SABSA® is the world’s leading open security architecture framework and methodology. SABSA is a top-to-bottom framework and methodology to conceive, conceptualise, design, implement and manage security in a business-driven model.

The term ‘business-driven’ is the key to SABSA’s power, and its acceptance. SABSA is all about empowering the organisation to do business as it needs and wants to do, while ensuring that it is secured and fully enabled. SABSA is an open and inclusive standard that readily integrates with other frameworks and tools such as ITIL, 17799/27000 series, COBIT and the like. It can be used as a compliance and governance framework for complex sets of standards.

SABSA is used commonly as the security parallel and tool set for organisations using the world’s leading IT Architecture Framework – Zachman.

SABSA Roadmap

The SABSA Certification Program is structured into three areas – Foundation (the mandatory base for all certification), Advanced Modules (counting towards Practitioner and Masters certification), and Topical Master Classes (two-day non- exam events covering specialty areas and offering credits towards certification).

There are five core career streams:

  • Advanced Risk, Assurance & Governance
  • Advanced Architectural Design
  • Advanced Architecture Programme Management
  • Advanced Incident, Monitoring & Investigations Architecture
  • Advanced Business Continuity & Crisis Management

Unlike the previous roadmap which forced strict paths along specific streams, these can be mixed-and-matched (along with the Master Classes) to give you exactly the skill set required in your chosen career.

Learning outcomes

F1 –  Security Strategy and Planning

This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation.

The top ten competencies developed on this course are:

  • Define enterprise security architecture, its role, objectives  and benefits
  • Describe the SABSA model,  architecture matrix, service management matrix and terminology
  • Describe SABSA principles, framework, approach and lifecycle
  • Use business goals and objectives to engineer information security requirements
  • Create a business attributes taxonomy
  • Apply key architectural defence-in-depth concepts
  • Explain security engineering principles, methods and techniques
  • Use an architected approach to design an integrated compliance framework
  • Describe and design appropriate policy architecture
  • Define security architecture value proposition, measures and metrics

F2 – Security Service Management and Design

This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services.

Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices.

The top ten competencies developed on this course are:

    • Use SABSA to create an holistic framework to align and integrate standards
    • Describe roles, responsibilities,  decision-making and organisational structure
    • Explain the integration of SABSA into a service management environment
    • Define Security Services
    • Describe the placement of security services within ICT Infrastructure
    • Create a SABSA Trust Model
    • Describe and model security associations intra-domain and inter-domain
    • Explain temporal factors in security and sequence  security services
    • Determine an appropriate start-up approach for SABSA Architecture
    • Apply SABSA Foundation level competencies to your  own environment

Who should attend

  • CIO / CISO / CRO / CIRO
  • IT Strategists and Planners
  • IT Architects
  • IT Development Managers and Project Leaders
  • Software Managers and Architects
  • Computer / Information Security Managers, Advisors, Consultants & Practitioners
  • IT Line Managers
  • IT Service Delivery Managers
  • Risk Managers
  • Internal and External Auditors

SABSA Key Points

SABSA is used extensively by global business and governments around the world.

  • SABSA provides a world-leading approach to the development and deployment of solutions to manage cyber risk, assurance and security in a globally accelerating digital business environment.
  • Since the launch of the SABSA certification program in 2007, InfoSec professionals in 43 countries have obtained SABSA Certification
  • Top-tier banks around the globe have adopted SABSA for their security architecture framework
  • Major Government departments – particularly those concerned with defence, security and law enforcement – have adopted SABSA
  • The SABSA Institute and The Open Group have announced collaboration in the development of the next generation TOGAF. This joint development puts SABSA Business Attributes Profiling (BAP) at the heart of the TOGAF Architecture Development Method (ADM) for requirements management – not just for security, but also for all aspects of business requirements definition.

