COURSE INFORMATION

About Course Dates, Fees and Registration Examination

The 5-day SABSA Foundation Certificate comprises two modules over 5 days.

Module F1: Security Strategy & Planning

This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation.

    THE SABSA FRAMEWORK

  1. Information Security Strategy, Benefits and Objectives
    • Security: A Cultural Legacy as a Business Constraint
    • Technical Legacy of Tactical Point Solutions
    • Security Strategy, Tactics and Operations
    • Critical Success Factors for Business, IT and Security
    • Measuring and Prioritising Business Risk
    • Enabling Business and Empowering Customers
    • Adding Value to the Core Product
    • Protecting Relationships and Leveraging Trust

  2. Introduction to SABSA Best Practice
    • Information Security and its Role in the Modern Enterprise
    • Enterprise Security Architecture: Definition and Principles
    • The History of SABSA Development
    • Introduction to the SABSA Model
    • The Business View of Security: Contextual Architecture
    • The Architect’s View of Security: Conceptual Architecture
    • The Designer’s View of Security: Logical Architecture
    • The Builder’s View of Security: Physical Architecture
    • The Tradesman’s View of Security: Component Architecture
    • The Service Manager’s View of Security: Operational Architecture
    • Traceability from Business Requirements to Deployed Solutions
    • The SABSA Matrix and Service Management Matrix


    3. INFORMATION SECURITY STRATEGY

  3. Business Requirements & How To Define Them
    • Business Goals, Success Factors and Operational Risks
    • Business Processes and the Need for Security
    • Location Dependence of Enterprise Security Needs
    • Organisation and Relationships Affecting Enterprise Security
    • Time Dependency of Enterprise Security
    • Collecting Enterprise Requirements for Security
    • Creating a Business Attributes Profile
    • Defining Control Objectives

  4. Strategic Concepts & How To Apply Them
    • Managing Complexity
    • Systems Engineering for Security
    • Architectural Layering
    • End-to-End Security
    • Defence-in-Depth Models
    • Security Domains
    • Security Associations
    • Trust Modelling
    • Organisation & Workflow
    • Infrastructure Strategy
    • Management Strategy


    5. SABSA PRACTITIONER GUIDE

  5. The Strategy Programme & Architecture Delivery
    • The SABSA Development Process
    • The SABSA Lifecycle
    • Strategy and Concept Phase Processes and Sub-processes
    • Design Phase Processes and Sub-processes
    • Implement Phase Processes and Sub-processes
    • Manage and Measure Phase Processes and Sub-processes
    • Top-down Decomposition of the SABSA Model
    • Scope, Deliverables and Project Sequencing

  6. Managing The Strategic Programme
    • Introduction to Return on Investment & Return of Value
    • Defining the Benefits and Value Propositions
    • Selling the Benefits
    • Getting Sponsorship and Budget
    • Building the Team
    • Team Competency Assessment & Development
    • Programme Planning and Management
    • ‘Fast Track’ Start-up Programmes
    • Collecting the Information You Need
    • Gaining Consensus on the Conceptual Architecture
    • Strategic Architecture Governance, Compliance and Maintenance
    • Identifying Quick Wins and Gaining Long Term Confidence

Module F2: Security Service Management

This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices:

    THE SABSA SECURITY MANAGEMENT FRAMEWORK

  1. The SABSA Security Management Framework
    • SABSA in the I.T. Lifecycle
    • Using SABSA To Integrate Other Methods, Models & Standards
    • SABSA and the ITIL Framework
    • SABSA and CobIT
    • SABSA and Project Management Standards
    • SABSA and ISO Security Standards
    • SABSA and IT Architecture


    2. THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK

  2. Security Policy Management
    • Policy Principles
    • Policy Content, Hierarchy & Architecture
    • Security Policy Making
    • Information & Systems Classification
    • Third Party & Outsourcing Strategy & Policy Management

  3. Operational Risk Management
    • The Meaning of Risk
    • Risk Philosophy & Methodology
    • Corporate Governance & Enterprise Risk Management
    • Risk Measurement and Risk Assessment
    • Risk Mitigation
    • Risk Appetite
    • Risk Management Tools
    • Measuring Success of Risk Management


    4. THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK

  4. Security Organisation & Responsibilities
    • Security Governance
    • Security Culture Development, Training & Awareness
    • Ownership & Custody
    • Service Provider & Customer Roles in Security Management
    • Enterprise Audit & Review Framework

  5. Assurance of Operational Continuity
    • Business Continuity Planning
    • Contingency Planning
    • Crisis Management
    • Business Recovery Planning

  6. Systems Assurance
    • Technical Assurance of Security Correctness & Completeness
    • Managing the Assurance Process for Systems & Software Development
    • Assuring Integrity and Acceptable Use of Systems & Software
    • Principles of Multi-phased Testing


    7. SECURITY SERVICES DESIGN

  7. Security Services Architecture
    • Information as the Logical Representation of Business
    • Logical Entities & Their Relationships
    • Using Trust Models to Define Security Services
    • Security Domains, Domain Definitions & Associations
    • Security Processing Cycle

  8. Security Infrastructure Services
    • Security Rules, Practices & Procedures
    • Security Mechanisms
    • User Security
    • Platform & Network Security
    • Infrastructure for Service Delivery
    • Technical Standards & Components


    9. SECURITY SERVICES DELIVERY & SUPPORT

  9. Operational Security Services
    • Incident Management
    • Incident Response
    • Problem Management
    • Change Management
    • Continuity, Crisis & Recovery Management

  10. Security Administration & Management
    • Security Service Management
    • Security Mechanism Management
    • Security Component Management
    • System Management & Administration
    • User Management & Administration
    • Security Audit Management
    • Security Operations
    • Product Evaluation & Selection


    11. SECURITY SERVICES PERFORMANCE MEASUREMENT

  11. Return on Investment & Return of Value
    • Return on Investment
    • Net Present Value
    • Internal Rate of Return
    • Defining Value Metrics
    • Business Attributes & Return of Value

  12. Security Measures & Metrics
    • Why Do We Need Measures & Metrics
    • Measurement Approaches
    • Defining Metrics
    • Benchmarking Security
    • Remedial Project Planning
    • Maturity Models Applied to Security