QuickLinks

Course Details

SABSA Foundation
Practitioner: Risk Assurance
Practitioner: Architecture and Design

Downloads

Get the security architecture career roadmap, the security certification FAQ, and the business security white paper Enterprise Security Architecture.

Document Download

Enterprise Security Architecture

SABSA Certification and Training

SABSA (Sherwood Applied Business Security Architecture) is the internationally-acclaimed "best practice" framework for delivering cohesive information security solutions to business and government. It is to security management what ITIL is to service management or PRINCE2 is to project management.


It structures business information security in a six-layer model covering all four parts of the IT lifecycle: Strategy, Design, Implementation and Management & Operations. It ensures the corporate security needs of the enterprise are met completely and that security services are designed, delivered, and supported as an integral part of the IT Management infrastructure.


SABSA Accredited Partner


ALC is an Accredited Education Provider for Asia-Pacific.



Security Best Practices

White Paper Download


Executive White Paper - Enterprise Security Architecture:

 

Enterprise Security Architecture Whie Paper Download 


This impressive executive briefing discusses the origins of Architecture, how to manage complexity, what Enterprise Security Architecture really is, and why Architecture often fails to deliver. It goes on to talk about becoming a successful Security Architect, and discusses how the layered model and business-driven approach really works. It also features the Enterprise Risk Management model, information security framework, planning, guidelines, implementation and operations.


SABSA Training

ALC offers a 5-day Foundation Certificate training program that is structured into two courses culminating in your initial security architecture certification. This two-part seminar provides participants with a comprehensive understanding of the framework - what it is, how it works, what it delivers - and demonstrates how to use the most proven security architecture design and management processes available.


The combined five-day program is for anyone who can benefit from the most comprehensive and thorough information security training program available in this area.


  • IT / MIS Directors and Managers
  • CIO / CSO
  • IT Strategists and Planners
  • CFO / Company Secretaries
  • Computer Security Managers, Advisors, Consultants & Practitioners
  • IT Line Managers
  • Service Delivery Managers
  • Risk Managers
  • Internal and External Auditors

Foundation Module F1 - Information Security Strategy and Planning

This 2-day course provides participants with a comprehensive guide to the SABSA framework. Through a series of presentations, case studies and workshops, this course uses knowledge of that framework to describe business requirements in-depth, define best practice architecture concepts and develop strategies to align security with your organisational goals.


Foundation Module F2 - Security Service Management

This 3-day course leverages the strategy described in Course One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Focussing on the Design, Implementation and Management & Operations elements of the IT lifecycle, participants will define how the IT and Security departments actually make the security strategy happen. The two courses are offered at separate times and either course may be taken on its own independent of the other. However, for those primarily interested in the topics within Course 2 it is recommended that it be taken in conjunction with Course 1 wherever possible.


For further information please email learn@alc-group.com

The Business Information Security Solution

A key function of any architecture is to provide a framework within which the technical and operational complexity of business security architecture, compliance, information security standards, risk management and IT security management can be managed successfully. This is the very essence of SABSA.


The framework has evolved since 1995 as a holistic business-driven approach for delivering cohesive security solutions to business and government. The six-layer model covers all four parts of the IT lifecycle: Strategy, Design, Implementation and Management & Operations. It ensures the security needs of your enterprise are met completely and that security services are designed, delivered, and supported as an integral part of your IT Management infrastructure.

 

 

Module F1: Information Security Strategy and Planning

Learning Outcomes


The top ten competencies developed on this course are:

 

  1. Define information security and architecture and their role in the modern enterprise
  2. Explain security engineering principles, methods and techniques
  3. Describe the SABSA model, architecture matrix, service management matrix, and terminology
  4. Describe principles, framework, approach and lifecycle
  5. Use business goals and objectives to model information security requirements
  6. Describe methodologies for business case development and enterprise value propositions
  7. Apply key concepts and principles to the design of information security strategy
  8. Define architecture governance, compliance and maintenance processes
  9. Create a business attributes taxonomy
  10. Describe security domain models and explain conceptual business trust models

You will Leave With

 

  • A comprehensive knowledge of the best practice Security Architecture Framework
  • A detailed plan for defining and validating business requirements for information security
  • A strategy for creating enterprise architecture customised to your own organisation needs
  • Sample information collection and planning documents
  • A plan to gain support for your security programme including a method to engineer and model value propositions and benefits for security
  • An approach to managing your security architecture programme

Module F2: Information Security Service Management

Learning Outcomes

 

The top ten competencies developed on this course are:

 

  1. Use the SABSA method to create an holistic framework for implementing and managing standards relevant to your organisation
  2. Describe an effective organisational structure, roles and responsibilities for information security
  3. Explain how to create and maintain plans to implement governance, assurance and compliance frameworks
  4. Describe appropriate policy architecture content
  5. Discuss the organisational structures required for effective information security reporting and communications
  6. Explain the framework for effective operational risk management
  7. Explain how to develop information security awareness culture
  8. Explain the range of approaches and techniques to manage information security processes
  9. Discuss information security related aspects of third party relationships
  10. Explain how to achieve operational business continuity 

You Will Leave With

 

  • A comprehensive knowledge of the Service Management and Operations Framework
  • Hands-on experience in using the service design process
  • Ability to demonstrate the practical SABSA method for consolidating other service management and security frameworks and standards into a holistic security management plan
  • An outline security services architecture
  • A plan for ensuring information security is fully incorporated into your IT Service Management processes
  • Models for risk management, assurance, compliance and operational security services
  • Techniques for creating organisation specific security measurement, metrics and performance management methods