IT123: SABSA Foundation Training

Transcription

1 IT123: SABSA Foundation Training IT123 Rev.002 CMCT COURSE OUTLINE Page 1 of 8

2 Training Description: SABSA is the world s leading open security architecture framework and methodology. SABSA is a top-tobottom framework and methodology to conceive, conceptualise, design, implement and manage security in a business-driven model. The term business-driven is the key to SABSA s power, and its acceptance. SABSA is all about empowering the organisation to do business as it needs and wants to do, while ensuring that it is secured and fully enabled. SABSA is an open and inclusive standard that readily integrates with other frameworks and tools such as ITIL, 17799/27000 series, COBIT and the like. It can be used as a compliance and governance framework for complex sets of standards. SABSA is used commonly as the security parallel and tool set for organisations using the world s leading IT Architecture Framework. Training Objectives: This 5-day Foundation Certificate program has been designed to provide participants with a thorough coverage of the knowledge required for the SABSA Foundation Level Certificate. It is structured in two modules: Module 01: Security Strategy & Planning Module 02: Security Service Management Security Strategy and Planning This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation. By the end of the training, participants will be able to: Define enterprise security architecture, its role, objectives and benefits Describe the SABSA model, architecture matrix, service management matrix and terminology Describe SABSA principles, framework, approach and lifecycle Use business goals and objectives to engineer information security requirements Create a business attributes taxonomy Apply key architectural defence-in-depth concepts Explain security engineering principles, methods and techniques Use an architected approach to design an integrated compliance framework Describe and design appropriate policy architecture Define security architecture value proposition, measures and metrics IT123 Rev.002 CMCT COURSE OUTLINE Page 2 of 8

3 Security Service Management and Design This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices. By the end of the training, participants will be able to: Use SABSA to create a holistic framework to align and integrate standards Describe roles, responsibilities, decision-making and organisational structure Explain the integration of SABSA into a service management environment Define Security Services Describe the placement of security services within ICT Infrastructure Create a SABSA Trust Model Describe and model security associations intra-domain and inter-domain Explain temporal factors in security and sequence security services Determine an appropriate start-up approach for SABSA Architecture Apply SABSA Foundation level competencies to your own environment Training Designed for: This course is intended for CIO / CISO / CRO / CIRO, IT Strategists and Planners, IT Architects, IT Development Managers and Project Leaders, Software Managers and Architects, Computer / Information Security Managers, Advisors, Consultants & Practitioners, IT Line Managers, IT Service Delivery Managers, Risk Managers, Internal and External Auditors. Prerequisites: The SABSA Foundation Level certification neither requires nor assumes any experience in any branch of security. Training Program: DAY ONE: PRE-TEST MODULE 01: SECURITY STRATEGY & PLANNING This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation: IT123 Rev.002 CMCT COURSE OUTLINE Page 3 of 8

4 The SABSA Framework Information Security Strategy, Benefits and Objectives Security: A Cultural Legacy as a Business Constraint Technical Legacy of Tactical Point Solutions Security Strategy, Tactics and Operations Critical Success Factors for Business, IT and Security Measuring and Prioritising Business Risk Enabling Business and Empowering Customers Adding Value to the Core Product Protecting Relationships and Leveraging Trust Introduction to SABSA Best Practice Information Security and its Role in the Modern Enterprise Enterprise Security Architecture: Definition and Principles The History of SABSA Development Introduction to the SABSA Model The Business View of Security: Contextual Architecture The Architect s View of Security: Conceptual Architecture The Designer s View of Security: Logical Architecture The Builder s View of Security: Physical Architecture The Tradesman s View of Security: Component Architecture The Service Manager s View of Security: Operational Architecture Traceability from Business Requirements to Deployed Solutions The SABSA Matrix and Service Management Matrix Information Security Strategy Business Requirements & How to Define Them Business Goals, Success Factors and Operational Risks Business Processes and the Need for Security Location Dependence of Enterprise Security Needs Organisation and Relationships Affecting Enterprise Security Time Dependency of Enterprise Security Collecting Enterprise Requirements for Security Creating a Business Attributes Profile Defining Control Objectives Strategic Concepts & How to Apply Them Managing Complexity Systems Engineering for Security Architectural Layering End-to-End Security Defence-in-Depth Models Security Domains Security Associations Trust Modelling Organisation & Workflow IT123 Rev.002 CMCT COURSE OUTLINE Page 4 of 8

