SABSA -- highly recommended for enterprise/solution architects
steve.taylor
Posts: 14Member ■□□□□□□□□□
I was on the SABSA Foundations course this week in Melbourne. I haven't seen a lot written on this forum about SABSA, so I thought I'd give everyone my impressions.
"SABSA is a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that traceably support business objectives".
The course was mind blowingly good. It was given by David Lynas, one of the co-authors of SABSA.
The course is about being able to define business enabling controls that support your organisation's goals and objectives. I'm sure most of us struggle to justify why we need certain controls -- or even decide which controls are necessary -- and SABSA provides a framework for achieving this.
If you're looking for how to architect a DMZ, this isn't the course for you. It's very much presented at an enterprise architect level, and it's not really about technology. But rather it'll give you a framework that shows you how to decide which components, mechanisms, services, etc. should be chosen in order to support the business.
In order to take the exam, you need to take the training course. This is because the failure rate was very high when they allowed self study. Trust me when I say this isn't the type of thing you can learn from reading a book. You need the group exercises and a chance to ask a lot of questions. The price of the course is worth every cent.
"SABSA is a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that traceably support business objectives".
The course was mind blowingly good. It was given by David Lynas, one of the co-authors of SABSA.
The course is about being able to define business enabling controls that support your organisation's goals and objectives. I'm sure most of us struggle to justify why we need certain controls -- or even decide which controls are necessary -- and SABSA provides a framework for achieving this.
If you're looking for how to architect a DMZ, this isn't the course for you. It's very much presented at an enterprise architect level, and it's not really about technology. But rather it'll give you a framework that shows you how to decide which components, mechanisms, services, etc. should be chosen in order to support the business.
In order to take the exam, you need to take the training course. This is because the failure rate was very high when they allowed self study. Trust me when I say this isn't the type of thing you can learn from reading a book. You need the group exercises and a chance to ask a lot of questions. The price of the course is worth every cent.
Comments
As for the exam, like what Steve has mentioned, there is no way you can pass the exam without going through the entire 5-days course. We had no idea whether we will pass or fail the examination, especially for F2 module paper. Time is also challenging considering we need to complete 48 questions in one hour for each module.
All in all, if this course is sponsored by the company, I would highly recommend. But if it's self-sponsored, I will reconsider and not place this as a high priority.
Btw, I passed the exam after 2 weeks waiting period
There's CISSP-ISSAP in the US and TOGAF.