SABSA® Foundation (F1 & F2)

SABSA® Foundation (F1 & F2)

The SABSA® Foundation Modules (F1 & F2) are the SABSA® Institute’s official starting point for developing Security Architecture Competencies. They are designed to create a broad-spectrum of knowledge and understanding of the SABSA® method, its frameworks, concepts, models & techniques. Theories and concepts are put to the test in ‘proof-of-concept’ style, case study exercises, and workshops so that candidates can understand how SABSA® is best applied to meet the challenges of the real world.

The following is a summary of the features and advantages of SABSA ®

Business-Driven Value-assured
Risk-Focused Prioritised & proportional responses
Comprehensive Scalable scope
Modular Agility – ease of implementation & management
Open Source (protected) Free use, open source, global standard
Auditable Demonstrates compliance
Transparent Two-way traceability


Key topics covered in the training include:

  • Principles of Security Architecture
  • Policy Architecture Framework
  • Risk & Opportunity Modelling
  • Security Domain Concepts
  • SABSA Governance Framework
  • Entity & Trust Modelling
  • Information Security & Data Security Architectures
  • And other related topics
Course Outline
1.       Module F1 – Security Strategy & Planning
1.         Principles & Objectives of Security Architecture a.      Enterprise Security Architecture

b.      Guiding Principles

c.      The Engineer’s Complex System & Holistic Approach

d.      Features, Advantages & Benefits

2.        The SABSA® Framework a.      The SABSA® Matrix

b.      The SABSA® Service Management Matrix

c.      Traceability Concepts

3.        Business Requirements Engineering & Attributes Profiling a.      Business Target Abstraction Technique

b.      Attributes

4.       Risk & Opportunity Modelling a.      Risk Management in Business & Architecture

b.      Assessing Risk Using Attributes

c.      The SABSA® Opportunity Model

d.      Removing Subjectivity & Creating Re-usable Structure

5.        Policy Architecture Framework a.      The SABSA® Policy Framework

b.      SABSA® Domains & Policy

c.      Creating the Policy Model

6.        Systems Engineering & Integrated Compliance a.      Systems Engineering Principles in SABSA®

b.      SABSA®’s Integrated Compliance Framework

7.        Capability-based Defence-in-Depth a.      Control Strategy

b.      The SABSA® Multi-tiered Control Strategy

8.       SABSA® Governance Framework a.      SABSA® Governance Model

b.      SABSA® Roles & Responsibilities Framework

9.        Security Domain Concepts a.      Domain Types

b.      Domain Models

c.      Registration & Certification

d.      Systemic Risk Interactions Between Domains

10.      Security Time & Performance Concepts a.      SABSA® Lifecycle

b.      Through-life Risk Management Framework

c.      Process Improvement Framework

d.      Performance Management Framework

e.      Architectural Vitality Framework

2.      Module F2 – Security Services & Service Management
1.       Information Security & Data Security Architectures


a.      The Design Phase – Logical, Physical & Component Layers

b.      Service Management Overlay for the Design Phase Layers

c.      Principles of Integration & Alignment

d.      Start-up Approaches

2.      Risk Treatment Architecture a.      Risk Treatment & Policy Management Architecture

b.      The SABSA® Assurance Model

3.      Transformation & Service Architecture a.      Top-down Process Analysis in SABSA®

b.      Securing Information Transformations & Information Flows

c.      Security Services Definition & Modelling Processes

d.      Security Service Management Value Proposition

4.      Entity & Trust Modelling a.      Trust & Trust Models

b.      Decomposing Complex Trust in Solutions Specification

5.      Security Associations Modelling a.      Security Associations Modelling

b.      Inter-Domain Complexities

c.      The Extended Domain Concept

6.      Security Service Sequencing & Performance Management a.      Temporal Considerations for Security Architecture

b.      Security Service Sequencing

Competency Development Outcomes
Module F1 – Security Strategy & Planning Module F2 – Security Service Management & Design
1. Define enterprise security architecture, its role, objectives and benefits. Use SABSA® to create a holistic framework to align and integrate standards
2. Describe the SABSA® model, architecture matrix, service management matrix and terminology. Describe roles, responsibilities, decision-making and organisational structure
3. Describe SABSA® principles, framework, approach and lifecycle. Explain the integration of SABSA® into a service management environment
4. Use business goals and objectives to engineer information security requirements. Define Security Services
5. Create a business attributes taxonomy. Describe the placement of security services within IT Infrastructure
6. Apply key architectural defence-in-depth concepts. Create a SABSA® Trust Model
7. Explain security engineering principles, methods and techniques. Describe and model security associations intra-domain and inter-domain
8. Use an architected approach to design an integrated compliance framework. Explain temporal factors in security and sequence security services
9. Describe and design appropriate policy architecture. Determine an appropriate start-up approach for SABSA® Architecture
10. Define security architecture value proposition, measures and metrics. Apply SABSA® Foundation level competencies to the benefit of your organisation

The training is conducted by experienced professionals that hold the SABSA Chartered Security Architect – Master Certificate (SCM) with over 25 years of experience in field.

Related Posts

Previous Next
Test Caption
Test Description goes like this