continue to have some degree of vulnerability. Thus it is important to develop indigenous Cybersecurity technologies. Unless we develop Research and Development capabilities to address this, we will continue to rely of foreign technologies for this purpose. The absence of stringent compliance monitoring to ensure that technologies used comply to international and national Cybersecurity standards.
+
+2.9 South Africa will in the promotion and development of Cybersecurity measures in relation to this NCPF bear in mind the international instruments and measures that may be relevant such
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+as the work of the various agencies of the United Nations.° In 2011, the International Telecommunications Union (ITU) and the UN Office on Drugs and Crime (UNODC) signed a memorandum of understanding (MOU) to help secure cyberspace for consumers, businesses, and children and to mitigate the risks posed by cybercrime. The MOU will enable the parties to avail the necessary expertise and resources to establish legal measures and legislativeframeworks atnational level,forthebenefit of allinterestedcountries.This initiative is a major milestone in implementing a co-ordinated global approach to an increasingly serious global problem.'
+
+# 3. Purpose of the NCPF
+
+3.1The purpose of the NCPF is to create a secure, dependable,reliable and trustworthy cyber environment that facilitates the protection of critical information infrastructure whilst strengthening shared human values and understanding of Cybersecurity in support of national security imperatives and the economy. This will enable the development of an information society which takes into account the fundamental rights of every South African citizen to privacy, security, dignity, access to information, the right to communication and freedom of expression.
+
+3.2 The NCPF seeks to ensure that Government, business and civil society are able to enjoy the full benefits of a safe and secure cyberspace. To this end, the public sector, private sector and civil society willneed to work together tounderstand and address the risks,reduce the benefits to criminals and seize opportunities in cyberspace to enhance South Africa's overall security and safety including its economic well-being.
+
+3.3 This NCPF therefore provides for:
+
+a) Measures to address national security in terms of cyberspace; b) Measures to combat cyber warfare, cybercrime and other cyber ills; c) The development, review and updating existing substantive and procedural laws to ensure alignment; and d) Measures to build confidence and trust in the secure use of ICT.
+
+# NATIONAL CYBERSECURITY POLICYFRAMEWORKFORSOUTHAFRICA
+
+# 4. Key Objectives of the NCPF
+
+4.1The NCPF articulates the overall aim and objectives of the South African Government and sets out strategic priorities that will be pursued to achieve these objectives. In order to achieve the strategic visionset out in thispolicy, it is expected that this National Cybersecurity Policy Framework will:
+
+4.1.1 Centralise coordination of Cybersecurity activities,by facilitating the establishment of relevant structures, policy frameworks and strategies in support of Cybersecurity in order to combat cybercrime, address national security imperatives and to enhance the information society and knowledge based economy;
+4.1.2 Foster cooperation and coordination between Government, the private sector and civil society by stimulating and fostering a strong interplay between policy, legislation, societal acceptance and technology;
+4.1.3 Promote international cooperation;
+4.1.4 Develop requisite skills, research and development capacity;
+4.1.5 Promote a culture of Cybersecurity; and
+4.1.6 Promote compliance with appropriate technical and operational Cybersecurity standards.
+
+# 5. Capacity to Respond to Cybersecurity lmperatives
+
+5.1The Justice Crime Prevention and Security Cluster (JCPS),working in consultation with other Government Clusters , will oversee the implementation of this policy framework, with the aim to ensure centralized coordination of Cybersecurity issues.
+
+5.2Adedicated JCPSCybersecurity Response Committee will be established within the JCPS Cluster to coordinate Cybersecurity activities, drive the implementation of the NCPF and manage the implementation of Output 8. The Cybersecurity Response Committee will be chaired by the State Security Agency (SSA) and it will be supported operationally by a CybersecurityCentresituated at the SSA.All relevant JCPS departments willberepresented on the Cybersecurity Response Committee.
+
+5.3 The role of the JCPS Cybersecurity Response Committee will, amongst others, be to:
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+5.3.2 Coordinate Cybersecurity activities and be a central point of contact on all Cybersecurity matters pertinent to national security (national defence, national intelligence and cybercrime);
+
+.3 Identify and prioritise areas of intervention and promote focussed attention and guidance where required regarding Cybersecurity related threats and incidents;
+
+5.3.4 Promote, guide and coordinate activities aimed at improving Cybersecurity measures by all role players, which would include amongst others, the strengthening of intelligence collection and improved State capacity to investigate, prosecute and combat:
+
+a) Cybercrime,
+b) Cyber terrorism,
+c) Cyber espionange,
+d) Cyber warfare and
+e) Any other cyber related threats;
+
+5.3.5 Oversee and guide the functioning of the Cybersecurity Centre, Cybersecurity Hub, RSA Government Electronic Communications Security Computer Security Incident Response Team (ECS -CSiRT) and any other CSiRT established in SA.
+
+5.3.6 Promote and provide guidance to the process of the development and implementation of:
+
+a) The protection of national critical information infrastructure Plan;
+b) Situational analysis and awareness campaign concerning the risk environment of South African cyberspace;
+c) Cybersecurity culture and compliance with minimum security standards;
+d) Public-private partnerships for national and action plans in line with the NCPF;
+e) Compliance with appropriate technical and operational Cybersecurity standards;
+f) Cybersecurity training, education, research and development and skills development programmes;
+g) International cooperation;
+h) Facilitation of interaction, both nationally and internationally, including through international memberships to organisations such as the Forum for Incident Response and Security Teams (FiRST); and develop policy guidelines to inform such interaction;
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+i) Establishment of sector, regional and continental CSiRTs; and j) Comprehensive legal framework governing cyberspace.
+
+5.4 The role of the Cybersecurity Centre will be to:
+5.4.1 Facilitate the operational coordination of Cybersecurity incident response activities regarding national intelligence, national defence and cybercrime;
+5.4.2 Develop measures to deal with Cybersecurity matters impacting on national security;
+5.4.3 Facilitate the analysis of Cybersecurity incidents, trends, vulnerabilities, information sharing, technology exchange on national security and threats to improve technical response coordination;
+5.4.4 Provide guidance to and facilitate the identification, protection and securing of National Critical Information Infrastructure (NCIl);
+5.4.5 Ensure regular assessment and testing of National Critical Information Infrastructures, including vulnerability assessments, threat and risk assessment and penetration testing;
+5.4.6 Provide coordination and guidance regarding Corporate Security and Policy Development; Governance, Risk Management, and Compliance (GRC); ldentity and Security Management; Security Information and Event Management (SiEM), and Digital Forensics as it pertains to Cybersecurity matters within Organs of State;
+5.4.7 Develop response protocols to guide coordinated responses to Cybersecurity incidents and interaction with the various stakeholders;
+5.4.8 Ensure the conducting of Cybersecurity audits, assessments and readiness exercises and provide advice on the development of national response plans;
+5.4.9 Provide the Secretariat services required in relation to the JCPS Cybersecurity Committee, and
+5.4.10 Perform any other function consistent with the strategic and policy objectives set out herein.
+
+# 6. Cybersecurity Hub and Additional CSlRTs
+
+6.1 Notwithstanding the envisaged JCPS Cybersecurity Response Committee, the Cybersecurity Centre and the existing ECS-CSiRT, there is also a need to ensure appropriate consultation between the JCPS cluster departments, the private sector and civil society regarding Cybersecurity matters.
+6.2 To deal with the above stated, this policy recognises that the crucial need for the facilitation of interaction between the key role players in the public sector, private sector and the broader civil society. The NCPF therefore promotes the coordination and consultation between the JCPS cluster departments, the private sector and civil society regarding Cybersecurity matters through the establishment of a Cybersecurity Hub within the Department of Telecommunications and Postal Services (DOC). The Cybersecurity Hub will be operated within the DOC in accordance with national security guidelines and standards issued by the JCPS Cybersecurity Response Committee.
+6.3 To enhance interaction, consultations and to promote a coordinated aproach regarding engagements with the private sector and civil society, Cybersecurity Hub will amongst others, have the responsibility to:
+6.3.1 Coordinate general Cybersecurity activities, in consultation with JCPS CRC as well as including identifying stakeholders and developing public-private relationships and collaborating with any sector CSiRTs that may be established;
+6.3.2 Disseminate relevant information to othersector CSiRTs, vendors, technology experts on Cybersecurity developments;
+6.3.3 Provide best practice guidance on ICT security for Government, business and civil society;
+6.3.4 Initiate Cybersecurity awareness campaigns;
+6.3.5 Promote compliance with standards, procedures and policy developed by the JCPS Cybersecurity Response Committee regarding Cybersecurity matters with a bearing on national security.