Course contents

This 5-day Foundation Certificate program has been designed to provide participants with a thorough coverage of the knowledge required for the SABSA Foundation Level Certificate. It is structured in two modules:

  • Module F1: Security Strategy & Planning
  • Module F2: Security Service Management

Module F1: Security Strategy & Planning

This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation:

THE SABSA FRAMEWORK

1. Information Security Strategy, Benefits and Objectives

  • Security: A Cultural Legacy as a Business Constraint
  • Technical Legacy of Tactical Point Solutions
  • Security Strategy, Tactics and Operations
  • Critical Success Factors for Business, IT and Security
  • Measuring and Prioritising Business Risk
  • Enabling Business and Empowering Customers
  • Adding Value to the Core Product
  • Protecting Relationships and Leveraging Trust

2. Introduction to SABSA Best Practice

  • Information Security and its Role in the Modern Enterprise
  • Enterprise Security Architecture: Definition and Principles
  • The History of SABSA Development
  • Introduction to the SABSA Model
  • The Business View of Security: Contextual Architecture
  • The Architect’s View of Security: Conceptual Architecture
  • The Designer’s View of Security: Logical Architecture
  • The Builder’s View of Security: Physical Architecture
  • The Tradesman’s View of Security: Component Architecture
  • The Service Manager’s View of Security: Operational Architecture
  • Traceability from Business Requirements to Deployed Solutions
  • The SABSA Matrix and Service Management Matrix

INFORMATION SECURITY STRATEGY

3. Business Requirements & How To Define Them

  • Business Goals, Success Factors and Operational Risks
  • Business Processes and the Need for Security
  • Location Dependence of Enterprise Security Needs
  • Organisation and Relationships Affecting Enterprise Security
  • Time Dependency of Enterprise Security
  • Collecting Enterprise Requirements for Security
  • Creating a Business Attributes Profile
  • Defining Control Objectives

4. Strategic Concepts & How To Apply Them

  • Managing Complexity
  • Systems Engineering for Security
  • Architectural Layering
  • End-to-End Security
  • Defence-in-Depth Models
  • Security Domains
  • Security Associations
  • Trust Modelling
  • Organisation & Workflow
  • Infrastructure Strategy
  • Management Strategy

SABSA PRACTITIONER GUIDE

5. The Strategy Programme & Architecture Delivery

  • The SABSA Development Process
  • The SABSA Lifecycle
  • Strategy and Concept Phase Processes and Sub-processes
  • Design Phase Processes and Sub-processes
  • Implement Phase Processes and Sub-processes
  • Manage and Measure Phase Processes and Sub-processes
  • Top-down Decomposition of the SABSA Model
  • Scope, Deliverables and Project Sequencing

6. Managing The Strategic Programme

  • Introduction to Return on Investment & Return of Value
  • Defining the Benefits and Value Propositions
  • Selling the Benefits
  • Getting Sponsorship and Budget
  • Building the Team
  • Team Competency Assessment & Development
  • Programme Planning and Management
  • ‘Fast Track’ Start-up Programmes
  • Collecting the Information You Need
  • Gaining Consensus on the Conceptual Architecture
  • Strategic Architecture Governance, Compliance and Maintenance
  • Identifying Quick Wins and Gaining Long Term Confidence

Module F2: Security Service Management

This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices:

THE SABSA SECURITY MANAGEMENT FRAMEWORK

1. The SABSA Security Management Framework

  • SABSA in the I.T. Lifecycle
  • Using SABSA To Integrate Other Methods, Models & Standards
  • SABSA and the ITIL Framework
  • SABSA and CobIT
  • SABSA and Project Management Standards
  • SABSA and ISO Security Standards
  • SABSA and IT Architecture

THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK

2. Security Policy Management

  • Policy Principles
  • Policy Content, Hierarchy & Architecture
  • Security Policy Making
  • Information & Systems Classification
  • Third Party & Outsourcing Strategy & Policy Management

3. Operational Risk Management

  • The Meaning of Risk
  • Risk Philosophy & Methodology
  • Corporate Governance & Enterprise Risk Management
  • Risk Measurement and Risk Assessment
  • Risk Mitigation
  • Risk Appetite
  • Risk Management Tools
  • Measuring Success of Risk Management

THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK

4. Security Organisation & Responsibilities

  • Security Governance
  • Security Culture Development, Training & Awareness
  • Ownership & Custody
  • Service Provider & Customer Roles in Security Management
  • Enterprise Audit & Review Framework

5. Assurance of Operational Continuity

  • Business Continuity Planning
  • Contingency Planning
  • Crisis Management
  • Business Recovery Planning

6. Systems Assurance

  • Technical Assurance of Security Correctness & Completeness
  • Managing the Assurance Process for Systems & Software Development
  • Assuring Integrity and Acceptable Use of Systems & Software
  • Principles of Multi-phased Testing

SECURITY SERVICES DESIGN

7. Security Services Architecture

  • Information as the Logical Representation of Business
  • Logical Entities & Their Relationships
  • Using Trust Models to Define Security Services
  • Security Domains, Domain Definitions & Associations
  • Security Processing Cycle

8. Security Infrastructure Services

  • Security Rules, Practices & Procedures
  • Security Mechanisms
  • User Security
  • Platform & Network Security
  • Infrastructure for Service Delivery
  • Technical Standards & Components

SECURITY SERVICES DELIVERY & SUPPORT

9. Operational Security Services

  • Incident Management
  • Incident Response
  • Problem Management
  • Change Management
  • Continuity, Crisis & Recovery Management

10. Security Administration & Management

  • Security Service Management
  • Security Mechanism Management
  • Security Component Management
  • System Management & Administration
  • User Management & Administration
  • Security Audit Management
  • Security Operations
  • Product Evaluation & Selection

SECURITY SERVICES PERFORMANCE MEASUREMENT

11. Return on Investment & Return of Value

  • Return on Investment
  • Net Present Value
  • Internal Rate of Return
  • Defining Value Metrics
  • Business Attributes & Return of Value

12. Security Measures & Metrics

  • Why Do We Need Measures & Metrics
  • Measurement Approaches
  • Defining Metrics
  • Benchmarking Security
  • Remedial Project Planning
  • Maturity Models Applied to Security

Course fees

Face-to-face classroom training

Course

Fees A$ per person

SABSA® Foundation Course + Certificate Exam

$4420 + gst

Prerequisites:

The SABSA Foundation Level certification neither requires nor assumes any experience in any branch of security.

Examination:

There are two SABSA Foundation exams, both held at the end of the fifth day. Each exam is of one-hour duration and contains 48 multiple choice questions. The SABSA Foundation Certificate is issued to candidates who pass both Foundation Level exams.

Face-to-face classroom training
 

Independent User View:

"Why everyone in InfoSec should do SABSA training"
  • Staff have been extremely positive and supportive.
    Principal consultant | OMNI EXECUTIVE
  • Our trainer was excellent. He made it fun and interesting. Plus we all passed. Fantastic. I feel comfortable that my future projects will be very successful. Pace - Spot on.
    IT Professional | Information Technology
  • "The course was excellent. The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "Excellent service provided by ALC customer service. Trainer has exceptionally good training skills and brilliant style of communication. Excellent coach."
    Trainer: Michael Fong Principal  |  Fujitsu Australia Ltd
  • Laurence has incredible subject matter expertise and his person anecdotes added a lot to the learning.
  • Would highly recommend ALC and Laurence for training and obtaining one's certification in Agile PM
    Demi Anderson, Programme Manager
  • Leigh was fantastic. Without doubt the most accurate and interesting presenter by leaps and bounds. Very inspirational.
    System Analyst | Department of Corporate and Information Services
  • "The course was excellent.   The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "In regards to the course, the stakeholder and participants were wrapped. The trainer was attentive and engaged and the material was relevant and professional."
    Kathleen O’Riley Learning and Development Advisor  |  SA Water Corporation Course: Business Relationship Management Professional (BRMP®) Trainer: Darren Dove
  • "Excellent course and while content was quite laborious and intense, Peter's delivery was excellent; particularly the 'war stories' and examples provided."
    Russell Close | Head of IT  |  Bennelong Funds Management
  • Well presented and great depth of knowledge by the trainer. A very professional delivery!
  • Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.
  • Very quick response from Customer service upon enquiry.
  • I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.
    Service Assurance Release Manager | Westpac Banking Corporation
  • Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as atop level training services provider.
    Operations Transition Manager |  Motorola Solutions Australia Pty Ltd
  • The trainer was a great facilitator - lots of real life examples and I felt very prepared for the exam.
    Help Desk Team Leader | Bank SA
  • "Very good training session.  Trainer used multiple examples of non-IT situations to cover various aspects of what was being taught which made it not only easier to understand but also interesting."
    Senior Applications Specialist | Fairfax Media
  • The instructor was clearly knowledgeable, good-humoured and enthusiastic. I did not see anyone fall asleep. Given the notoriety of this course, I sincerely feel that that was a major "achievement".I do feel that I have greatly expanded my knowledge and that I will be more productive at work - The Hallmark of a successful course in my opinion. I would recommend ALC to others. Thank you and well done!
  • Peter’s real world samples went a long was in understanding the content.Waleed Al-Atm – Dept. Justice & Regulation
  • Excellent course that was very well presented and benefited immensely from Darren's practical experience in Service

