SABSA -- highly recommended for enterprise/solution architects

steve.taylorsteve.taylor Junior MemberMember Posts: 14 ■□□□□□□□□□
I was on the SABSA Foundations course this week in Melbourne. I haven't seen a lot written on this forum about SABSA, so I thought I'd give everyone my impressions.

"SABSA is a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that traceably support business objectives".

The course was mind blowingly good. It was given by David Lynas, one of the co-authors of SABSA.

The course is about being able to define business enabling controls that support your organisation's goals and objectives. I'm sure most of us struggle to justify why we need certain controls -- or even decide which controls are necessary -- and SABSA provides a framework for achieving this.

If you're looking for how to architect a DMZ, this isn't the course for you. It's very much presented at an enterprise architect level, and it's not really about technology. But rather it'll give you a framework that shows you how to decide which components, mechanisms, services, etc. should be chosen in order to support the business.

In order to take the exam, you need to take the training course. This is because the failure rate was very high when they allowed self study. Trust me when I say this isn't the type of thing you can learn from reading a book. You need the group exercises and a chance to ask a lot of questions. The price of the course is worth every cent.


  • TechGuru80TechGuru80 Senior Member Member Posts: 1,539 ■■■■■■□□□□
    It seems in the U.S. that TOGAF / Zachman / DODAF are the most common be honest I’ve never heard of it really common out that way?
  • steve.taylorsteve.taylor Junior Member Member Posts: 14 ■□□□□□□□□□
    Yes, it's quite common in Australia. I've only heard people talking about TOGAF or SABSA here.
  • Skyyyyy2001Skyyyyy2001 Member Member Posts: 57 ■■■□□□□□□□
    I concur that. I attended SABSA last month in Singapore by David Lynas and it was really good. There are two things which we felt could be improved - that would be the connection between David's real-life examples and the relevance towards paper examination. Towards F2 module, we literally took only 1 day to complete whole of the module, which is kinda rush from the class perspective and it holds true during the exam when we were struggling.

    As for the exam, like what Steve has mentioned, there is no way you can pass the exam without going through the entire 5-days course. We had no idea whether we will pass or fail the examination, especially for F2 module paper. Time is also challenging considering we need to complete 48 questions in one hour for each module.

    All in all, if this course is sponsored by the company, I would highly recommend. But if it's self-sponsored, I will reconsider and not place this as a high priority.

    Btw, I passed the exam after 2 weeks waiting period icon_wink.gif
  • scascscasc Senior Member Member Posts: 459 ■■■■■■■□□□
    Here in the UK, SABSA is a very highly thought off architecture framework that allows you to bridge the security and business gap. Togaf is still used but I have seen not on security projects/programmes, mainly typical enterprise architecture ones. i have TOGAF myself and have been contemplating for sometime whether to go for SABSA or not (SCF). Might just do the CISSP ISSAP :)
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • gespensterngespenstern Senior Member Member Posts: 1,243 ■■■■■■■■□□
    SABSA is a British thing. Therefore all the former colonies/current Commonwealth countries in this thread, such as Australia, Singapore. In the US people I talk to usually have no idea what SABSA is.

    There's CISSP-ISSAP in the US and TOGAF.
  • OctalDumpOctalDump Woohoo! It's over 1000! Member Posts: 1,722
    I came across SABSA today when reading the CSA+ guidance. So I guess it has some international currency. I think it differs more from TOGAF in the focus is very much Security architecture and not general IT architecture.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • ch_secch_sec Junior Member Registered Users Posts: 2 ■□□□□□□□□□
    Hey Sky, thanks for the info on SABSA Foundation Course. Can I check with you if the exam is included as part of the course?
  • Skyyyyy2001Skyyyyy2001 Member Member Posts: 57 ■■■□□□□□□□
    Exam is included as part of the 5 days course subscription.
Sign In or Register to comment.