+6.3.6 Encourage and facilitate the development of appropriate additional sector CSiRTs. The sector CSIRTs will:
+6.3.6.1 Be a point of contact for that specific sector on Cybersecurity matters;
+6.3.6.2 Coordinate Cybersecurity incident response activities within that sector;
+
+NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+
+| No. and year of law Act 23 of 1994 | Short title Public Protector Act, | Extent of repeal or amendment |
| 1994 | 1. The amendment of section 6 by the- (a) substitution for paragraph (b) of subsection (4) of the following paragraph: “(b) to endeavour, in his or her sole discretion, to resolve any dispute or rectify any act or omission by- (i) mediation, conciliation or negotiation; (ii) advising, where necessary, any complainant regarding appropriate remedies; or (ii) any other means that may be ex- pedient in the circumstances; and"; (b) substitution for paragraph (c) of subsection (4) of the following paragraph: “(c) at a time prior to, during or after an investigation- (i) if he or she is of the opinion that the facts disclose the commission of an offence by any person, to bring the matter to the notice of the relevant authority; and charged with prosecutions; or (ii) if he or she deems it advisable, to refer any matter which has a bearing on an investigation, to the appropriate public body or authority; and affected by it or to make an appropriate recommendation regarding the redress of the prejudice resulting therefrom or make any other appropriate recommendation he or she deems expedient to the affected public body or authority[; and]."; and (c) deletion of paragraph (d) of subsection (4). |
| Act 2 of 2000 | Promotion of Access to Information Act, 2000 | 1. The amendment of section 1 by the- (a) insertion, after the definition of “application" of the following definition: “biometrics' means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recogni- tion;”; |
+
+110
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | (b) omission of the definition of “Human Rights Commission"; (c) substitution for the definition of “personal information" of the following definition: “‘personal information' means information relating to an identifiable natural person, including, but not limited to- (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assigned to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g)the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person, but excludes information about an individual who has been dead for |
+
+112
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | (ii) a description of all remedies available in respect of an act or a failure to act by the body; |
| and (iv) such other information as may be prescribed; (b)insofar as this Act is concerned- (i) a description of the guide referred to in section 10, if available, and how to obtain access to it; |
| [(d)](ii) sufficient detail to facilitate a request for access to a record of the body, a description of the subjects on which the body holds records and the categories of records held on each subject; |
| [(e)](ii) the latest notice, in terms of section 15(2), if any, regarding the categories of records of the body which are available without a person having to request access in terms of this Act; |
| [(f)](iv) a description of the services | available to members of the public from the body and how to gain access to those services; and [(g)](v) a description of any arrangement or provision for a person (other than a public body referred to in paragraph (a) or (b)(i) of the definition of "public body" in section 1) by consultation, making representations or otherwise, to participate in or influence- [(i)](aa) the formulation of policy; or [(ii)](bb) the exercise of powers or perfor- mance of duties, by the body; (c) insofar as the Protection of Personal Information Act, 2013, is concerned- (i) the purpose of the processing; (ii) a description of the categories of data subjects and of the |
+
+118
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| application, as the case may be.". | (b) that the requester may lodge an internal appeal, a complaint to the Information Regulator or an application with a court, as the case may be, against the tender or payment of the request fee in terms of subsection (1), or the tender or payment of a deposit in terms of subsection (2), as the case may be; and (c) the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may.". 8. The amendment of section 25 by the- (a) substitution for paragraph (c) of subsection (2) of the following paragraph: “(c) that the requester may lodge an internal appeal, a complaint to the Information Regulator or an application with a court, as the case may be, against the access fee to be paid or the form of access granted, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be."; and (b) substitution for paragraph (c) of subsection (3) of the following paragraph: “(c) state that the requester may lodge an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be, against the refusal of the request, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be.". 9. The amendment of section 26 by the substitution for paragraph (c) of subsection (3) of the following paragraph: “(c) that the requester may lodge an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be, against the extension, and the procedure (including the period) for lodging the internal appeal, complaint to the Information Regulator or |
+
+124
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | 10. The amendment of section 29 by the substitution of subsection (9) for the following subsection: “(9) If an internal appeal, complaint to the Information Regulator or an application to a court, as the case may be, is lodged against the granting of a request for access to a record, access to the record may be given only when the decision to grant the request is finally confirmed." 11. The amendment of section 49 by the- (a) substitution of paragraphs (b) and (c) of subsection (3)for the following paragraphs: “(b) that the third party may lodge an internal appeal, complaint to the Information Regulator or an application, as the case may be, against the decision within 30 days after notice is given, and the procedure for lodging the internal appeal, complaint to the Information Regulator or application, as the case may be; and (c) that the requester will be given access to the record after the expiry of the applicable period contemplated in paragraph (b), unless such internal appeal, complaint to the Information Regulator or application with a court is lodged within that period."; and (b) substitution of subsection (4) of the following subsection: “(4) If the information officer of a public body decides in terms of subsection (1) to grant the request for access concerned, he or she must give the requester access to the record concerned after the expiry of 30 days after notice is given in terms of subsection (1)(b), unless an internal appeal, complaint to the Information Regulator or an application with a court, as the case may be,is lodged against the decision within that period.". 12. The amendment of section 51 by- (a) by the substitution of subsection (1)for the following subsection: “(1) [Within six months after the commencement of this section or the coming into existence of the private body concerned, thel The head of a private body must [compile] make a manual available in terms of subsection (3) containing- (a) in general- (i) the postal and street address, phone and fax number and, if available, electronic mail address of the head of the body; and (ii) such other information as may be prescribed; |
+
+126
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | [(b)] (i) a description of the guide referred to in section 10, if available, and how to obtain access to it; of section 52(2), if any, regarding the categories of record of the body which are available without a person having to request access in terms of this Act; [(d)](ii) a description of the records |
| [(c)] (ii) the latest notice in terms |
| of the body which are available in accordance (c) insofar as the Protection of Personal InformationAct,2013,is concerned- (i) the purpose of the processing; |
| with any other legislation; and [(e)](iv) sufficient detail to facilitate a request for access to a record of the body, a description of the subjects on which the body holds records and the categories of records held on each subject; [and] |
| | (ii) a description of the categories of |
| data subjects and of the information or categories of information relating thereto; (iii) the recipients or categories of recipients to whom the personal information may be supplied; (iv)planned transborder flows of personal information; and (v)a general description allowing a preliminary assessment of the suitability of the information security measures to be implemented by the responsible party to ensure the confidential- ity, integrity and availability of the information which is to be processed.". [(f) in general such other information as may be prescribed.]"; and (b) by the substitution for subsection (3) of the following subsection: “(3) [Each manual must be made available as prescribed] The manual referred to in subsection (1), or the updated version thereof as referred to in subsection (2) must be made available- |
+
+128
+
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | Regulator may decide to take no action on complaint |
| 77D. (1) The Information Regulator, after investigating a complaint received in terms of section 77A, may decide to take no action or, as the case may be, require no further action in respect of the complaint if, |
| in the Information Regulator's opinion- |
| (a) the complaint has not been submitted within the period referred to in section 77A(2) and there are no reasonable |
| |
| grounds to condone the late submission; |
| |
| (b) the complaint is frivolous or vexatious |
| or is not made in good faith; or |
| (c)it appears to the Information Regulator |
| |
| that, having regard to all the circum- |
| unnecessary or inappropriate. | stances of the case, any further action is |
| (2) In any case where the Information |
| Regulator decides to take no action, or no |
| further action, on a complaint, the |
| Information Regulator must inform the |
| for it. | complainant of that decision and the reasons |
| |
| Pre-investigation proceedings of Regulator |
| |
| 77E. Before proceeding to investigate any |
| matter in terms of this Chapter, the |
| Information Regulator must, in the |
| prescribed manner, inform- |
| (a) the complainant of the Information |
| Regulator's intention to conduct the |
| investigation; and |
| (b) the information officer of the public |
| body or the head of the private body, as |
| the case may be, to whom the complaint relates of the- |
| (i) details of the complaint; and |
| (ii) right of the information officer or |
| the head to submit to the Informa- |
| tion Regulator, within a reasonable |
| period, a written response in relation to the complaint. |
| Settlement of complaints |
| |
| 77F. If it appears from a complaint, or |
| any written response made in relation to a |
| complaint under section 77E(b)(ii), that it |
| may be possible to secure a settlement |
| |
| between the parties concerned, the |
| Information Regulator may, without |
| |
| investigating the complaint or, as the case |
| may be, investigating the complaint further, |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| in the prescribed manner, use its best |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| endeavours to secure such a settlement. |
+
+138
+
+| No. and year of law | Short title | Extent of repeal or amendment |
| | Investigation proceedings of Regulator |
