The SABSA (Sherwood Applied Business Security Architecture) framework has evolved as a "best practice" method for delivering cohesive information security architectures and solutions to enterprises.
The Foundation level cosnsists of two training modules, combined as a 5-day programme:
Module F1 - SABSA Security Strategy and Planning
Module F2 - SABSA Security Service Management and Design
Learning Outcomes
The top ten competencies developed on this course are:
Define information security and architecture and their role in the modern enterprise
Explain security engineering principles, methods and techniques
Describe the SABSA model, architecture matrix, service management matrix, and terminology
Describe SABSA principles, framework, approach and lifecycle
Use business goals and objectives to model information security requirements
Describe methodologies for business case development and enterprise value propositions
Apply key concepts and principles to the design of information security strategy
Define architecture governance, compliance and maintenance processes
Create a business attributes taxonomy
Describe security domain models and explain conceptual business trust models
Module F1: Security Strategy and Planning
This module provides participants with a comprehensive background and understanding of how the SABSA framework and how it delivers successful security strategy and architecture. It is presented in the form of presentations, case studies and workshops. Participants will develop the skills to apply SABSA for security architecture design and managemen, as well as to develop comprehensive information security and security architecture strategyies applicable ande relevant to your organisation:
THE SABSA FRAMEWORK
1. Information Security Strategy, Benefits and Objectives
Security: A Cultural Legacy as a Business Constraint
Technical Legacy of Tactical Point Solutions
Security Strategy, Tactics and Operations
Critical Success Factors for Business, IT and Security
Measuring and Prioritising Business Risk
Enabling Business and Empowering Customers
Adding Value to the Core Product
Protecting Relationships and Leveraging Trust
2. Introduction to SABSA Best Practice
Information Security and its Role in the Modern Enterprise
Enterprise Security Architecture: Definition and Principles
The History of SABSA Development
Introduction to the SABSA Model
The Business View of Security: Contextual Architecture
The Architect’s View of Security: Conceptual Architecture
The Designer’s View of Security: Logical Architecture
The Builder’s View of Security: Physical Architecture
The Tradesman’s View of Security: Component Architecture
The Service Manager’s View of Security: Operational Architecture
Traceability from Business Requirements to Deployed Solutions
The SABSA Matrix and Service Management Matrix
INFORMATION SECURITY STRATEGY
3. Business Requirements & How To Define Them
Business Goals, Success Factors and Operational Risks
Business Processes and the Need for Security
Location Dependence of Enterprise Security Needs
Organisation and Relationships Affecting Enterprise Security
Time Dependency of Enterprise Security
Collecting Enterprise Requirements for Security
Creating a Business Attributes Profile
Defining Control Objectives
4. Strategic Concepts & How To Apply Them
Managing Complexity
Systems Engineering for Security
Architectural Layering
End-to-End Security
Defence-in-Depth Models
Security Domains
Security Associations
Trust Modelling
Organisation & Workflow
Infrastructure Strategy
Management Strategy
SABSA PRACTITIONER GUIDE
5. The Strategy Programme & Architecture Delivery
The SABSA Development Process
The SABSA Lifecycle
Strategy and Concept Phase Processes and Sub-processes
Design Phase Processes and Sub-processes
Implement Phase Processes and Sub-processes
Manage and Measure Phase Processes and Sub-processes
Top-down Decomposition of the SABSA Model
Scope, Deliverables and Project Sequencing
6. Managing The Strategic Programme
Introduction to Return on Investment & Return of Value
Defining the Benefits and Value Propositions
Selling the Benefits
Getting Sponsorship and Budget
Building the Team
Team Competency Assessment & Development
Programme Planning and Management
‘Fast Track’ Start-up Programmes
Collecting the Information You Need
Gaining Consensus on the Conceptual Architecture
Strategic Architecture Governance, Compliance and Maintenance
Identifying Quick Wins and Gaining Long Term Confidence
Module F2: Security Service Management
This module leverages the strategies defined in Foundation Module One to create the roadmap to design, deliver and support applicable and high-quality security services. Participants will learn how to design, deliver and support a security services architecture that integrates fully and seamlessly with their IT and business environments:
THE SABSA SECURITY MANAGEMENT FRAMEWORK
1. The SABSA Security Management Framework
SABSA in the I.T. Lifecycle
Using SABSA To Integrate Other Methods, Models & Standards
SABSA and the ITIL Framework
SABSA and CobIT
SABSA and Project Management Standards
SABSA and ISO Security Standards
SABSA and IT Architecture
THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK
2. Security Policy Management
Policy Principles
Policy Content, Hierarchy & Architecture
Security Policy Making
Information & Systems Classification
Third Party & Outsourcing Strategy & Policy Management
3. Operational Risk Management
The Meaning of Risk
Risk Philosophy & Methodology
Corporate Governance & Enterprise Risk Management
Risk Measurement and Risk Assessment
Risk Mitigation
Risk Appetite
Risk Management Tools
Measuring Success of Risk Management
THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK
4. Security Organisation & Responsibilities
Security Governance
Security Culture Development, Training & Awareness
Ownership & Custody
Service Provider & Customer Roles in Security Management
Enterprise Audit & Review Framework
5. Assurance of Operational Continuity
Business Continuity Planning
Contingency Planning
Crisis Management
Business Recovery Planning
6. Systems Assurance
Technical Assurance of Security Correctness & Completeness
Managing the Assurance Process for Systems & Software Development
Assuring Integrity and Acceptable Use of Systems & Software
Principles of Multi-phased Testing
SECURITY SERVICES DESIGN
7. Security Services Architecture
Information as the Logical Representation of Business
The SABSA Foundation Certificate is issued to candidates who pass both Foundation Level exams. The exams are held at the end of the fifth day and each paper is of one-hour duration and contains 48 multiple choice questions.
Who Should Attend?
CIO / CISO / CRO / CIRO
IT Strategy Conusltants
Enterprise, IT, Security and other Domain Architects
IT Managers
IT Programme and Project Managers
IT/Information Security Managers, Advisors, Consultants and Practitioners