SABSA Practitioner: Architecture & Design

 

 

Module PT2: SABSA Network Security Architecture and Design - Course Description

 

Presented by David Lynas

 

Network Security

The job of the network is information transfer. Think of it as a postal or courier service, collecting letters and parcels from some locations and delivering them to others. It is not the concern of the courier to know what is inside the packages, other than perhaps to put some size and weight restrictions on them for convenience of transfer.  A data communications network is very like this – concerned with transferring packages of information between applications without having any knowledge of the contents of the packages.

 

Once you grasp this concept, understanding the purpose and scope of network security is clear. Network security is concerned with protecting the transfer service – making sure all the packages get collected and delivered to the right places, at the right time, in the correct sequence, that none get damaged, lost or stolen, and that the network customers – the applications – pay the proper rates for the service.  By contrast, application security deals with the protection of the contents of the packages. 

 

This distinction is at its most obvious when the network owner and the application owner are completely separate organisations.  The network service provider needs security to protect the network services, but the application owner needs to ensure that the contents of the packages sent through the network are securely wrapped for confidentiality purposes, and that if the network service allows a package to be damaged, lost or stolen, this can be detected.

 

This SABSA course module is based upon this clear distinction between the network security strategy and the application security strategy, a distinction and a decoupling that is key to developing appropriate enterprise security architectures.

Course Overview

This 2-day course provides participants with a practical guide on how to design and implement network security strategies and architectures in the wider context of a SABSA-based enterprise information security architecture and risk management programme. This course is not a technical detail course; it is a course on how to apply SABSA models and processes to developing a network security strategy, policy and architecture.

High-Level Learning Objectives

After attending this course a course attendee will be able to:

 

  • Apply the SABSA framework to define the business requirements for network security within a given enterprise
  • Analyse the business requirements to build a SABSA Business Attributes Profile that reflects the needs of the enterprise for network security
  • Use the SABSA Business Attributes Profile to create a set of focused control objectives covering all aspects of network security
  • Plan, design, implement and manage a network security strategy and architecture within the SABSA framework
  • Plan, design, implement and manage networks and sub-networks at the conceptual, logical, physical and component layers of the SABSA framework
  • Develop and implement SABSA-aligned operational processes for secure management of network services and managing network security
  • Apply the SABSA framework as a template against which to audit designs and implementations of networks and network management processes

Pre-Requisite Knowledge

There are no pre-requisites for attending this course or for sitting the SABSA Institute PT2 examination on completion of the course. However, attendees will probably benefit most if they have some previous knowledge of the SABSA framework, and for those wishing to be awarded the SABSA Chartered Practitioner Certificate, they will need to complete the SABSA Chartered Foundation Certificate before the Practitioner award can be made.

What a Course Attendee will take away

  • A comprehensive knowledge of the principles and practice of network security within the SABSA framework
  • The skill and knowledge to plan, design, implement and manage a network security strategy and architecture within the SABSA framework
  • A practical SABSA-based approach to managing network security in line with the needs of the business

Who Should Attend

  • CIO / CISO / CTO / CIRO
  • IT Strategists and Planners
  • IT Architects
  • IT Development Managers and Project Leaders
  • Specialist Designers and Developers of Networks
  • Network Managers and Architects
  • Network / Information Security Managers, Advisors, Consultants & Practitioners
  • IT Line Managers
  • IT and Network Service Delivery Managers
  • Internal and External Auditors

Methodology

The course consists of lectures and workshop sessions, supplemented by case studies drawn from a combination of published real life examples and/or practical experience.  In the workshops attendees will work in small groups to synthesise ideas and strategies and to apply the material in the context of case studies and simulations.  Open forum discussions will also feature where appropriate.

 

Lecture content is naturally less intense than in Foundation classes, with more emphasis on practical work.  The course focuses heavily on developing the skills and knowledge for a practitioner through hands-on workshop sessions and discussions, so as to provide the appropriate balance and emphasis on practice rather than theory.

 

During the course many references will be made to Enterprise Security Architecture: A Business Driven Approach (Sherwood, Clark and Lynas, ISBN 1-57820-318-X) for technical details that cannot be covered in full during the lecture programme. Every course attendee will therefore need to have a copy of this book. If you already own one, please bring it with you. If you would like to purchase one from us then please order your copy along with the course.