| 77G.(1) For the purposes of the |
| investigation of a complaint the Information |
| Regulator has powers similar to those of the |
| High Court in terms of section 80 relating to the disclosure of records to it and |
| non-disclosure of records by it. |
| (2) Section 81 of the Protection of |
|
| Personal Information Act, 2013, applies to |
| the investigation of complaints in terms of this Chapter. |
| Assessment |
| 77H. (1) The Information Regulator, on its own initiative, or at the request by or on |
|
|
| behalf of an information officer or head of a |
| private body or any other person may make an assessment in the manner prescribed of |
| whether a public or private body generally |
| complies with the provisions of this Act |
|
| insofar as its policies and implementation procedures are concerned. |
| (2) The Information Regulator must make |
| the assessment if it appears to be appropri- ate, unless, where the assessment is made on |
| |
| request, the Information Regulator has not |
| been supplied with such information as it |
| may reasonably require in order to- (a) satisfy itself as to the identity of the |
| |
| person making the request; and (b) enable it to identify the private or public |
| body concerned. |
| (3) The matters to which the Information |
| Regulator may have regard in determining |
| whether it is appropriate to make an |
| assessment include- |
| (a) the extent to which the request appears |
| to it to raise a matter of substance; |
| (b) determining that the request is not |
| frivolous or vexatious; and |
| (c) whether or not the person making the |
| request is entitled to make an application |
| in terms of this Act in respect of the |
| information in question. |
| |
| (4) If the Information Regulator has |
| |
| |
| |
| |
| |
| |
| received a request under this section it must |
| |
| |
| |
| |
| notify the person referred to in subsection |
| |
| |
| |
| |
| |
| (1)- |
| |
| |
| |
| |
| |
| |
| |
| (a) whether it has made an assessment as a |
| |
| |
| |
| |
| |
| |
| |
| result of the request; and |
+
+140
+
+| No. and year of law Act 25 of 2002 | Short title | Extent of repeal or amendment |
| Electronic Communi- cations and Transactions Act, 2002 | 1.The amendment of section 1 by the substitution for the definition of “personal information" of the following definition: ‘personal information' means information relating to an identifiable natural person, including, but not limited to- (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assigned to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspon- dence; (g)the views or opinions of another individual about the person; and |
| | “‘prohibited conduct' means any act or omission in contravention of the Act, other than an act or omission as contemplated in section 55(2)(b) or that constitutes an offence under this Act, by- (a) an unregistered person who is required to be registered to engage in such an act; or |
+
+148
+
+
+| Number and year of law Act No. 51 of 1977 Act,1977 | Short title Criminal Procedure 5: “A contravention of section 8, 9 or 10 of the Cybercrimes Act, 2020- (b) | Extent of repeal or amendment The addition of the following items to Schedule |
| (ii) | (a)involving amounts of more than R500 000,00; involving amounts of more than R100 000,00, if it is proven that the offence was committed- (i)by a person, group of persons, syndicate or any enterprise act- ing in the execution or further- ance of a common purpose or conspiracy; or by a person or with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer program, a computer data stor- age medium or a computer sys- tem of another person in respect of which the offence in question was committed; or (c)if it is proven that the offence was committed by any law enforcement officer- (i)involving amounts of more than R10 000; or (ii) as a member of a group of persons, syndicate or any enter- prise acting in the execution or furtherance of a common pur- pose or conspiracy; or (iii)with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to |
| Act No. 68 of | | offence in question was com- mitted. A contravention of section 11(2) of the Cybercrimes Act, 2020." South African Police|The deletion of section 71. Service Act, 1995 |
+
+Wet op Kubermisdade, 2020
+
+85
+
+# Bylae
+
+(Artikel 58) WETTE HERROEP OF GEWYSIG
+
+| Nommer en jaar van wet Wet No.51 van 1977 1977 | Kort titel Strafproseswet, | Omvang van herroeping of wysiging |
| | Die volgende items word by Bylae 5 gevoeg: n Oortreding van artikel 8, 9 of 10 van die Wet op Kubermisdade, 2020- (a)waarby bedrae van R500 000,00 betrokkeis (b) waarby bedrae van R100 000,00 betrokke is, indien bewys word dat die misdryf gepleeg is- (i)deur 'n persoon, groep persone, sindikaat of enige onderneming handelende in die uitvoering of bevordering van 'n gemeenskap- like doel of sameswering; of (ii)_deur ‘n persoon of met die sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaamhede of wettige magtiging, toesig gehad het oor, in beheer was van, of toegang gehad het tot data, ‘'n rekenaarprogram, rekenaardatabergingsmedium of 'n rekenaarstelsel van 'n ander persoon ten opsigte waarvan die betrokke misdryf gepleeg is; of (c)indien bewys word dat die misdryf deur enige wetstoepassingsbeampte gepleeg is- (i)_waarby bedrae van R10 000 betrokke is; of (ii)as 'n lid van 'n groep persone, sindikaat of enige onderneming handelende in die uitvoering of ter bevordering van 'n gemeen- |
| | skaplike doel of sameswering; of (iii) met die sameswering of bystand van iemand anders,wat as deel van sy of haar pligte, werksaam- hede of wettige magtiging toesig gehad het oor, in beheer was van, of toegang gehad het tot data,'n rekenaarprogram, 'n rekenaardatabergingsmedium of 'n rekenaarstelsel van iemand anders ten opsigte waarvan die betrokke misdryf gepleeg is. |
| van 1995 | 'n Oortreding van artikel 11(2) van die Wet op Kubermisdade, 2020." Artikel 71 word geskrap. Artikel 24B word geskrap. |
| Wet No.68 Wet No.65 van 1996 | Wet op Suid- Afrikaanse Polisiediens, 1995 Wet op Films en Publikasies, 1996 | |
+
+Act No. 19 of 2020
+86
+
+
+| Number and year of law Act No.105 Criminal Law of 1997 Amendment Act, 1997 | Short title | Extent of repeal or amendment |
| Schedule 2: | The addition of the following item to Part II of “A contravention of section 8, 9 or 10 of the Cybercrimes Act, 2020- (a)involving amounts of more than R500 000,00; (b)involving amounts of more than R100 000,00, if it is proven that the offence was committed- (i) by a person, group of persons, syndicate or any enterprise act- ing in the execution or further- ance of a common purpose or conspiracy; or (ii)_by a person or with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer program, a computer data stor- age medium or a computer sys- tem of another person in respect of which the offence in question was committed; or (c)if it is proven that the offence was committed by any law enforcement officer- (i)involving amounts of more than R10 000; or (ii) as a member of a group of |
| | persons, syndicate or any enter- prise acting in the execution or furtherance of a common pur- pose or conspiracy; or (iii)_with the collusion or assistance of another person, who as part of his or her duties, functions or lawful authority was in charge of, in control of, or had access to data, a computer_program,a computer data storage medium or a computer system of another person in respect of which the |
| Act No. 32 of 1998 | National Prosecut- ing Authority Act, | offence in question was com- mitted." The deletion of sections 40A and 41(4). |
| Act No. 111 of1998 Act No. 38 of | Correctional Ser- vices Act,1998 Financial Intelli- gence Centre Act, | The deletion of section 128. The deletion of sections 65, 66 and 67. |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+87
+
+
+| Nommer en jaar van wet Wet No.105 | Kort titel | Omvang van herroeping of wysiging |
| van 1997 van 2001 Intelligensiesentrum, 2001 | Strafregwysigings- wet,1997 | gevoeg: is- tenopsigte (c)indien bewys word dat die misdryf gepleeg is- (i)_waarby bedrae van of | “n Oortreding vanartikel 8, 9of 10 van die Wet op Kubermisdade, 2020- (a)waarby bedrae van meer as R500 000,00 betrokke is; (b)waarby bedrae van meer as R100 000,00 betrokke is, indien bewys word dat die misdryf gepleeg (i)deur 'n persoon, groep persone, sindikaat of enige onderneming handelende in die uitvoering of bevordering_van'n gemeen- skaplike doel of sameswering; of (ii) deur 'n persoon of met die |
| sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaamhede of wettige magtiging toesig gehad het oor, in beheer was van of toegang gehad het tot data, 'n rekenaarprogram, 'n rekenaar- databergingmedium of 'n reke- naarstelsel van iemand anders waarvan die betrokke misdryf gepleeg is; of deur enige wetstoepassingsbeampte R10 000,00 betrokke is; of (ii)as 'n lid van 'n groep persone, sindikaat of enige onderneming handelende in die uitvoering of ter bevordering van 'n gemeen- skaplike doel of sameswering; (iii)met die sameswering of bystand van iemand anders, wat as deel van sy of haar pligte, werksaam- hede of wettige magtiging toesig gehad het oor, in beheer was van of toegang gehad het tot data, 'n die meer as |
| Wet No.32 van 1998 | Wet op die Nasionale Vervolgingsgesag, | rekenaarprogram, ‘n rekenaar- databergingsmedium of n reke- naarstelsel van iemand anders tenopsigte waarvan betrokke misdryf gepleeg is.". Artikels 40A en 41(4) word geskrap. Artikel 128 word geskrap. |
| Wet No. 111 van 1998 Wet No.38 Wet op Finansiele | 1998 Wet op Korrektiewe Dienste,1998 |
+
+Act No. 19 of 2020
+88
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Act No. 25 of 2002 | Electronic Commu- nications and Trans- actions Act, 2002 | (a) The deletion of sections 85, 86, 87 and 88. (b) The substitution for section 89 of the following section: “Penalties 89. [(1)] A person convicted of an offence referred to in sections 37(3), 40(2), 58(2),80(5)[,] or 82(2) [0r 86(1), (2) or (3)] is liable to a fine or imprisonment for a period not exceeding 12 months. [(2) A person convicted of an offence referred to in section 86(4) or (5) or section 87 is liable to a fine or imprison- |
| Act No. 70 of 2002 | Regulation of Inter- (a) ception of Commu- nications and Provi- sion of Communication related Information Act, 2002 | ment for a period not exceeding five years.]". The amendment of section 1 by the substi- tution for paragraph (a) of the definition of “serious offence” of the following para- graph: “(a) offence mentioned in [the] Schedule 1; or". (b) The amendment of section 4 by the addi- tion of the following subsection: “(3) Notwithstanding subsection (2), a law enforcement officer or a person who is authorised in terms of the Criminal Proce- dure Act, 1977, the Cybercrimes Act, 2020, or any other law to engage or to apprehend a suspect or to enter premises in respect of the commission or suspected commission of any offence, may during the apprehension of the suspect or during the time that he or she is lawfully on the premises, record what he or she observes or hears if- (a)the recording relates directly to the purpose for which the suspect was apprehended or the law enforcement officer or_person entered the pre- mises; and (b) the law enforcement officer or person has- (i)identified himself or herself as such; and (ii) verbally informed any_person concerned that his or her direct communications are to be re- corded, before such recording is made." (c) The substitution for subsection (4) of section 17 of the following subsection: “(4) A real-time communication-related direction may only be issued if it appears |
+
+Wet op Kubermisdade, 2020
+
+89
