SABSA® Foundation (F1 & F2)
The SABSA® Foundation Modules (F1 & F2) are the SABSA® Institute’s official starting point for developing Security Architecture Competencies. They are designed to create a broad-spectrum of knowledge and understanding of the SABSA® method, its frameworks, concepts, models & techniques. Theories and concepts are put to the test in ‘proof-of-concept’ style, case study exercises, and workshops so that candidates can understand how SABSA® is best applied to meet the challenges of the real world.
The following is a summary of the features and advantages of SABSA ®
FEATURE | ADVANTAGE |
Business-Driven | Value-assured |
Risk-Focused | Prioritised & proportional responses |
Comprehensive | Scalable scope |
Modular | Agility – ease of implementation & management |
Open Source (protected) | Free use, open source, global standard |
Auditable | Demonstrates compliance |
Transparent | Two-way traceability |
Key topics covered in the training include:
- Principles of Security Architecture
- Policy Architecture Framework
- Risk & Opportunity Modelling
- Security Domain Concepts
- SABSA Governance Framework
- Entity & Trust Modelling
- Information Security & Data Security Architectures
- And other related topics
Course Outline
1. Module F1 – Security Strategy & Planning
1. | Principles & Objectives of Security Architecture | a. Enterprise Security Architecture
b. Guiding Principles c. The Engineer’s Complex System & Holistic Approach d. Features, Advantages & Benefits |
2. | The SABSA® Framework | a. The SABSA® Matrix
b. The SABSA® Service Management Matrix c. Traceability Concepts |
3. | Business Requirements Engineering & Attributes Profiling | a. Business Target Abstraction Technique
b. Attributes |
4. | Risk & Opportunity Modelling | a. Risk Management in Business & Architecture
b. Assessing Risk Using Attributes c. The SABSA® Opportunity Model d. Removing Subjectivity & Creating Re-usable Structure |
5. | Policy Architecture Framework | a. The SABSA® Policy Framework
b. SABSA® Domains & Policy c. Creating the Policy Model |
6. | Systems Engineering & Integrated Compliance | a. Systems Engineering Principles in SABSA®
b. SABSA®’s Integrated Compliance Framework |
7. | Capability-based Defence-in-Depth | a. Control Strategy
b. The SABSA® Multi-tiered Control Strategy |
8. | SABSA® Governance Framework | a. SABSA® Governance Model
b. SABSA® Roles & Responsibilities Framework |
9. | Security Domain Concepts | a. Domain Types
b. Domain Models c. Registration & Certification d. Systemic Risk Interactions Between Domains |
10. | Security Time & Performance Concepts | a. SABSA® Lifecycle
b. Through-life Risk Management Framework c. Process Improvement Framework d. Performance Management Framework e. Architectural Vitality Framework |
2. Module F2 – Security Services & Service Management
1. | Information Security & Data Security Architectures
|
a. The Design Phase – Logical, Physical & Component Layers
b. Service Management Overlay for the Design Phase Layers c. Principles of Integration & Alignment d. Start-up Approaches |
2. | Risk Treatment Architecture | a. Risk Treatment & Policy Management Architecture
b. The SABSA® Assurance Model |
3. | Transformation & Service Architecture | a. Top-down Process Analysis in SABSA®
b. Securing Information Transformations & Information Flows c. Security Services Definition & Modelling Processes d. Security Service Management Value Proposition |
4. | Entity & Trust Modelling | a. Trust & Trust Models
b. Decomposing Complex Trust in Solutions Specification |
5. | Security Associations Modelling | a. Security Associations Modelling
b. Inter-Domain Complexities c. The Extended Domain Concept |
6. | Security Service Sequencing & Performance Management | a. Temporal Considerations for Security Architecture
b. Security Service Sequencing |
Competency Development Outcomes
Module F1 – Security Strategy & Planning | Module F2 – Security Service Management & Design | |
1. | Define enterprise security architecture, its role, objectives and benefits. | Use SABSA® to create a holistic framework to align and integrate standards |
2. | Describe the SABSA® model, architecture matrix, service management matrix and terminology. | Describe roles, responsibilities, decision-making and organisational structure |
3. | Describe SABSA® principles, framework, approach and lifecycle. | Explain the integration of SABSA® into a service management environment |
4. | Use business goals and objectives to engineer information security requirements. | Define Security Services |
5. | Create a business attributes taxonomy. | Describe the placement of security services within IT Infrastructure |
6. | Apply key architectural defence-in-depth concepts. | Create a SABSA® Trust Model |
7. | Explain security engineering principles, methods and techniques. | Describe and model security associations intra-domain and inter-domain |
8. | Use an architected approach to design an integrated compliance framework. | Explain temporal factors in security and sequence security services |
9. | Describe and design appropriate policy architecture. | Determine an appropriate start-up approach for SABSA® Architecture |
10. | Define security architecture value proposition, measures and metrics. | Apply SABSA® Foundation level competencies to the benefit of your organisation |
The training is conducted by experienced professionals that hold the SABSA Chartered Security Architect – Master Certificate (SCM) with over 25 years of experience in field.