SABSA Practitioner: Risk Assurance

Module PM1: SABSA Assurance Management - Course Content

1. The meaning of assurance

• Assurance principles and concepts
• Information assurance in the SABSA world
• The Inspector’s View – SABSA Matrix alignment
• The SABSA Assurance Framework
• Traceability in the SABSA MatrixInformation assurance in the SABSA world

2. SABSA Asset Assurance

• Business level asset assurance
• Assuring business continuity as an asset
• Assuring information and systems assets
• Assuring data and software assets
• Assuring technical products and tools

3. SABSA Risk Management Assurance

• Assuring business risk management
• SABSA audit strategy
• SABSA assurance levels, measurement and benchmarking
• Compliance monitoring and reporting
• Verification, validation and testing
• Assuring threat and vulnerability awareness, and patch management
  

4. SABSA Process Assurance

• SABSA Maturity profile (SMP)
• Assurance through change management, incident management and disaster recovery
• Assurance through process mapping, engineering and improvement
• Assurance through control steps in processes and event monitoring
• Assurance through system development controls and configuration management
• Assuring project management and procurement
• Assuring operations management and administration, including forensic readiness
  

5. SABSA People Assurance

• Assuring organisation structure and governance
• Assuring cultural development, training, education and awarenes
• Assuring identify and access management
• Assuring user support and help desk
• Assuring personnel management and user administration
  

6. SABSA Location and Timeliness Assurance

• Applying domain analysis as an assurance tool
• Assuring the security of the operating environment
• Assuring application security and network security
• Assuring the timeliness of actions and events