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Wet No.25 van 2002 | Wet op Elektroniese Kommunikasies en Transaksies, 2002 | (a) Artikels 85, 86, 87 en 88 word geskrap. (b) Artikel 89 word deur die volgende artikel vervang: “Strawwe 89. [(1)] 'n Persoon wat skuldig bevind is aan 'n misdryf bedoel in artikels 37(3), 40(2),58(2), 80(5)[,l of 82(2) [of 86(1), (2) of (3)] is strafbaar met 'n boete of gevangenisstraf vir 'n tydperk wat nie 12 maande oorskry nie. [(2)'n Persoon wat skuldig bevind is aan 'n misdryf bedoel in artikel 86(4) of |
| Wet No. 70 van 2002 | Wet op die Reeling van Onderskepping van Kommunikasies en Verstrekking van Kommunikasie- verwante Inligting, 2002 | (5) of artikel 87 is strafbaar met 'n boete of gevangenisstraf vir 'n tydperk wat nie vyf jaar oorskry nie.]" (a) Artikel 1 word gewysig deur paragraaf (a) van die omskrywingvan“ernstige misdryf" deur die volgende paragraaf te vervang: “(a) misdryf vermeld in [die] Bylae 1; of". (b) Artikel 4 word gewysig deur die volgende subartikel by te voeg: “(3)Ondanks subartikel (2), kan 'n wetstoepassingsbeampte of n persoon wat ingevolge die Strafproseswet, 1977, die Wet op Kubermisdade, 2020, of enige ander wetsbepaling, gemagtig is om ‘n verdagte te betrek of in hegtenis te neem of om ‘n perseel te betree ten opsigte van die pleging of vermeende pleging van enige misdryf, tydens die inhegtenisname van die verdagte of terwyl hy of sy wettig op die perseel is, opneem wat hy of sy waarneem of hoor indien- (a) die opname direk in verband staan met die doel waarvoor die verdagte in hegtenis geneem is of die wets- toepassingsbeampte of persoon die perseel betree het; en (b)die wetstoepassingsbeampte of persoon- (i) hom- of haarself as sodanig geidentifiseer het; en |
+
+Act No. 19 of 2020
+90
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| (d) The substitution for subsection (4) of |
| being or will probably be committed; (b) the gathering of information concern- ing an actual threat to the public health or safety, national security or compelling national economic inter- ests of the Republic is necessary; (c) the gathering of information concern- ing a potential threat to the public health or safety or national security of |
|
| the Republic is necessary; (d) the making of a request for the provision, or the provision to the competent authorities of a country or territory outside the Republic, of any |
| assistance in connection with, or in the form of, the interception of com- munications relating to organised crime, an offence mentioned in Schedule II or any offence relating to terrorism or the gathering of informa- tion relating to organised crime or terrorism, is in- (i) accordance with an international mutual assistance agreement; or |
| (ii) the interests of the Republic's international relations or obliga- |
| tions; or (e) the gathering of information concern- ing an offence mentioned in Schedule II, or property which is or could probably be an instrumentality of a serious offence, or is or could prob- ably be the proceeds of unlawful activities, is necessary, and that the provision of real-time commu- nication-related information is necessary |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+91
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging | (a)"n ernstige misdryf of 'n misdryf in Bylae II genoem, gepleeg is of word of waarskynlik gepleeg sal word; |
| | | of |
| (b) die insameling van inligting aan- gaande 'n werklike bedreiging van die openbare gesondheid veiligheid, nasionale sekuriteit of dwingende nasionale ekonomiese |
| belang van die Republiek nodig is; (c) die insameling van inligting aan- gaande ‘'n potensiele bedreiging van die openbare gesondheid |
| veiligheid of nasionale sekuriteit van die Republiek nodig is; (d) die rig van 'n versoek vir die voorsiening, of die voorsiening aan die bevoegde owerhede van 'n land of gebied buite die Republiek, van enige hulp in verband met, of in die vorm van, die onderskepping van kommunikasies met betrekking tot |
| georganiseerde misdaad, 'n misdryf in Bylae II genoem of enige misdryf met betrekking tot terrorisme of die insameling van inligting met be- trekking tot georganiseerde misdaad of terrorisme- (i) ooreenkomstig 'n internasionale (ii) in belang van die internasionale (e)die aangaande ‘n misdryf in Bylae II genoem, of eiendom wat 'n middel is of waarskynlik kan wees by'n ernstige misdryf of die opbrengs is of waarskynlik kan wees van onwettige aktiwiteite nodig is, en dat die verstrekking van intydse kommunikasie-verwante inligting nodig is vir die doeleindes van die ondersoek van so 'n misdryf of die insameling van sodanige inligting." (d) Subartikel (4) van artikel 19 word deur die volgende subartikel vervang: “(4)'n Argief-bewaarde kommuni- kasie-verwante lasgewing kan slegs uitgereik word indien dit vir die betrokke regter van die Hoe Hof, streekhoflanddros of landdros voorkom, op die feite in die betrokke aansoek beweer, dat daar redelike gronde is om te glo dat- |
+
+Act No. 19 of 2020
+92
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Criminal Law | | (f) 1 2 | The addition of the following Schedule after Schedule I: “Schedule II Any offence referred to in- (a)section 3(1), 5,6,7(1),8,9(1) or (2), or 10; or (b) section 17 (in so far as the section relates to the offences referred to in paragraph (a)), of the Cybercrimes Act, 2020, which involves an amount of R50 000, 00 or more. Any offence which is substantially similar to an offence referred to in item 1 which is or was committed in a foreign State, which involves an |
| Act No.32 of 2007 | (Sexual Offences and Related Mat- ters)Amendment Act,2007 | | amount of R50 000, 00 or more.". (a) The Index to the Criminal Law (Sexual Offences and Related Matters) Amend- 11A Harmful disclosure of pornography |
| ment Act, 2007, is hereby amended- (i) by the insertion of the following Part and items after item 11: “Part 3A Persons 18 years or older: Harmful disclosure of pornography and orders to protect complainant against harmful effects of disclosure of pornography |
+
+Wet op Kubermisdade, 2020
+
+95
+
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Wet No.32 van 2007 | Wysigingswet op | (f) Die volgende Bylae word na Bylae I bygevoeg: “Bylae II Enige misdryf bedoel in- (a)artikels3(1),5,6,7(1),8,9(1) of (2), of 10; of (b)artikel17 (vir sover die artikelin verband staan met die misdrywe in paragraaf (a) bedoel), van die Wet op Kubermisdade, 2020, waarby 'n bedrag van R50 000,00 of meer betrokke is. 2 Enige misdryf wat wesenlik soort- gelyk is aan 'n misdryf in item 1 bedoel wat in 'n vreemde Staat gepleeg word of was, waarby‘n bedrag van R50 000,00 of meer betrokke is.". |
| die Strafreg (Seksuele Misdrywe en Verwante Aangeleenthede), 2007 | (a) Die Inhoudsopgawe tot die Wysigingswet op die Strafreg (Seksuele Misdrywe en Verwante Aangeleenthede), 2007, word hierby gewysig- (i) deur die volgende Deel en items na item 11 in te voeg: “Deel 3A "Persone 18 jaar of ouer: Skadelike openbaarmaking van pornografie en bevele omklaer teen dieskadelike uitwerking van openbaarmaking van pornografie te beskerm 11A Skadelike openbaarmaking van pornografie 11B Bevele om klaer teen skadelike openbaarmaking van porno- grafie te beskerm hangende afhandeling van strafregtelike verrigtinge 11C Elektroniese kommunikasie- diensverskaffer moet besonder- hede aan hof verskaf 11D Bevele by afhandeling van strafregtelike verrigtinge”; (ii) deur die opskrif tot Deel 2 van Hoofstuk 3 deur die volgende opskrif te vervang: “Seksuele uitbuiting en seksuele aanvoring van kinders, blootstelling of vertoon van of veroorsaking van blootstelling of vertoon van kinder- pornografie of pornografie aan kinders,kinderpornografie en gebruikmaking van kinders vir |
+
+96
+
+Act No. 19 of 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | 11B.(1) 'n Klaer (hierna die applikant genoem) wat 'n klag by die Afrikaanse Polisiediens indien dat misdryf inartikelA(1),(2)of(3)bg na bewering teen hom of haar gepleeg is, kan op 'n ex parte-grondslag op die voorgeskrewe vorm en wyse, landdroshof aansoek doen om beskermingsbevel hangende die handeling van die strafregtelike verrigtinge om- (a)enige persoon te belet om pornografie wat met die klag verband hou, openbaar te maak, of veroorsaak dat dit openbaar gemaak word of die applikant te dreig met die open- baarmaking of veroorsaking van die openbaarmaaking daarvan; of (b) 'n elektroniese kommunikasiediens- verskaffer wiese elektroniese kommunikasiediens gebruik word om die pornografie te huisves of openbaar te maak wat met die klag verband hou, te beveel om daardie pornografie te verwyder of toegang daartoe te deaktiveer. (2) Die hof moet 'n aansoek ingevolge subartikel (1) aan die hof voorgele, so gou as redelik moontlik oorweeg en kan, vir daardie doel, enige bykomende getuienis wat die hof gepas ag, oorweeg, met inbegrip van mondelinge getuienis of getuienis by wyse van beedigde ver- klaring,wat deel van die oorkonde van die verrigtinge moet uitmaak. (3) Indien die hof oortuig is dat daar- (a)_prima facie getuienisis dat"n misdryf in artikel 11A(1), (2) of (3) bedoel, na bewering teen applikant gepleeg is; en (b) redelike gronde is om te glo dat 'n persoon in subartikel (1)(a) bedoel, daardie pornografie openbaar gemaak het of openbaarmaking veroorsaak het of die applikant gedreig het met die openbaarmaking veroorsaaking van die openbaar- making van die pornografie; of (c)redelike gronde is om te glo dat die elektroniese kommunikasiediens van die elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel, gebruik word om daardie pornografie te huisves of openbaar te maak, kan die hof, onderworpe aan sodanige voorwaardes wat die hof gepas ag, die bevel bedoel in subartikel(1) in die |
+
+Act No. 19 of 2020
+104
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (4) The order, referred to in subsection (3), must be served on the person referred to in subsection (1)(a) or electronic com- munications service provider referred to in subsection (1)(b),in the prescribed man ner: Provided, that if the court is satisfied that the order cannot be served in the prescribed manner, the court may make an order allowing service to be effected in the formo1 pecified in thatorder. (5)An order referred to in subsection (3) is of force ife ctfromthe timeit1S issued by the court and the existence thereof has been brought to the attention of the person referred to in subsection (1)(a) or electronic communications service pro- vider referred to in subsection (1)(b). (6) A person referred to in subsection (1)(a), other than the person who is ac- cused of having committed the offence in question, or an electronic communications service rovider, referred to in subsection (1)(b) may,within 14 days after the order has been served on him, her or it in terms of subsection (4)or within such further period as the court may allow, upon notice to the magistrate's court concerned, in the prescribed form and manner, apply to the court for the setting aside or amendment of the order referred to in subsection (3). (7)(a) The court must as soon as is reasonably possible consider an applica- tion submitted to it in terms of subsection 6)and that purpose, consider such additional evidence as it deems fit, including oral evidence or evidence by affidavit, which must form part of the record of the proceedings. (b) The court may if good cause has been shown for the variation or setting aside of the protection order, issue an order to this effect. (8)The court nay for purposes of subsections (2) and (7), in the prescribed form and manner cause to be subpoenaed any person as a witness at those proceed- ings or to provide any book, document or object, if the evidence of that person or book, document or object appears to the court essential to the just decision of the |
+
+Wet op Kubermisdade, 2020
+
+105
+Wet No. 19 van 2020
