SABSA® Foundation (F1 & F2)
The SABSA® Foundation Modules (F1 & F2) are the SABSA® Institute’s official starting point for developing Security Architecture Competencies. They are designed to create a broad-spectrum of knowledge and understanding of the SABSA® method, its frameworks, concepts, models & techniques. Theories and concepts are put to the test in ‘proof-of-concept’ style, case study exercises, and workshops so that candidates can understand how SABSA® is best applied to meet the challenges of the real world.
The following is a summary of the features and advantages of SABSA ®
| FEATURE | ADVANTAGE |
| Business-Driven | Value-assured |
| Risk-Focused | Prioritised & proportional responses |
| Comprehensive | Scalable scope |
| Modular | Agility – ease of implementation & management |
| Open Source (protected) | Free use, open source, global standard |
| Auditable | Demonstrates compliance |
| Transparent | Two-way traceability |
Key topics covered in the training include:
- Principles of Security Architecture
- Policy Architecture Framework
- Risk & Opportunity Modelling
- Security Domain Concepts
- SABSA Governance Framework
- Entity & Trust Modelling
- Information Security & Data Security Architectures
- And other related topics
Course Outline
1. Module F1 – Security Strategy & Planning
| 1. | Principles & Objectives of Security Architecture | a. Enterprise Security Architecture
b. Guiding Principles c. The Engineer’s Complex System & Holistic Approach d. Features, Advantages & Benefits |
| 2. | The SABSA® Framework | a. The SABSA® Matrix
b. The SABSA® Service Management Matrix c. Traceability Concepts |
| 3. | Business Requirements Engineering & Attributes Profiling | a. Business Target Abstraction Technique
b. Attributes |
| 4. | Risk & Opportunity Modelling | a. Risk Management in Business & Architecture
b. Assessing Risk Using Attributes c. The SABSA® Opportunity Model d. Removing Subjectivity & Creating Re-usable Structure |
| 5. | Policy Architecture Framework | a. The SABSA® Policy Framework
b. SABSA® Domains & Policy c. Creating the Policy Model |
| 6. | Systems Engineering & Integrated Compliance | a. Systems Engineering Principles in SABSA®
b. SABSA®’s Integrated Compliance Framework |
| 7. | Capability-based Defence-in-Depth | a. Control Strategy
b. The SABSA® Multi-tiered Control Strategy |
| 8. | SABSA® Governance Framework | a. SABSA® Governance Model
b. SABSA® Roles & Responsibilities Framework |
| 9. | Security Domain Concepts | a. Domain Types
b. Domain Models c. Registration & Certification d. Systemic Risk Interactions Between Domains |
| 10. | Security Time & Performance Concepts | a. SABSA® Lifecycle
b. Through-life Risk Management Framework c. Process Improvement Framework d. Performance Management Framework e. Architectural Vitality Framework |
2. Module F2 – Security Services & Service Management
| 1. | Information Security & Data Security Architectures
|
a. The Design Phase – Logical, Physical & Component Layers
b. Service Management Overlay for the Design Phase Layers c. Principles of Integration & Alignment d. Start-up Approaches |
| 2. | Risk Treatment Architecture | a. Risk Treatment & Policy Management Architecture
b. The SABSA® Assurance Model |
| 3. | Transformation & Service Architecture | a. Top-down Process Analysis in SABSA®
b. Securing Information Transformations & Information Flows c. Security Services Definition & Modelling Processes d. Security Service Management Value Proposition |
| 4. | Entity & Trust Modelling | a. Trust & Trust Models
b. Decomposing Complex Trust in Solutions Specification |
| 5. | Security Associations Modelling | a. Security Associations Modelling
b. Inter-Domain Complexities c. The Extended Domain Concept |
| 6. | Security Service Sequencing & Performance Management | a. Temporal Considerations for Security Architecture
b. Security Service Sequencing |
Competency Development Outcomes
| Module F1 – Security Strategy & Planning | Module F2 – Security Service Management & Design | |
| 1. | Define enterprise security architecture, its role, objectives and benefits. | Use SABSA® to create a holistic framework to align and integrate standards |
| 2. | Describe the SABSA® model, architecture matrix, service management matrix and terminology. | Describe roles, responsibilities, decision-making and organisational structure |
| 3. | Describe SABSA® principles, framework, approach and lifecycle. | Explain the integration of SABSA® into a service management environment |
| 4. | Use business goals and objectives to engineer information security requirements. | Define Security Services |
| 5. | Create a business attributes taxonomy. | Describe the placement of security services within IT Infrastructure |
| 6. | Apply key architectural defence-in-depth concepts. | Create a SABSA® Trust Model |
| 7. | Explain security engineering principles, methods and techniques. | Describe and model security associations intra-domain and inter-domain |
| 8. | Use an architected approach to design an integrated compliance framework. | Explain temporal factors in security and sequence security services |
| 9. | Describe and design appropriate policy architecture. | Determine an appropriate start-up approach for SABSA® Architecture |
| 10. | Define security architecture value proposition, measures and metrics. | Apply SABSA® Foundation level competencies to the benefit of your organisation |
The training is conducted by experienced professionals that hold the SABSA Chartered Security Architect – Master Certificate (SCM) with over 25 years of experience in field.
