SABSA Foundation Modules

The SABSA Foundation Modules (F1 & F2) are the SABSA Institute’s official starting point for developing Security Architecture Competencies. They are designed to create a broad-spectrum of knowledge and understanding of the SABSA method, its frameworks, concepts, models & techniques. Theories and concepts are put to the test in ‘proof-of-concept’ style case study exercises and workshops so that candidates can understand how SABSA is best applied to meet the challenges of the real world.

SABSA Competency Framework

SABSA Comptency Framework

Pre-Requisites to Participating in Foundation Course Modules

There are no pre-requisites to participation in a SABSA Foundation course.

Top 20 Competency Development Outcomes

  • 1
    Define enterprise security architecture, its role, objectives and benefits
  • 2
    Describe the SABSA model, architecture matrix, service management matrix and terminology
  • 3
    Describe SABSA principles, framework, approach and lifecycle
  • 4
    Use business goals and objectives to engineer information security requirements
  • 5
    Create a business attributes taxonomy
  • 6
    Apply key architectural defence-in-depth concepts
  • 7
    Explain security engineering principles, methods and techniques
  • 8
    Use an architected approach to design an integrated compliance framework
  • 9
    Describe and design appropriate policy architecture
  • 10
    Define security architecture value proposition
  • 11
    Use SABSA to create an holistic framework to align and integrate standards
  • 12
    Describe roles, responsibilities, decision-making and organisational structure
  • 13
    Explain the integration of SABSA into a service management environment
  • 14
    Define Security Services
  • 15
    Describe the placement of security services within ICT Infrastructure
  • 16
    Create a SABSA Trust Model
  • 17
    Describe and model security associations intra-domain and inter-domain
  • 18
    Explain temporal factors in security and sequence security services
  • 19
    Determine an appropriate start-up approach for SABSA Architecture
  • 20
    Apply SABSA Foundation level competencies to the benefit of your organisation

Who Should Attend

  • 1
    Security Architects
  • 2
    Security Professionals
  • 3
    Systems Developers
  • 4
    Security Operations Professionals
  • 5
    Risk Management Professionals
  • 6
    Audit, Compliance & Governance Professionals
  • 7
    Business Managers & Strategists
  • 8
    Service Management Professionals

SABSA Institute Foundation Examination Format

Foundation level examinations consist of 2 modules of 48 multiple choice questions equally distributed through 6 knowledge domains (the columns of the SABSA matrix). For more information refer to our certifications section

Course Outline – Module F1 Sections – Security Strategy & Planning

Principles & Objectives of Security Architecture

The SABSA Framework

Business Requirements Engineering & Attributes Profiling

Risk & Opportunity Modelling

Policy Architecture Framework

  • Enterprise Security Architecture
  • Guiding Principles
  • The Engineer’s Complex System & Holistic Approach
  • SABSA Features, Advantages & Benefits
  • The SABSA Framework
  • The SABSA Matrix
  • The SABSA Service Management Matrix
  • Traceability Concepts
  • Business Target Abstraction Technique
  • Attributes
  • Risk Management in Business & Architecture
  • Assessing Risk Using Attributes
  • The SABSA Opportunity Model
  • Removing Subjectivity & Creating Re-usable Structure
  • The SABSA Policy Framework
  • SABSA Domains & Policy
  • Creating The Policy Model

Systems Engineering & Integrated Compliance

Capability-based Defence-in-Depth

SABSA Governance Framework

Security Domain Concepts

Security Time & Performance Concepts

  • Systems Engineering Principles in SABSA
  • SABSA’s Integrated Compliance Framework
  • Control Strategy
  • The SABSA Multi-tiered Control Strategy
  • SABSA Governance Model
  • SABSA Roles & Responsibilities Framework
  • Domain Types
  • Domain Models
  • Registration & Certification
  • Systemic Risk Interactions Between Domains
  • SABSA Lifecycle
  • Through-life Risk Management Framework
  • Process Improvement Framework
  • Performance Management Framework
  • Architectural Vitality Framework

Course Outline – Module F2 Sections – Security Services & Service Management

Information Security & Data Security Architectures

Risk Treatment Architecture

Transformation & Service Architecture

  • The Design Phase – Logical, Physical & Component Layers
  • Service Management Overlay for the Design Phase Layers
  • Principles of Integration & Alignment
    Start-up Approaches
  • Risk Treatment & Policy Management Architecture
  • The SABSA Assurance Model
  • Top-down Process Analysis in SABSA
  • Securing Information Transformations & Information Flows
  • Security Services Definition & Modelling Processes
  • Security Service Management Value Proposition

Entity & Trust Modelling

Security Associations Modelling

Security Service Sequencing & Performance Management

  • Trust & Trust Models
  • Decomposing Complex Trust in Solutions Specification
  • Security Associations Modelling
  • Inter-Domain Complexities
  • The Extended Domain Concept
  • Temporal Considerations for Security Architecture
  • Security Service Sequencing

Register for a SABSA Foundation Course.