SABSA Foundation Module 2: Security Service Management - Course Content

 

THE SABSA SECURITY MANAGEMENT FRAMEWORK 

 

1. The SABSA Security Management Framework

  • SABSA in the I.T. Lifecycle
  • Using SABSA To Integrate Other Methods, Models & Standards
  • SABSA and the ITIL Framework
  • SABSA and CobIT
  • SABSA and Project Management Standards
  • SABSA and ISO Security Standards
  • SABSA and IT Architecture

 

THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK

 

2. Security Policy Management

  • Policy Principles
  • Policy Content, Hierarchy & Architecture
  • Security Policy Making
  • Information & Systems Classification
  • Third Party & Outsourcing Strategy & Policy Management

3. Operational Risk Management

  • The Meaning of Risk
  • Risk Philosophy & Methodology
  • Corporate Governance & Enterprise Risk Management
  • Risk Measurement and Risk Assessment
  • Risk Mitigation
  • Risk Appetite
  • Risk Management Tools
  • Measuring Success of Risk Management

 

THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK

 

4. Security Organisation & Responsibilities

  • Security Governance
  • Security Culture Development, Training & Awareness
  • Ownership & Custody
  • Service Provider & Customer Roles in Security Management
  • Enterprise Audit & Review Framework

5. Assurance of Operational Continuity

  • Business Continuity Planning
  • Contingency Planning
  • Crisis Management
  • Business Recovery Planning

6. Systems Assurance

  • Technical Assurance of Security Correctness & Completeness
  • Managing the Assurance Process for Systems & Software Development
  • Assuring Integrity and Acceptable Use of Systems & Software
  • Principles of Multi-phased Testing

 

SECURITY SERVICES DESIGN

 

7. Security Services Architecture

  • Information as the Logical Representation of Business
  • Logical Entities & Their Relationships
  • Using Trust Models to Define Security Services
  • Security Domains, Domain Definitions & Associations
  • Security Processing Cycle

8. Security Infrastructure Services

  • Security Rules, Practices & Procedures
  • Security Mechanisms
  • User Security
  • Platform & Network Security
  • Infrastructure for Service Delivery
  • Technical Standards & Components

 

SECURITY SERVICES DELIVERY AND SUPPORT

 

9. Operational Security Services

  • Incident Management
  • Incident Response
  • Problem Management
  • Change Management
  • Continuity, Crisis & Recovery Management

10. Security Administration & Management

  • Security Service Management
  • Security Mechanism Management
  • Security Component Management
  • System Management & Administration
  • User Management & Administration
  • Security Audit Management
  • Security Operations
  • Product Evaluation & Selection

 

SECURITY SERVICES PERFORMANCE MEASUREMENT

 

11. Return on Investment & Return of Value

  • Return on Investment
  • Net Present Value
  • Internal Rate of Return
  • Defining Value Metrics
  • Business Attributes & Return of Value

12. Security Measures & Metrics

  • Why Do We Need Measures & Metrics
  • Measurement Approaches
  • Defining Metrics
  • Benchmarking Security
  • Remedial Project Planning
  • Maturity Models Applied to Security