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | (4)Die bevel in subartikel (3) bedoel, moet aan die persoon in subartikel (1)(a) of elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel, op die voorgeskrewe wyse beteken word: Met dien verstande dat indien die hof oortuig is dat die bevel nie op die voorgeskrewe wyse beteken kan word nie, die hof bevel kan gee wat betekening in die vorm ofop diewyse in daardie bevel gespesifiseer, toelaat. (5)'n Bevel in subartikel (3) bedoel, is van krag vanaf die oomblik wat dit deur die hof uitgereik word en die bestaan daarvan onder die aandag van die persoon bedoel in subartikel (1)(a) of elektroniese kommunikasiediensverskaffer bedoel in subartikel (1)(b), gebring is. (6) Iemand in subartikel (1)(a) bedoel, anders as die persoon wat van die pleging van die betrokke misdryf beskuldig word, of 'n elektroniese kommunikasiediens- verskaffer in subartikel (1)(b) bedoel kan, binne 14 dae nadat die bevel ingevolge subartikel (4) aan hom of haar beteken is, of binne sodanige verdere tydperk wat die hof mag toelaat, by kennisgewing aan die betrokke landdroshof, opdievoor- geskrewe vorm en wyse, by die hof aansoek doen om die tersydestelling of wysiging van die bevel in subartikel (3) bedoel. (7)(a) Die hof moet aansoek ingevolge subartikel (6) aan die hof voorgele, SO gou as redelik moontlik oorweeg en kan vir daardiedoel sodanige bykomende getuienis soos die hof gepas ag, oorweeg, met inbegrip van mondelinge getuienis of getuienis by wyse van beedigde verklaring, wat deel van die oorkonde van die verrigtinge moet uit- maak. (b) Die hof kan, by die aanvoer van goeie gronde vir die wysiging of tersydestelling van die beskermingsbevel, 'n bevel te dien effekte uitreik. (8) Die hof kan, vir doeleindes van subartikels (2) en (7), op die voorgeskrewe vorm en wyse enige persoon laat dagvaar as 'n getuie by daardie verrigtinge of om enige boek, dokument of voorwerp voor te le, indien die getuienis van daardie persoon of boek, dokument of voorwerp 'n |
+
+Act No. 19 of 2020
+106
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (b) may, in the prescribed manner, re- quest such additional evidence by way of affidavit from the electronic |
| communications service provider as it deems fit;: |
| (c)must give_ a decision in respect thereof; and (d)must inform the electronic communi- |
| cations service provider in the pre- scribed form and manner of the out- come of the application. (5) (a) The court may, on receipt of an |
| affidavit from an electronic communica- tions service provider which contains the information |
| referred to in subsection |
| (1)(b), consider the issuing of a protection |
| order in terms of section 11B(3) against the person or electronic communications |
|
|
| | service provider on the date to which the proceedings have been adjourned. (b) Any information furnished to the court in terms of subsection (1)(b) forms | part of the evidence that a court may consider in terms of section 11B(3). |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+113
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | beveel die |
| (a)daardie persoon om pornografie te vernietig en om 'n verklaring |
| beedigde in die voorgeskrewe vorm aan die aanklaer in die bevel geidentifiseer, voor te le, dat die pornografie aldus vernietig is; |
| of (b)"n elektroniese kommunikasiediens- verskaffer wie se diens gebruik word om daardie pornografie te huisves of openbaar te maak, beveel om daardie pornografie te verwyder of toegang daartoe te deaktiveer. |
|
|
| elektroniese kommunikasiediensver- |
| moet in die voorgeskrewe vorm wees en |
| (2)Die bevel in subartikel (1)(b) bedoel, moet op die voorgeskrewe wyse aan die |
| |
| | |
| | |
| | |
| | skaffer beteken word: Met dien verstande dat, indien die verhoorhof oortuig is dat |
| | |
| | |
| | die bevel nie op die voorgeskrewe wyse |
| | beteken kan word nie, die hof 'n bevel kan |
| | gee wat betekening in die vorm of op die |
| | wyse in daardie bevel gespesifiseer, |
| | toelaat. |
| | (3)Enige persoon of elektroniese |
| | kommunikasiediensverskafer_ wat_ ver- |
| | suim om aan 'n bevel in subartikel (1) |
| | bedoel te voldoen, is skuldig aan‘n |
| | misdryf. |
| | (4)'n Elektroniese kommunikasiediens- |
| | verskaffer kan, binne 14 dae na die bevel |
| | bedoel in subartikel (1)(b), ingevolge |
| | subartikel (2) daaraan beteken is, by kennisgewing |
| | aan die betrokke ver- hoorhof, op die voorgeskrewe vorm en wyse, by die verhoorhof aansoek doen om |
| | die tersydestelling of wysiging van die bevel. |
| | |
| | redelikerwys |
| | (5) (a) Die verhoorhof moet so gou as |
| | moontlik 'n aansoek |
| | ingevolge subartikel (4) daaraan voorgele, |
| | oorweeg en kan vir daardie doel sodanige |
| | bykomende getuienis oorweeg wat die hof |
| | gepas ag, met inbegrip van mondelinge |
| | getuienis of getuienis by wyse van |
| | beedigde verklaring, wat deel van die |
| | oorkonde moet uitmaak. |
| | |
| | |
| | (b) Die hof kan, by die aanvoer van |
| | |
| dien effekte uitreik. | grondevir die wysiging of tersydestelling van die bevel, 'n bevel te goeie |
+
+116
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| | (6)Die verhoorhof kan, by die toepassing van subartikel (5)(a), enige persoon op die voorgeskrewe vorm en wyse laat dagvaar as getuie by daardie verrigtinge of om enige boek, dokument of voorwerp voor te lé, indien die getuienis van daardie persoon of boek, dokument of voorwerp vir die hof noodsaaklik blyk te wees vir die regverdige beslissing van die saak. (7) Enige _persoon wat ingevolge subartikel (6) gedagvaar is om verrigtinge by te woon en wat versuim om- (a) dit by te woon of teenwoordig te bly; (b) te verskyn by die plek en op die datumwaarheendiebetrokke verrigtinge verdaag kan word; (c) teenwoordig te bly by daardie ver- rigtinge aldus verdaag; of (d) enige boek, dokument of voorwerp in die dagvaarding gespesifiseer, voor te 1e, is skuldig aan 'n misdryf. (8) By die toepassing van hierdie artikels, beteken‘verhoorhof'- (a)n landdroshof ingestelkragtens artikel 2(1)(f)(i) van die Wet op Landdroshowe, 1944; (b)'n hof vir 'n streeksafdeling ingestel kragtens artikel 2(1)(g)(i) van die Wet op Landdroshowe, 1944; of (c) 'n Hooggeregshof bedoel in artikel 6(1) van die Wet op Hoer Howe, 2013. (9) Wanneer 'n persoon ook al aan 'n misdryf in artikel 11A(1), (2) of (3) skuldig bevind word, moet die verhoorhof 'n bevel gee dat die persoon wat aldus skuldig bevind is, alle koste moet vergoed wat redelikerwys aangegaan is deur- (a)'n klaer na aanleiding van enige lasgewing ingevolge artikel 11C(1)(b) uitgereik; of (b)'n elektroniese kommunikasiediens- verskaffer om daardie pornografie te verwyder of toegang daartoe te deaktiveer, waarop die bepalings van artikel 300 van die Strafproseswet, 1977, met die nodige veranderinge deur die samehang vereis, by daardie bevel van toepassing sal wees." (d) Hoofstuk 3 word hierby gewysig- (i)deur die opskrif by Deel 2 Hoofstuk 3 deur die volgende opskrif te vervang: van |
+
+Act No. 19 of 2020
+118
+
+
+| Number and year of law | Short title | Extent of repeal or amendment | (a)distribution; |
| | (c) (d) (e) (f) (g) (h) (i) (i) offence. (a)attends; (b)views; or pornography. mance involving child pornog- | (b)making available; transmission; offering for sale; selling; offering to procure; procuring; accessing; downloading; or viewing, of child pornography, is guilty of an (6) Any person who unlawfully and intentionally processes or facili- tates a financial transaction, knowing that such transaction will facilitate a contravention of subsections (1)to (5), is guilty of an offence."; and (iv)by the addition to section 20 of the following subsections: “(3)Any person who unlawfully and intentionally- (c)_participates in, a live performance involving child pornography, is guilty of the offence of attending, viewing or participating in, a performance involving child (4) Any person(“A") who unlaw- fully and intentionally recruits a child complainant (“B"), with or without the consent of B, whether for finan- cial or other reward, favour or com- pensation to B or a third person ("C") or not, for purposes of- (a)creating, making or producing of child pornography, is guilty of the offence of recruiting a child for child pornography; or (b)_participating in a live perfor- mance involving child pornog- raphy, as contemplated in sub- section (3), is_guilty _of the offence of recruiting a child for participating in a live perfor- |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+121
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| | (d) Any person or electronic communi- cations service provider that is convicted of an offence referred to in section 11C(7), is liable, on conviction to a fine or to imprisonment for a period not exceeding two years or to both such fine and impri- sonment. (e) Any electronic communications ser- vice provider or person that is convicted of an offence referred to in section 11D(3) or (7), is liable on conviction to a fine or to imprisonment for a period not exceeding 2 years or to both such fine and imprison- ment. (4) Any person who contravenes the provisions of section 19A(3), (4)(f), (g), (h), (i) or (j), or (5)(f),(g), (h), (i) or (j) is liable- (a)in the case of a first conviction, to a fine or to imprisonment for a period not exceeding five years or to both such fine and imprisonment; (b) in the case of a second conviction, to a fine or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment; or (c)in the case of a third and subsequent conviction, to a fine or to imprison- ment for a period not exceeding 15 years or to both such fine and impri- sonment. (5)Any person who contravenes the provisions of section 17(7), 19A(1), (2), (4)(a),(b),(c),(d), or (e),(5)(a),(b),(c), (d) or (e) or 20(3) or (4), is liable- (a)in the case of a first conviction, to a fine or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment; or (b) in the case of a second and subse- quent conviction, to a fine or to imprisonment for a period not ex- ceeding 15years or to both such fine and imprisonment. (6)Any person who contravenes the provisions of section 19A(6), is liable- (a)in the case of a first conviction, to a fine of R1 000 000 or to imprison- ment for a period not exceeding 5 |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+125
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging (d) Iemand of 'n elektroniese |
| (c) | kommunikasiediensverskaffer wat aan 'n misdryf bedoel in artikel 11C(7) skuldig bevind word, is strafbaar by skuldigbevinding met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 2 jaar of met beide daardie boete en gevangenisstraf. (e)‘n Elektroniese kommunikasie- diensverskaffer of persoon wat aan ‘n misdryf bedoel in artikel 11D(3) of (7) skuldig bevind word, isstrafbaarby skuldigbevinding met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 2 jaar of met beide daardie boete en gevangenisstraf. (4) Iemand wat die bepalings van artikel 19A(3),(4)(f), (g), (h),(i) of (j), of (5)(f), (g),(h), (i) of (j) oortree, is strafbaar- (a)indiegeval van 'neerste skuldigbevinding, met ‘n boete of met gevangenisstraf vir 'n tydperk van hoogstens 5 jaar of met beide sodanige boete en gevangenisstraf; (b)indie geval van 'n tweede skuldigbevinding, met 'n boete of met gevangenisstraf vir ‘n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf; of in die geval van 'n derde en daaropvolgende skuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 15 jaar of met beide daardie boete en gevangenisstraf. (5)Iemand wat die bepalings van artikel 17(7), 19A(1), (2), (4)(a), (b), (c) (d) of (e),(5)(a),(b),(c),(d) of (e) of 20(3) of (4) oortree, is strafbaar- (a)in die geval van 'n eerste skuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf; of (b)in die geval van'n tweede en daaropvolgendeskuldigbevinding, met 'n boete of met gevangenisstraf vir 'n tydperk van hoogstens 15 jaar of met beide daardie boete en gevangenisstraf. (6)Iemand wat die bepalings van artikel 19A(6) oortree, is strafbaar- (a) in die geval van n eerste skuldigbevinding,met 'n boete van R1 000 000 of met gevangenisstraf vir 'n tydperk van hoogstens 5 jaar of metbeidedaardie boete en |
