SABSA Practitioner: Architecture & Design

 

 

Module PT2: SABSA Network Security Architecture and Design - Course Content

 

 

1. Network risk and security basic concepts

  • Network technologies, protocols, topologies, transmission media and architectural layering
  • Sub-networks and network domains; public and private networks
  • Threats and vulnerabilities in network services
  • Network connectivity control and change control
  • VPN and firewall concepts

2. Network security strategy

  • Network security in the SABSA Matrix
  • Goals of network security; network security decoupled and distinct from application security
  • Business drivers for network security; SABSA Business Attributes Profiling for network security; control objectives for network security

3. Network security policy

  • Goals of network security policy
  • SABSA security policy architecture related to network security policy
  • Network security policy principles
  • Outsourced network services and security policy
  • Defining network domains, domain owners and domain policies

4. Conceptual and logical network security architecture

  • Network security in the SABSA layered infrastructure reference architecture
  • Network security services
  • Logical network architectures based on domains; extranets and intranets
  • Authorisation, authentication and access control for network services and network management

5. Physical network security architecture

  • Physical network infrastructure
  • Mechanisms for implementing network security services
  • Cryptographic techniques applied to network security
  • Network boundaries, gateways and bastion hosts
  • Remote network access architectures
  • VPN and firewall architectures
  • Robust and resilient network infrastructure configurations for high availability; diverse routing and redundancy

6. Network management architecture

  • SABSA network management reference architecture
  • Security of network management
  • Management of network security
  • Intrusion detection technologies
  • Incident management processes
  • Penetration testing
  • Vulnerability tracking
  • Intelligence gathering