SABSA - Chartered Security Architect Foundation Certificate | SCF

Undervisningsplan

Modul F1: Security Strategy & Planning

SABSA FRAMEWORK

1. Information Security Strategy, Benefits and Objectives

• Security: A Cultural Legacy as a Business Constraint
• Technical Legacy of Tactical Point Solutions
• Security Strategy, Tactics and Operations
• Critical Success Factors for Business, IT and Security
• Measuring and Prioritising Business Risk
• Enabling Business and Empowering Customers
• Adding Value to the Core Product
• Protecting Relationships and Leveraging Trust

2. Introduction to SABSA Best Practice

• Information Security and its Role in the Modern Enterprise
• Enterprise Security Architecture: Definition and Principles
• The History of SABSA Development
• Introduction to the SABSA Model
• The Business View of Security: Contextual Architecture
• The Architect’s View of Security: Conceptual Architecture
• The Designer’s View of Security: Logical Architecture
• The Builder’s View of Security: Physical Architecture
• The Tradesman’s View of Security: Component Architecture
• The Service Manager’s View of Security: Operational Architecture
• Traceability from Business Requirements to Deployed Solutions
• The SABSA Matrix and Service Management Matrix

INFORMATION SECURITY STRATEGY

3. Business Requirements & How To Define Them

• Business Goals, Success Factors and Operational Risks
• Business Processes and the Need for Security
• Location Dependence of Enterprise Security Needs
• Organisation and Relationships Affecting Enterprise Security
• Time Dependency of Enterprise Security
• Collecting Enterprise Requirements for Security
• Creating a Business Attributes Profile
• Defining Control Objectives

4. Strategic Concepts & How To Apply Them

• Managing Complexity
• Systems Engineering for Security
• Architectural Layering
• End-to-End Security
• Defence-in-Depth Models
• Security Domains
• Security Associations
• Trust Modelling
• Organisation & Workflow
• Infrastructure Strategy
• Management Strategy

SABSA PRACTITIONER GUIDE

5. The Strategy Programme & Architecture Delivery

• The SABSA Development Process
• The SABSA Lifecycle
• Strategy and Concept Phase Processes and Sub-processes
• Design Phase Processes and Sub-processes
• Implement Phase Processes and Sub-processes
• Manage and Measure Phase Processes and Sub-processes
• Top-down Decomposition of the SABSA Model
• Scope, Deliverables and Project Sequencing

6. Managing The Strategic Programme

• Introduction to Return on Investment & Return of Value
• Defining the Benefits and Value Propositions
• Selling the Benefits
• Getting Sponsorship and Budget
• Building the Team
• Team Competency Assessment & Development
• Programme Planning and Management
• ‘Fast Track’ Start-up Programmes
• Collecting the Information You Need
• Gaining Consensus on the Conceptual Architecture
• Strategic Architecture Governance, Compliance and Maintenance
• Identifying Quick Wins and Gaining Long Term Confidence

Modul F2: Security Service Management

THE SABSA SECURITY MANAGEMENT FRAMEWORK

1. The SABSA Security Management Framework

• SABSA in the I.T. Lifecycle
• Using SABSA To Integrate Other Methods, Models & Standards
• SABSA and the ITIL Framework
• SABSA and COBIT
• SABSA and Project Management Standards
• SABSA and ISO Security Standards
• SABSA and IT Architecture

THE SABSA SECURITY POLICY AND RISK MANAGEMENT FRAMEWORK

2. Security Policy Management

• Policy Principles
• Policy Content, Hierarchy & Architecture
• Security Policy Making
• Information & Systems Classification
• Third Party & Outsourcing Strategy & Policy Management

3. Operational Risk Management

• The Meaning of Risk
• Risk Philosophy & Methodology
• Corporate Governance & Enterprise Risk Management
• Risk Measurement and Risk Assessment
• Risk Mitigation
• Risk Appetite
• Risk Management Tools
• Measuring Success of Risk Management

THE SABSA INTEGRATED ASSURANCE MANAGEMENT FRAMEWORK

4. Security Organisation & Responsibilities

• Security Governance
• Security Culture Development, Training & Awareness
• Ownership & Custody
• Service Provider & Customer Roles in Security Management
• Enterprise Audit & Review Framework

5. Assurance of Operational Continuity

• Business Continuity Planning
• Contingency Planning
• Crisis Management
• Business Recovery Planning

6. Systems Assurance

• Technical Assurance of Security Correctness & Completeness
• Managing the Assurance Process for Systems & Software Development
• Assuring Integrity and Acceptable Use of Systems & Software
• Principles of Multi-phased Testing

SECURITY SERVICES DESIGN

7. Security Services Architecture

• Information as the Logical Representation of Business
• Logical Entities & Their Relationships
• Using Trust Models to Define Security Services
• Security Domains, Domain Definitions & Associations
• Security Processing Cycle

8. Security Infrastructure Services

• Security Rules, Practices & Procedures
• Security Mechanisms
• User Security
• Platform & Network Security
• Infrastructure for Service Delivery
• Technical Standards & Components

SECURITY SERVICES DELIVERY & SUPPORT

9. Operational Security Services

• Incident Management
• Incident Response
• Problem Management
• Change Management
• Continuity, Crisis & Recovery Management

10. Security Administration & Management

• Security Service Management
• Security Mechanism Management
• Security Component Management
• System Management & Administration
• User Management & Administration
• Security Audit Management
• Security Operations
• Product Evaluation & Selection

SECURITY SERVICES PERFORMANCE MEASUREMENT

11. Return on Investment & Return of Value

• Return on Investment
• Net Present Value
• Internal Rate of Return
• Defining Value Metrics
• Business Attributes & Return of Value

12. Security Measures & Metrics

• Why Do We Need Measures & Metrics
• Measurement Approaches
• Defining Metrics
• Benchmarking Security
• Remedial Project Planning
• Maturity Models Applied to Security