+
+Act No. 19 of 2020
+126
+
+
+| Number and year of law | Short title | Extent of repeal or amendment |
| Act No. 75 of 2008 | | (b)in the case of a second or subsequent conviction, to a fine of R2 000 000 or to imprisonment for a period not exceeding 10 years or to both such fine and imprisonment. (7)Any person who contravenes the provisions of section 54(3), is liable,on conviction to a fine or to imprisonment for a period not exceeding 5 years or to both such fine and imprisonment. (8) Any electronic communications ser- vice provider who contravenes the provi- sions of section 54(4), is liable, on convic- tion to a fine not exceeding R1 000 000 or to imprisonment for a period not exceed- ing 5 years or to both such fine and imprisonment." |
| Child Justice Act, 2008 | (a) The addition of the following item to Schedule 2: “26. Any offence contemplated in- (a)section 2, 3 or 4 of the Cybercrimes Act,2020; (b) section 5,6, 7 or 11(1) of the Cybercrimes Act, 2020, where the damage caused does not exceed an amount of R5000; (c) section 14, 15 or 16 of the Cyber- crimes Act, 2020; or (d)section 8, 9 or 10 of the Cybercrimes Act, 2020, where the amount in- volved does not exceed R1500. 27. An offence contemplated in section 11A(1) and (2) of Criminal Law (Sexual Offences and Related Matters) Amend- ment Act, 2007." (b) The addition of the following item to Schedule 3: “23. Any offence contemplated in- (a)section 5,6, 7 or 11(1)of the Cybercrimes Act, 2020,where the damage caused exceeds an amount of R5000; (b) section 8, 9 or 10 of the Cybercrimes Act, 2020, where the amount in- volved exceeds R1500; or (c)section 11(2) of the Cybercrimes Act, 2020. 24. An offence contemplated in section 11A(3) of Criminal Law (Sexual Offences |
+
+Wet op Kubermisdade, 2020
+
+Wet No. 19 van 2020
+127
+
+
+| Nommer en jaar van wet | Kort titel | Omvang van herroeping of wysiging |
| Molao 75 wa 2008 | | (b) in die geval van 'n tweede en daaropvolgende skuldigbevinding, met 'n boete van R2 000 000 of met gevangenisstraf vir 'n tydperk van hoogstens 10 jaar of met beide daardie boete en gevangenisstraf. (7)Iemand wat die bepalings van artikel 54(3) oortree, is strafbaar by skuldig- bevinding met n boete of met gevangenisstraf vir 'n tydperkvan hoogstens vyf jaar of met beide daardie boete en gevangenisstraf. (8)'n Elektroniese kommunikasiediens- verskaffer wat die bepalings van artikel 54(4)oortree, is strafbaar by skuldig- bevinding met 'n boete van hoogstens R1 000 000 of met gevangenisstraf vir 'n |
| Molao wa Bosiamisi wa Ngwana, | tydperk van hoogstens vyf jaar of met beide daardie boete en gevangenisstraf." (a) Go tsenngwa ga ntlha e e latelang mo eejuleng 2: "26. Tlolomolao nngwe le nngwe e e umakilweng mo- (a)karolong2, kgotsa 4 ya Cybercrimes Act, 2020; (b) dikarolong 5, 6, 7 kgotsa 11(1) tsa Cybercrimes Act, 2020, fa tshenyegelo e e dirilweng e le kwa tlase ga bokana ka R5000; (c) karolo 14, 15 kgotsa 16 ya Cybercrimes Act, 2020; kgotsa (d) karolo 8, 9 kgotsa 10 ya Cybercrimes Act, 2020, fa tlhotlhwa e e amegang e le kwa tlase ga R1500. 27. Tlolomolao nngwe le nngwe e e umakilweng mo karolong 11A (1) le (2) ya Criminal Law (Sexual Offences and Re- lated Matters)Amendment Act,2007.". (b) Go tsenngwa ga ntlha e e latelang mo eejuleng 3: "23. Tlolomolao nngwe le nngwe e e umakilweng mo- (a)karolong 5, 6, 7 kgotsa 11(1) ya Cybercrimes Act, 2020, fa tshenyegelo e e dirilweng e le kwa godimo ga bokana ka R5000; (b) karolo 8, 9 kgotsa 10 ya Cybercrimes Act, 2020, fa tlhotlhwae e amegang e le kwa godimo ga R1500; kgotsa 3 |
\ No newline at end of file
diff --git a/dataset/data/docs2/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md b/dataset/data/docs2/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md
new file mode 100644
index 0000000000000000000000000000000000000000..023c88f6119a5d562928272edc347b3bffb01b1b
--- /dev/null
+++ b/dataset/data/docs2/south-africa-government_2015_National Cybersecurity Policy Framework.pdf-dde97d67-d3fd-41b3-b.md
@@ -0,0 +1,524 @@
+# STATESECURITYAGENCY
+
+NO.609
+
+04DECEMBER2015
+
+# THE NATIONAL CYBERSECURITY POLICY FRAMEWORK (NCPF)
+
+
+
+
+
+NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+# Table of Contents
+
+ABBREVIATIONS P EXECUTIVE SUMMARY 5 DEFINITIONS 8
+
+1. Introduction 10
+2. The South African Context .12
+3. Purpose of the NCPF .14
+4. Key Objectives of the NCPF. .15
+5. Capacity to Respond to Cybersecurity lmperatives .15
+6. Cybersecurity Hub and Additional CSiRTs. .18
+7. Verification of Information Security Products and Systems .19
+8. NCII Protection.. .20
+9. Cryptography .21
+10. Online E-ldentity Management in Cyberspace. .21
+11. Promote and Strengthen Local and International Cooperation.. .23
+12. Capacity Development, Research and Development .24
+13. Cyber-warfare. .24
+14. Promotion of a Cybersecurity Culture. .25
+15. Technical and Operational Standards Compliance. .25
+16. The Role and Responsibility of the State .26
+17. The role and Responsibility of the Private Sector .. .29
+18. The Role and Responsibility of Civil Society .29
+19. Conclusion. 30
+
+# ABBREVIATIONS
+
+CII Critical Information Infrastructure
+CRC Cybersecurity Response Committee
+CSIR Council for the Scientific and Industrial Research
+CSIRT Computer Security Incident Response Team
+DOJ&CD Department of Justice and Constitutional Development
+DOD&MV Department of Defence and Military Veterans
+DST Department of Science and Technology
+DTPS Department of Telecommunications and Postal Services
+ECS Electronic Communications Security
+ECT Electronic Communications and Transactions
+FIRST Forum for Incident Response and Security Teams
+GCA Global Cybersecurity Agenda
+GRC Governance, Risk Management and Compliance
+HLEG High-Level Experts Group
+ICT Information and Communications Technology
+ICASA Independent Communications Authority of South Africa
+IPR Intellectual Property Rights
+ISP Internet Service Provider
+ITU International Telecommunication Union
+JCPS Justice, Crime Prevention and Security (Cluster)
+MOU Memorandum of Understanding
+NCAC National Cybersecurity Advisory Council
+NCII National Critical Information Infrastructure
+NCPF National Cybersecurity Policy Framework
+NPA National Prosecuting Agency
+PKI Public Key Infrastructure
+SAPS South African Police Service
+SIEM Security Information and Event Management
+SITA State Information Technology Agency
+SOE State Owned Entity
+SSA State Security Agency
+UNODC United Nations Office on Drugs and Crime
+WSIS World Summit on the Information Society
+
+# EXECUTIVESUMMARY
+
+1. Information and Communications Technologies (lCTs) are indispensable in modern society.The interconnectivity of computer networks contributes significantly to economic growth, education, citizens' participation in social media and many others.
+2. This new electronic environment is commonly known as cyberspace. The dependence of the daily functioning of society on information communication technology solutions has led to a concomitant need for the development of adequate security measures. This is because the danger that Cybersecurity threats pose, is real.
+3.The numerous cyber-attacks launched in recent years against advanced information societies aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of international and also local security threats. Given the seriousness of cyber threats and of the interests at stake, it is therefore imperative that the comprehensive use of information communication technology solutions be supported by a high level of security measures and be embedded in a broad and sophisticated Cybersecurity culture. For this reason, the cyber threats need to be addressed at both the global and national levels.
+4. National Cybersecurity is a broad term encompassing the many aspects of electronic information, data and media services that affect a country's security, economy and welbeing. Ensuring the security of a country's cyberspace therefore comprises a range of activities at different levels.
+5.World-wide Cybersecurity strategies are being developed and are aimed at setting policy goals, measures and institutional responsibilities in a succinct manner. Generally, the primary concern is to ensure the confidentiality, integrity and availability (C-I-A) of computer data and systems and to protect against or prevent intentional and non-intentional incidents and attacks. Priority is also given to critical information infrastructure protection (CIIP).
+6. These strategies normally also contain measures against or reference to cybercrime. Measures against cybercrime provide a criminal justice response to C-l-A attacks against computers and thus complement technical and procedural Cybersecurity responses. However, cybercrime comprises also offences committed by means of computer data and systems, ranging from the sexual exploitation of children to fraud, hate speech, intellectual property rights (IPR) infringements and many other offences. Furthermore, any crime may involve electronic evidence in one way or the other. While this may not be labelled “cybercrime", a cybercrime strategy would nevertheless need to ensure that the forensic capabilities be created that are necessary to analyse electronic
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+evidence in relation to any crime, or that all law enforcement officers, prosecutors and judges are provided at least with basic skills in this respect.[1]
+
+7.This South African National Cybersecurity PolicyFramework is aligned to these goals and is necessitated to ensure a focussed and an all-embracing safety and security response in respect of the Cybersecurity environment and establishes and addresses the following:
+
+a) The development and implementation of a Government led, coherent and integrated Cybersecurity approach to address Cybersecurity threats;
+b) Establishing a dedicated policy, strategy and decision making body to be known as the JCPS Cybersecurity Response Committee,to identify and prioritise areas of intervention and focussed attention regarding Cybersecurity related threats. The Cybersecurity Response Committee will be chaired by the State Security Agency (SSA) and will be supported operationally by a Cybersecurity Centresituated at the SSA
+c) The capability to effectively coordinate departmental resources in the achievement of common Cybersecurity safety and security objectives (including the planning, response coordination and monitoring and evaluation);
+d) Fighting cybercrime effectively through the promotion of coordinated approaches and planning and the creation of required staffing and infrastructure;
+e) Coordination of the promotion of Cybersecurity measures by all role players (State, public, private sector, and civil society and special interest groups) in relation to Cybersecurity threats, through interaction with and in conjunction with the Cybersecurity Hub (to be established within the Department of Telecommunications and Postal Services);
+f) Strengthening of intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber terrorism and cyber warfare;
+g) Ensuring of the protection of national critical information infrastructure;
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+h) The promotion of a Cybersecurity culture and compliance with minimum security standards;
+i) The establishment of public-private partnerships for national and action plans in line with the NCPF; and
+j) Ensuring a comprehensive legal framework governing cyberspace.
