SABSA Foundation: Course Contents | ALC Training News

  • No comments

This 5-day Foundation Certificate program has been designed to provide participants with a thorough coverage of the knowledge required for the SABSA Foundation Level Certificate. It is structured in two modules:

  • Module F1: Security Strategy & Planning
  • Module F2: Security Service Management

Module F1: Security Strategy & Planning

This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation:

THE SABSA FRAMEWORK

1. Information Security Strategy, Benefits and Objectives

  • Security: A Cultural Legacy as a Business Constraint
  • Technical Legacy of Tactical Point Solutions
  • Security Strategy, Tactics and Operations
  • Critical Success Factors for Business, IT and Security
  • Measuring and Prioritising Business Risk
  • Enabling Business and Empowering Customers
  • Adding Value to the Core Product
  • Protecting Relationships and Leveraging Trust

2. Introduction to SABSA Best Practice

  • Information Security and its Role in the Modern Enterprise
  • Enterprise Security Architecture: Definition and Principles
  • The History of SABSA Development
  • Introduction to the SABSA Model
  • The Business View of Security: Contextual Architecture
  • The Architect’s View of Security: Conceptual Architecture
  • The Designer’s View of Security: Logical Architecture
  • The Builder’s View of Security: Physical Architecture
  • The Tradesman’s View of Security: Component Architecture
  • The Service Manager’s View of Security: Operational Architecture
  • Traceability from Business Requirements to Deployed Solutions
  • The SABSA Matrix and Service Management Matrix

INFORMATION SECURITY STRATEGY

3. Business Requirements & How To Define Them

  • Business Goals, Success Factors and Operational Risks
  • Business Processes and the Need for Security
  • Location Dependence of Enterprise Security Needs
  • Organisation and Relationships Affecting Enterprise Security
  • Time Dependency of Enterprise Security
  • Collecting Enterprise Requirements for Security
  • Creating a Business Attributes Profile
  • Defining Control Objectives

4. Strategic Concepts & How To Apply Them

  • Managing Complexity
  • Systems Engineering for Security
  • Architectural Layering
  • End-to-End Security
  • Defence-in-Depth Models
  • Security Domains
  • Security Associations
  • Trust Modelling
  • Organisation & Workflow
  • Infrastructure Strategy
  • Management Strategy

SABSA PRACTITIONER GUIDE

5. The Strategy Programme & Architecture Delivery

  • The SABSA Development Process
  • The SABSA Lifecycle
  • Strategy and Concept Phase Processes and Sub-processes
  • Design Phase Processes and Sub-processes
  • Implement Phase Processes and Sub-processes
  • Manage and Measure Phase Processes and Sub-processes
  • Top-down Decomposition of the SABSA Model
  • Scope, Deliverables and Project Sequencing

6. Managing The Strategic Programme

  • Introduction to Return on Investment & Return of Value
  • Defining the Benefits and Value Propositions
  • Selling the Benefits
  • Getting Sponsorship and Budget
  • Building the Team
  • Team Competency Assessment & Development
  • Programme Planning and Management
  • ‘Fast Track’ Start-up Programmes
  • Collecting the Information You Need
  • Gaining Consensus on the Conceptual Architecture
  • Strategic Architecture Governance, Compliance and Maintenance
  • Identifying Quick Wins and Gaining Long Term Confidence

Module F2: Security Service Management

This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices:

THE SABSA SECURITY MANAGEMENT FRAMEWORK

1. The SABSA Security Management Framework

  • SABSA in the I.T. Lifecycle
  • Using SABSA To Integrate Other Methods, Models & Standards
  • SABSA and the ITIL Framework
  • SABSA and CobIT
  • SABSA and Project Management Standards
  • SABSA and ISO Security Standards
  • SABSA and IT Architecture

 THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK

2. Security Policy Management

  • Policy Principles
  • Policy Content, Hierarchy & Architecture
  • Security Policy Making
  • Information & Systems Classification
  • Third Party & Outsourcing Strategy & Policy Management

3. Operational Risk Management

  • The Meaning of Risk
  • Risk Philosophy & Methodology
  • Corporate Governance & Enterprise Risk Management
  • Risk Measurement and Risk Assessment
  • Risk Mitigation
  • Risk Appetite
  • Risk Management Tools
  • Measuring Success of Risk Management

 THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK

4. Security Organisation & Responsibilities

  • Security Governance
  • Security Culture Development, Training & Awareness
  • Ownership & Custody
  • Service Provider & Customer Roles in Security Management
  • Enterprise Audit & Review Framework

5. Assurance of Operational Continuity

  • Business Continuity Planning
  • Contingency Planning
  • Crisis Management
  • Business Recovery Planning

6. Systems Assurance

  • Technical Assurance of Security Correctness & Completeness
  • Managing the Assurance Process for Systems & Software Development
  • Assuring Integrity and Acceptable Use of Systems & Software
  • Principles of Multi-phased Testing

 SECURITY SERVICES DESIGN

7. Security Services Architecture

  • Information as the Logical Representation of Business
  • Logical Entities & Their Relationships
  • Using Trust Models to Define Security Services
  • Security Domains, Domain Definitions & Associations
  • Security Processing Cycle

8. Security Infrastructure Services

  • Security Rules, Practices & Procedures
  • Security Mechanisms
  • User Security
  • Platform & Network Security
  • Infrastructure for Service Delivery
  • Technical Standards & Components

 SECURITY SERVICES DELIVERY & SUPPORT

9. Operational Security Services

  • Incident Management
  • Incident Response
  • Problem Management
  • Change Management
  • Continuity, Crisis & Recovery Management

10. Security Administration & Management

  • Security Service Management
  • Security Mechanism Management
  • Security Component Management
  • System Management & Administration
  • User Management & Administration
  • Security Audit Management
  • Security Operations
  • Product Evaluation & Selection

 SECURITY SERVICES PERFORMANCE MEASUREMENT

11. Return on Investment & Return of Value

  • Return on Investment
  • Net Present Value
  • Internal Rate of Return
  • Defining Value Metrics
  • Business Attributes & Return of Value

12. Security Measures & Metrics

  • Why Do We Need Measures & Metrics
  • Measurement Approaches
  • Defining Metrics
  • Benchmarking Security
  • Remedial Project Planning
  • Maturity Models Applied to Security

ALC Training