The increasing tempo of cyber attacks by cyber criminals, state sponsored actors, and hacktivists is a major concern for all organisations within government and industry. The internet is now a hostile environment where businesses can be destroyed overnight. The sophistication of cyber attack is challenging even the most capable cyber defender, and is well beyond the preventative capability of most organisations. Attacks will be successful, and there is an increasing requirement for businesses to monitor their systems and networks, and to respond effectively to incidents.
One of the key challenges for the security team is to be able to articulate to management why a specific operational capability is required, and to ensure the capability most effectively integrates with the overall technology strategy for the business. This requires the ability to trace business requirements down to the monitoring solutions, and to trace the solutions back to business requirements. It also requires an understanding of the impact of a cyber incident to justify the type and extent of response capabilities.
The SABSA Advanced A4 module provides participants with a comprehensive understanding of how the SABSA framework can be applied to deliver effective incident management and monitoring. Through a series of innovative presentations, case studies, and workshops, you will develop the knowledge and skills to use the most proven security architecture, design and service management processes in a way which ensures comprehensive and effective monitoring and incident management capabilities are achieved. This course approaches the incident management and monitoring capabilities in the context of both a baseline security operations center and the requirements which justify its development into an advanced security operations center.
The top ten competencies developed on this course are:
This course is of particular significance for anyone operating, or planning to operate, a Security Operations Center. The course thoroughly addresses security operations, with emphasis on incident management and security event monitoring. It addresses the architecture of a baseline SOC capability and the roadmap to an Advanced SOC. Typical attendance includes:
Face-to-face classroom training
SABSA Advanced Module A4:
Incident, Monitoring & Investigations Architecture
$4620 + gst
Due to the nature of Advanced course modules and examination, it is required that participants bring personal computing devices in order to create, discuss, share, populate and store personal work product in portable, editable form, such that it can be applied extensively:
Candidates are responsible for ensuring the computing devices they use are pre-loaded with all software that may be appropriate to their needs including word processors, spread sheets, databases, and diagramming tools.
The SABSA Foundation Certificate is a pre-requisite for the SABSA Advanced modules.
The examination approach for a SABSA Advanced Course is totally different from that used at Foundation Level. Candidates are required to demonstrate advanced competencies to use the SABSA method and framework.
The examination is therefore entirely “open book” and project-based. Examination papers contain 5 questions from which candidates must choose 2 to answer. Using examples from real working environments, or by creating a case study, or a combination of both, candidates are required to assess issues, evaluate solution approaches, and customise and apply the SABSA method and framework to create and populate appropriate SABSA work-products (techniques, tools, templates, models, frameworks, etc.).
Examination answers must be provided within 4 weeks of the examination date.
Please understand that this more flexible format means your results will take longer than for Foundation – marking will only begin when the last delegate’s exam is submitted which means it could take 10 to 12 weeks for notification if several delegates take the full four weeks to submit their exams.