+
+8. The National Cybersecurity Policy Framework (NCPF) is aligned with and dealt within the JCPS Cluster's mandate and obligations under Outcome $_{3:}$ All people are and feel safe in South Africa. In this regard, Output 8 of Outcome 3 requires the development and implementation of a Cybersecurity policy and the development of capacity to combat and investigate cybercrime that seeks to promote thefollowing
+
+a) Measures to address national security threats in terms of cyberspace;
+b) Measures to promote the combating of cybercrime;
+c) Measures to build confidence and trust in the secure use of ICT; and
+d) The development, review and update of existing substantive and procedural laws to ensure alignment.
+
+9.The NCPF is intended to provide a holistic approach pertaining to the promotion of Cybersecurity measures by all role players and will be supported by a National Cybersecurity Implementation Plan which will be developed by the JCPS Cluster in consultation with relevant stakeholders, identifying roles and responsibilities, timeframes, specific performance indicators, and monitoring and evaluation mechanisms. The development and large-scale implementation of a system of security measures as implemented elsewhere in the world will form part of the National Cybersecurity Implementation Plan.
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+# DEFINITIONS
+
+# In the context of this policy,
+
+"National Critical Information Infrastructure" means all ICT systems, data systems, data bases,networks (including people, buildings,facilities and processes), that are fundamental to the effective operation of the Republic1;
+
+"Computer Security Incident Response Team (CsiRT)" is a team of dedicated information security specialists that prepares for and responds to Cybersecurity breaches (Cybersecurity incidents);
+
+"Cybersecurity" is the practice of making the networks that constitute cyberspace secure against intrusions,maintaining confidentiality, availability and integrity of information, detecting intrusions and incidents that do occur, and responding to and recovering from them.
+
+"Cybersecurity Hub" means a CSiRT established to pool public and private sector threat information for the purposes of processing and disseminating such information to relevant stakeholders including the Cybersecurity centre.
+
+"Cyberspace" means a physical and non-physical terrain created by and/or composed of some or all of the following:
+
+computers, computer systems, networks and their computer programs, computer data, content data, traffic data, and users;
+
+"Cyber warfare" means actions by a nation/state to penetrate another nation's computers and networks for purposes of causing damage or disruption²;
+
+"Cyber espionage" means the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature),from individuals, competitors, rivals, groups, Governments and enemies for personal, economic, political or military advantage3;
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+"Cyber terrorism" means use of Internet based attacks in terrorist activities by individuals and groups, including acts of deliberate large scale disruptions of computer networks, especially computers attached to the Internet, by the means of tools such as computer viruses4;
+
+"Cybercrime" means illegal acts, the commission of which involves the use of information and communication technologies;
+
+"ICT"(Information and Communication Technologies) mean any communications device or application including radio, television, cellular phones, satellite systems, computers, network hardware and software and other services such as videoconferencing :
+
+"Information society” means people-centred, inclusive and development-oriented information, where everyone can create, access, utilise and share information and knowledge, enabling individuals, communities and people to achieve their full potential in promoting their sustainable development and improving the quality of their life.
+
+"JCPS CRC" means Justice, Crime Prevention and Security Cluster's Cybersecurity Response Committee.
+
+"Malware” means malicious software, and is programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behaviour. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or dangerous software or program code. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.(Symantec published a report in 2oo8 indicating that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.“According to F-Secure,"As much malware [was] produced in 20o7 as in the previous 20 years altogether." $^5)$
+
+"Organisation and user's assets” include connected computing devices, personnel, infrastructure,applications, services, telecommunication systems, and a totality of transmitted and/or stored information in the cyber environment.
+
+"Organ of State" means an Organ of the State as defined in section 239 of the Constitution.
+
+"Phishing" indicates, as an example, the fraudulent way of attempting to acquire sensitive information such as usernames, passwords and credit card details by someone masquerading as a trustworthy entity in an electronic communication,to lure the unsuspecting public.These modus
+
+# NATIONAL CYBERSECURITY POLICY FRAMEWORK FOR SOUTH AFRICA
+
+operandi are constantly evolving and is included here as typical examples of Cybersecurity / cybercrime threats that many people will encounter when using computers and information communication technology. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enterdetails at a fakewebsitewhose look andfeelare almost identical to the legitimate one.
+
+# 1. Introduction
+
+1.1 A number of strategic interventions and tactical interventions have been successfully implemented over the past few years and other interventions are in the process of being implemented within the Justice, Crime Prevention and Security (JCPS) Cluster in the fight against crime with the objective of making South Africa Safe. As part of Government's Outcome based priorities, the JCPS Cluster signed on 24 October 2010, the JCPS Delivery Agreement, relating to Outcome 3: “All People in South Africa Are and Feel Safe". This Outcome focuses on certain areas and activities, clustered around specific Outputs,where interventions will make a substantial and a positive impact on the safety of the people of South Africa. One such area relates to Output 8: which requires the development and implementation of a Cybersecurity Policy and the development of capacity to combat and investigate cybercrime. In line herewith, this document therefore sets out a National Cybersecurity Policy Framework (NCPF) for South Africa.
+
+1.2 It is generally accepted that Information and Communications Technologies (ICTs) have become indispensable in modern society. The increased interconnectivity of computer networks and the expansion of broadband including mobility are contributing significantly to economic growth, digital integration, education, electronic governance, citizens' participation in governance and many others. This new electronic environment is commonly known as cyberspace. It has created a “global village” with instantaneous communication possible between persons on the opposite sides of the world. The NCPF Policy Framework therefore recognises that Cybersecurity threats and the combating thereof have a personal, national and international context.
+
+1.3Cyberspace comes with new types of challenges to the governments of the world and it therefore introduces a further dimension to National Security. It is a borderless platform that enables more sophisticated threats such as cybercrime, cyber terrorism, cyber war and cyber espionage. The numerous cyber-attacks launched in recent years against advanced information societies aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of security threats. The acknowledgment that such attacks pose a threat to international security reached new heights in 2007 owing to the first-ever co-ordinated cyber-attack against an entire country and also because of large-scale cyber-attacks against information systems in many other countries as well. The co-ordinated cyber-attacks against government agencies, banks,
+
+# NATIONALCYBERSECURITY POLICYFRAMEWORKFOR SOUTHAFRICA
+
+media and telecommunications companies in Estonia demonstrated the vulnerability of a society's information infrastructure as an aspect of national security that needs attention in all countries. There are views that Internet is becoming more and more militarized.The problem is very specific to malware being distributed through terror groups.
+
+1.4The recurrence and growing incidence of cyber-attacks indicate the start of a new era in which the security of cyberspace requires a global dimension and the protection of National Critical Information Infrastructure must be elevated, in terms of national security, on par with traditional defence interests.
+
+1.5National Cybersecurity is a broad term encompassing many aspects of electronic information, data, and media services that affect a country's security, economy and welbeing. Ensuring the security of a country's cyberspace thus comprises of a range of activities at different levels.Towards this end, the most important policy domains include reducing the vulnerability of cyberspace, preventing cyber threats and attacks in the first instance and,in the event of an attack, ensuring a swift recovery of the functioning of critical information systems.
+
+1.6 Thus, a Cybersecurity strategy must appraise the vulnerability of a country's critical information infrastructure, devise a system of preventative measures against cyber-attacks, and decide upon the alocation of tasks relating to Cybersecurity management at the national level. Moreover, it is also important to improve the legal framework against cyber-attacks, to enhance international and institutional co-operation, and to raise public awareness and develop training and research programmes on Cybersecurity.
+
+1.7 The above threats necessitate a comprehensive and all-encompassing approach in dealing with cyber threats.In short, a Cybersecurity culture, driven in main by the State, is critical to ensure that citizens take advantage of the information age, whilst remaining conscious of the threats and vulnerabilities of cyberspace. The NCPF recognises the need to balance, on the one hand, the risks associated with the use of information systems and, on the other hand, the indispensability of extensive and free use of information technology to the functioning of open and modern societies. The growing threats to Cybersecurity should not hinder the crucial role of information and communications technology in stimulating the growth of economies and societies.
+
+1.8In response to the above challenges, Governments worldwide have established policies and structures that govern interaction and collaboration between Government, private sector, academia and civil society in an effort to prevent, react to, combat and mitigate Cybersecurity vulnerabilities and attacks.
+
+1.9 The NCPF recognises that the State is charged with implementing a Government led, coherent and integrated Cybersecurity approach which, amongst others,will:
+
+# NATIONAL CYBERSECURITY POLICYFRAMEWORK FOR SOUTHAFRICA
+
+a) Promote a Cybersecurity culture and demand compliance with minimum security standards;
+b) Strengthen intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime,cyber terrorism and cyber warfare and other cyber ills;
+c) Establish public-private partnerships for national and international action plans;
+d) Ensure the protection of National Critical Information Infrastructure; and
+e) Promote and ensure a comprehensive legal framework governing cyberspace.
+
+1.10 This framework is intended to implement an allencompassing approach pertaining to allthe role players (State, public, private sector, civil society and special interest groups) in relation to Cybersecurity. This framework will be supported by a National Cybersecurity Implementation Plan which will be developed by the SSA in consultation with relevant stakeholders, identifying roles and responsibilities, timeframes, specific performance indicators, and monitoring and evaluation mechanisms.
+
+# 2. The South African Context
+
+2.1 South Africa like many other countries has become dependent on the Internet to govern, to conduct business and for other social purposes. The Internet has become indispensable to many South Africans and will continue to be, as more people access the information highway. Taking into consideration the increase in national and international bandwidth in South Africa, cybercrimes and threats are and will continue to increase. These cybercrimes and threats have the potential to impact on our national security and economy.
+
+2.2 Currently there are various pieces of legislation, some with overlapping mandates administered by different Government Departments and whose implementation is not coordinated. Furthermore, the legislation when viewed collectively does not adequately address South Africa's Cybersecurity challenges.
+
+2.3 The absence of an aligned legal and regulatory framework, and the challenge of uncoordinated Cybersecurity eforts is not unique to South Africa, other jurisdictions arefaced with the same challenges.
+
+2.4Statistics in 2011 indicate that South Africa was in the top three countries that are targeted for phishing purposes, the other countries are the USA and the UK. In addition to phishing, other e-Crime incidents in the RSA have increased to the value of millions of rands. The banking sector is especially vulnerable to cybercrime. In light of the above and many more unreported incidents, there is a need to combat cybercrime.
