SABSA - Security Architecture Certification & Online Presentations

SABSA is a structured, systemic approach to solving complex problems in strategy, planning, design and operation of security services. SABSA is the most active from a global community perspective, and considered a world leading enterprise security architecture framework. SABSA provides a proven method for developing architectures at both enterprise and solution architecture level including service architectures. SABSA has a series of integrated frameworks, models, methods and processes used independently or as a holistic integrated technique and can be calibrated and scaled to any problem at any level.

Although copyright protected to prevent misuse and protect the SABSA Intellectual Property for the community, SABSA is an open-standard free to use by all.

The applications of SABSA include are many and include:

• Enterprise Security Architecture
• Risk & Opportunity Management
• Assurance
• Governance, Compliance & Audit
• Policy Architecture
• Security Service Management
• Alignment with, and integration of security into other frameworks and approaches
• Strategic planning & Transformation
• Enterprise Architecture
• Solution Architecture
• Business Requirements Engineering
• Solutions Traceability
• Resilience
• Trusted Product Engineering
• Safety-critical systems
• Mission-critical systems
• Quality

SABSA Certification

The SABSA Institute (https://www.sabsa.org) is the certification body for SABSA certifications. Certifications are at three levels:

1. SABSA Chartered Foundation (SCF)
2. SABSA Chartered Practitioner (SCP)
3. SABSA Chartered Master (SCM)

The SABSA Certification framework is a comprehensive, competencies-based testing programme that provides employers and peers with assurance and confidence that employees, job candidates, service providers and contractors have the professional capability to meet the needs of your organisation to design, deliver and manage enterprise security architectures. It tests professional proficiency in all aspects of enterprise security as delivered by the SABSA method.

The framework is based upon world-leading educational best practices and consists of:

• A comprehensive Body of Knowledge;
• A detailed multi-layer Competency Development Framework constructed using the leading skills development framework Bloom’s Taxonomy of Cognitive Levels;
• Career Roadmaps that recognise the range of specialisms increasingly required as a career develops, and define clear paths of career progression;
• Three certification levels that indicate stages of proficiency from knowledge and understanding of the subject up to demonstration of the advanced competencies required of a master of the profession.

The competencies framework and its associated training programme go much further than knowledge-based certification efforts and are designed to develop and enhance professional capabilities in a measurable way whilst focusing on the specialist areas of the candidate’s chosen career path.

For more information visit https://sabsa.org/certification/

SABSA Online Presentations

In recent discussions with some of the 1500+ SABSA Chartered Foundation (SCf) level Architects and SABSA Chartered Practitioners (SCP), it has become apparent that access to further knowledge and practical examples of SABSA supports the overall objectives of business driven security are needed. To this end I hacve compiled a list of resources that I will update/maintain that are freely available and talk to the practical application of SABSA.

• Introduction to SABSA – Robert Laurie – AISA
• Business Enabling Cyber Security Strategy Development Using SABSA – Gareth Watters – ISACA (Link coming soon)
• The Business of Risk - David Lynas - David Lynas Consulting
• SABSA’s Integrated Control Library - Multi-Tiered Control Strategy - John Czaplewski – David Lynas Consulting
• Adapting to New Normals - Adapting to new normals - How to Architect for Ever-moving Goalposts - COSAC Connect #2 – David Lynas
• SA B[S]Akery: The Story of ESA Architects Turned Bakers - COSAC Connect #1 – Esther Schagen-van Luit – CISO – Deloitte (NL)
• Using SABSA to Architect Zero Trust Networks - COSAC Connect #1 – Chris Blunt
• Dependency Modelling in SABSA – Dynamically visualizing risk – COSAC Connect #2 - Andy Clark
• Using SABSA to Leverage Security Standards and Guidelines – John Czaplewski – David Lynas Consulting
• Malcolm Shore's Linkedin Training - SABSA for Cloud (Premium Members)
• Shane Tully - SABSA for Cryptographic Key Management - Arrival at the promised land, or a deal with the devil (The SABSA Institute Members)
• Robert Campbell 's https://www.assuredcontrol.com/downloads/index.html website with examples

SABSA Slides

There are slides avaialble also for a number of these presentations here: https://www.davidlynas.com/resources

SABSA Training

Later this year, SABSA training in Australia at both Foundation and Advanced Levels for SCF architects wishing to become SCP (practitioners).

• SABSA Foundation (F1 - Security Strategy and Planning & F2 - Security Service Management and Design): https://alctraining.com.au/course/sabsa-foundation/
• SABSA Advanced A1 - Risk, Assurance & Governance: https://alctraining.com.au/course/sabsa-advanced-risk-assurance-governance/
• SABSA Advnaced A3 - Advanced Architecture & Design https://alctraining.com.au/course/sabsa-advanced-architectural-design/

Let me know if theres a part of SABSA you'd like to see in the future, as we are planning new public / community content.