    Management. Thanks Darren!

    National IT Manager | Information Technology

  • Excellent course and while content was quite laborious and intense, Peter’s delivery was excellent; particularly the ‘war stories’ and examples provided.
  • Michelle Zgalin displays an extremely thorough knowledge of the course content. Pace of the course tailored to suit participants. Presentation of content very good. Ability to deliver large amounts of content was impressive. :)
    PRINCE2 Melbourne Senior Business Analyst | VMIA | Risk Management & Insurance
  • A brilliant trainer, she really knows her stuff and manages to get the most out of us, it was almost like a continuation from Foundation.  I felt like I hadn't left.
    Executive Assistant | Guild Group Holdings Limited
  • Very worthwhile course - learned a lot! Intense, but very well structured. Great Trainer:)."
    Business Analyst | VMIA | Risk Management & Insurance
  • The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with  me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity
    Service Delivery Manager | NEC Australia Pty Ltd
  • Great Job, one of the best trainers I have had.  Could not have asked for more.
    ISG | University of New England
  • Really well structured course, very qualified presenter, engaging presentation style, high quality course materials.  Relevant and useful information discussed with a good balance of theory vs "Real World" examples. I thoroughly enjoyed this course, would highly recommend to others.
    Samantha, Program Coordinator, Transport NSW
  • "Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge."
    Manager, IT Risk & Assurance | Ernst & Young
  • "David's vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses."
    Information Security Consultant  | Westpac
  • "Thanks David for making this course enjoyable and knowledgeable.  Your experience and insights have been very valuable."
    Security Solutions Designer | Westpac
  • We’ve been training and presentation since 1994. See what just some of our successful delegates have to say about getting certified with ALC Training.“David’s vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses.”
    Information Security Consultant | Westpac
  • “Neil was very good in sharing his knowledge using relevant examples.”
    IT Support Officer | Cricket Australia
  • “Good understanding of ITIL Foundations. Neil is a great presenter with excellent people skills & real world experiences.”
    State ICT Manager | Hassell
  • “Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as a top level training services provider.”
    Operations Transitions Manager Motorola Solutions Australlia Pty Ltd
  • “I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.”
    Service Assurance Release Manager | Westpac Banking Corporation
  • “Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge.”
    Manager, IT Risk & Assurance | Ernst & Young
  • “Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.”
    Manager | ANZ Banking Group
  • “Extremely good – presenter’s experience and depth of knowledge very visible. The trainer was excellent! Good examples, good discussions.”
    Project Manager | Shell Company of Australia Limited Melbourne
  • “The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity.”
    Service Delivery Manager | NEC Australia Pty Ltd
  • “I would be happy to recommend Axel to all those looking at a TOGAF training course. His subject matter expertise in TOGAF and his ability to relate to real world examples and experience was fundamental in helping me passing my exam.”
    Daniel Garcia, IT Architect, Strategy and PMO Manager | ANSTO