+
+2.5 The borderless nature of cybercrimes introduces a further dimension to National Security. Numerous cyber-attacks have been launched against a number of countries,such as the attack on Estonia in 2007, which crippled the country's electronic systems. South Africa is not immune to such atacks. The protection of South Africa's critical information infrastructure and the coordination thereof is therefore essential. South Africa needs to develop mechanisms that will ensure proactive and coordinated national response to cyber threats and incidents including combating cybercrime. The Government's leadership role in this regard is important, whilst acknowledging that Cybersecurity is everyone's responsibility, public sector, private sector and civil society.
+
+2.6 The role of the ICTs in social and economic development of a country has been widely acknowledged; however the full potential of ICTs cannot be realized unless there is confidence and trust in the secure use of ICTs. Government should take responsibility to ensure that theprivate sector and civil society are not only aware of the dangers of operating in cyberspace but also take necessary measures not to become victims of cybercrime. It is thus prudent to develop within South Africa a culture of Cybersecurity that will address the needs of the public sector, private sector and civil society.
+
+2.7 Opportunities of ICT and the challenges of Cybersecurity are fuelled by advances in technology. Consequently, there is a need to develop the requisite skills to exploit the opportunities of an information economy and meet the dynamic challenges of Cybersecurity. South Africa will always lag behind or be vulnerableunless we develop requisite skills. There is a need to create an enabling environment for Cybersecurity training, education,research and development and skills development programmes in South Africa.
+
+2.8 South Africa is a consumer of ICTs and depends on overseas manufactured technologies to secure its cyberspace.The downside of this, is that our critical information infrastructure will continue to have some degree of vulnerability. Thus it is important to develop indigenous Cybersecurity technologies. Unless we develop Research and Development capabilities to address this, we will continue to rely of foreign technologies for this purpose. The absence of stringent compliance monitoring to ensure that technologies used comply to international and national Cybersecurity standards.
+
+2.9 South Africa will in the promotion and development of Cybersecurity measures in relation to this NCPF bear in mind the international instruments and measures that may be relevant such
+
+# NATIONAL CYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+as the work of the various agencies of the United Nations.° In 2011, the International Telecommunications Union (ITU) and the UN Office on Drugs and Crime (UNODC) signed a memorandum of understanding (MOU) to help secure cyberspace for consumers, businesses, and children and to mitigate the risks posed by cybercrime. The MOU will enable the parties to avail the necessary expertise and resources to establish legal measures and legislativeframeworks atnational level,forthebenefit of allinterestedcountries.This initiative is a major milestone in implementing a co-ordinated global approach to an increasingly serious global problem.'
+
+# 3. Purpose of the NCPF
+
+3.1The purpose of the NCPF is to create a secure, dependable,reliable and trustworthy cyber environment that facilitates the protection of critical information infrastructure whilst strengthening shared human values and understanding of Cybersecurity in support of national security imperatives and the economy. This will enable the development of an information society which takes into account the fundamental rights of every South African citizen to privacy, security, dignity, access to information, the right to communication and freedom of expression.
+
+3.2 The NCPF seeks to ensure that Government, business and civil society are able to enjoy the full benefits of a safe and secure cyberspace. To this end, the public sector, private sector and civil society willneed to work together tounderstand and address the risks,reduce the benefits to criminals and seize opportunities in cyberspace to enhance South Africa's overall security and safety including its economic well-being.
+
+3.3 This NCPF therefore provides for:
+
+a) Measures to address national security in terms of cyberspace; b) Measures to combat cyber warfare, cybercrime and other cyber ills; c) The development, review and updating existing substantive and procedural laws to ensure alignment; and d) Measures to build confidence and trust in the secure use of ICT.
+
+# NATIONAL CYBERSECURITY POLICYFRAMEWORKFORSOUTHAFRICA
+
+# 4. Key Objectives of the NCPF
+
+4.1The NCPF articulates the overall aim and objectives of the South African Government and sets out strategic priorities that will be pursued to achieve these objectives. In order to achieve the strategic visionset out in thispolicy, it is expected that this National Cybersecurity Policy Framework will:
+
+4.1.1 Centralise coordination of Cybersecurity activities,by facilitating the establishment of relevant structures, policy frameworks and strategies in support of Cybersecurity in order to combat cybercrime, address national security imperatives and to enhance the information society and knowledge based economy;
+4.1.2 Foster cooperation and coordination between Government, the private sector and civil society by stimulating and fostering a strong interplay between policy, legislation, societal acceptance and technology;
+4.1.3 Promote international cooperation;
+4.1.4 Develop requisite skills, research and development capacity;
+4.1.5 Promote a culture of Cybersecurity; and
+4.1.6 Promote compliance with appropriate technical and operational Cybersecurity standards.
+
+# 5. Capacity to Respond to Cybersecurity lmperatives
+
+5.1The Justice Crime Prevention and Security Cluster (JCPS),working in consultation with other Government Clusters , will oversee the implementation of this policy framework, with the aim to ensure centralized coordination of Cybersecurity issues.
+
+5.2Adedicated JCPSCybersecurity Response Committee will be established within the JCPS Cluster to coordinate Cybersecurity activities, drive the implementation of the NCPF and manage the implementation of Output 8. The Cybersecurity Response Committee will be chaired by the State Security Agency (SSA) and it will be supported operationally by a CybersecurityCentresituated at the SSA.All relevant JCPS departments willberepresented on the Cybersecurity Response Committee.
+
+5.3 The role of the JCPS Cybersecurity Response Committee will, amongst others, be to:
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+5.3.2 Coordinate Cybersecurity activities and be a central point of contact on all Cybersecurity matters pertinent to national security (national defence, national intelligence and cybercrime);
+
+.3 Identify and prioritise areas of intervention and promote focussed attention and guidance where required regarding Cybersecurity related threats and incidents;
+
+5.3.4 Promote, guide and coordinate activities aimed at improving Cybersecurity measures by all role players, which would include amongst others, the strengthening of intelligence collection and improved State capacity to investigate, prosecute and combat:
+
+a) Cybercrime,
+b) Cyber terrorism,
+c) Cyber espionange,
+d) Cyber warfare and
+e) Any other cyber related threats;
+
+5.3.5 Oversee and guide the functioning of the Cybersecurity Centre, Cybersecurity Hub, RSA Government Electronic Communications Security Computer Security Incident Response Team (ECS -CSiRT) and any other CSiRT established in SA.
+
+5.3.6 Promote and provide guidance to the process of the development and implementation of:
+
+a) The protection of national critical information infrastructure Plan;
+b) Situational analysis and awareness campaign concerning the risk environment of South African cyberspace;
+c) Cybersecurity culture and compliance with minimum security standards;
+d) Public-private partnerships for national and action plans in line with the NCPF;
+e) Compliance with appropriate technical and operational Cybersecurity standards;
+f) Cybersecurity training, education, research and development and skills development programmes;
+g) International cooperation;
+h) Facilitation of interaction, both nationally and internationally, including through international memberships to organisations such as the Forum for Incident Response and Security Teams (FiRST); and develop policy guidelines to inform such interaction;
+
+# NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+i) Establishment of sector, regional and continental CSiRTs; and j) Comprehensive legal framework governing cyberspace.
+
+5.4 The role of the Cybersecurity Centre will be to:
+5.4.1 Facilitate the operational coordination of Cybersecurity incident response activities regarding national intelligence, national defence and cybercrime;
+5.4.2 Develop measures to deal with Cybersecurity matters impacting on national security;
+5.4.3 Facilitate the analysis of Cybersecurity incidents, trends, vulnerabilities, information sharing, technology exchange on national security and threats to improve technical response coordination;
+5.4.4 Provide guidance to and facilitate the identification, protection and securing of National Critical Information Infrastructure (NCIl);
+5.4.5 Ensure regular assessment and testing of National Critical Information Infrastructures, including vulnerability assessments, threat and risk assessment and penetration testing;
+5.4.6 Provide coordination and guidance regarding Corporate Security and Policy Development; Governance, Risk Management, and Compliance (GRC); ldentity and Security Management; Security Information and Event Management (SiEM), and Digital Forensics as it pertains to Cybersecurity matters within Organs of State;
+5.4.7 Develop response protocols to guide coordinated responses to Cybersecurity incidents and interaction with the various stakeholders;
+5.4.8 Ensure the conducting of Cybersecurity audits, assessments and readiness exercises and provide advice on the development of national response plans;
+5.4.9 Provide the Secretariat services required in relation to the JCPS Cybersecurity Committee, and
+5.4.10 Perform any other function consistent with the strategic and policy objectives set out herein.
+
+# 6. Cybersecurity Hub and Additional CSlRTs
+
+6.1 Notwithstanding the envisaged JCPS Cybersecurity Response Committee, the Cybersecurity Centre and the existing ECS-CSiRT, there is also a need to ensure appropriate consultation between the JCPS cluster departments, the private sector and civil society regarding Cybersecurity matters.
+6.2 To deal with the above stated, this policy recognises that the crucial need for the facilitation of interaction between the key role players in the public sector, private sector and the broader civil society. The NCPF therefore promotes the coordination and consultation between the JCPS cluster departments, the private sector and civil society regarding Cybersecurity matters through the establishment of a Cybersecurity Hub within the Department of Telecommunications and Postal Services (DOC). The Cybersecurity Hub will be operated within the DOC in accordance with national security guidelines and standards issued by the JCPS Cybersecurity Response Committee.
+6.3 To enhance interaction, consultations and to promote a coordinated aproach regarding engagements with the private sector and civil society, Cybersecurity Hub will amongst others, have the responsibility to:
+6.3.1 Coordinate general Cybersecurity activities, in consultation with JCPS CRC as well as including identifying stakeholders and developing public-private relationships and collaborating with any sector CSiRTs that may be established;
+6.3.2 Disseminate relevant information to othersector CSiRTs, vendors, technology experts on Cybersecurity developments;
+6.3.3 Provide best practice guidance on ICT security for Government, business and civil society;
+6.3.4 Initiate Cybersecurity awareness campaigns;
+6.3.5 Promote compliance with standards, procedures and policy developed by the JCPS Cybersecurity Response Committee regarding Cybersecurity matters with a bearing on national security.
+6.3.6 Encourage and facilitate the development of appropriate additional sector CSiRTs. The sector CSIRTs will:
+6.3.6.1 Be a point of contact for that specific sector on Cybersecurity matters;
+6.3.6.2 Coordinate Cybersecurity incident response activities within that sector;
+
+NATIONALCYBERSECURITYPOLICYFRAMEWORKFORSOUTHAFRICA
+
+
+