5 Infrastructure Strategy Management Strategy DAY TWO: SABSA PRACTITIONER GUIDE The Strategy Programme & Architecture Delivery The SABSA Development Process The SABSA Lifecycle Strategy and Concept Phase Processes and Sub-processes Design Phase Processes and Sub-processes Implement Phase Processes and Sub-processes Manage and Measure Phase Processes and Sub-processes Top-down Decomposition of the SABSA Model Scope, Deliverables and Project Sequencing Managing the Strategic Programme Introduction to Return on Investment & Return of Value Defining the Benefits and Value Propositions Selling the Benefits Getting Sponsorship and Budget Building the Team Team Competency Assessment & Development Programme Planning and Management Fast Track Start-up Programmes Collecting the Information You Need Gaining Consensus on the Conceptual Architecture Strategic Architecture Governance, Compliance and Maintenance Identifying Quick Wins and Gaining Long Term Confidence MODULE 02: SECURITY SERVICE MANAGEMENT This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices: The SABSA Security Management Framework The SABSA Security Management Framework SABSA in the I.T. Lifecycle Using SABSA To Integrate Other Methods, Models & Standards SABSA and the ITIL Framework SABSA and CobIT SABSA and Project Management Standards SABSA and ISO Security Standards SABSA and IT Architecture IT123 Rev.002 CMCT COURSE OUTLINE Page 5 of 8

6 DAY THREE: The SABSA Security Policy and Risk Management Framework Security Policy Management Policy Principles Policy Content, Hierarchy & Architecture Security Policy Making Information & Systems Classification Third Party & Outsourcing Strategy & Policy Management Operational Risk Management The Meaning of Risk Risk Philosophy & Methodology Corporate Governance & Enterprise Risk Management Risk Measurement and Risk Assessment Risk Mitigation Risk Appetite Risk Management Tools Measuring Success of Risk Management The SABSA Integrated Assurance Management Framework Security Organisation & Responsibilities Security Governance Security Culture Development, Training & Awareness Ownership & Custody Service Provider & Customer Roles in Security Management Enterprise Audit & Review Framework Assurance of Operational Continuity Business Continuity Planning Contingency Planning Crisis Management Business Recovery Planning DAY FOUR: Systems Assurance Technical Assurance of Security Correctness & Completeness Managing the Assurance Process for Systems & Software Development Assuring Integrity and Acceptable Use of Systems & Software Principles of Multi-phased Testing Security Services Design Security Services Architecture Information as the Logical Representation of Business Logical Entities & Their Relationships Using Trust Models to Define Security Services Security Domains, Domain Definitions & Associations Security Processing Cycle IT123 Rev.002 CMCT COURSE OUTLINE Page 6 of 8

7 Security Infrastructure Services Security Rules, Practices & Procedures Security Mechanisms User Security Platform & Network Security Infrastructure for Service Delivery Technical Standards & Components Security Services Delivery & Support Operational Security Services Incident Management Incident Response Problem Management Change Management Continuity, Crisis & Recovery Management DAY FIVE: Security Administration & Management Security Service Management Security Mechanism Management Security Component Management System Management & Administration User Management & Administration Security Audit Management Security Operations Product Evaluation & Selection Security Services Performance Measurement Return on Investment & Return of Value Return on Investment Net Present Value Internal Rate of Return Defining Value Metrics Business Attributes & Return of Value Security Measures & Metrics Why Do We Need Measures & Metrics Measurement Approaches Defining Metrics Benchmarking Security Remedial Project Planning Maturity Models Applied to Security Course Conclusion POST-TEST and EVALUATION IT123 Rev.002 CMCT COURSE OUTLINE Page 7 of 8

8 Training Requirements: Hands-on practical sessions, equipment and software will be applied during the course if required and as per the client s request. Training Methodology: This interactive training course includes the following training methodologies as a percentage of the total tuition hours: 30% Lectures, Concepts, Role Play 30% Workshops & Work Presentations, Techniques 20% Based on Case Studies & Practical Exercises 20% Videos, Software & General Discussions Pre and Post Test Training Certificate(s): Internationally recognized certificate(s) will be issued to each participant who completed the course. Training Fees: As per the course location - This rate includes participant s manual, hand-outs, buffet lunch, coffee/tea on arrival, morning & afternoon of each day. Note: The 5% VAT (Value Added Tax), will be effective starting 01 st of January 2018 as per the new regulation from the UAE Government. The VAT applies for all quotation both for local and abroad. Training Timings: Daily Timings: 07:45-08:00 Morning Coffee / Tea 08:00-10:00 First Session 10:00-10:20 Recess (Coffee/Tea/Snacks) 10:20-12:20 Second Session 12:20-13:30 Recess (Prayer Break & Lunch) 13:30-15:00 Last Session For training registrations or in-house enquiries, please contact: Aisha Relativo: aisha@cmc-me.com Tel.: or Mob.: Training & Career Development Department IT123 Rev.002 CMCT COURSE OUTLINE Page 8 of 8