+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member
    Join Date
    Jun 2016
    Location
    New Zealand
    Posts
    14

    Certifications
    CISSP, CISA, CISM, CRISC, ITILv3 Foundations
    #1

    Default SABSA -- highly recommended for enterprise/solution architects

    I was on the SABSA Foundations course this week in Melbourne. I haven't seen a lot written on this forum about SABSA, so I thought I'd give everyone my impressions.

    "SABSA is a proven methodology for developing business-driven, risk and opportunity focused security architectures at both enterprise and solutions level that traceably support business objectives".

    The course was mind blowingly good. It was given by David Lynas, one of the co-authors of SABSA.

    The course is about being able to define business enabling controls that support your organisation's goals and objectives. I'm sure most of us struggle to justify why we need certain controls -- or even decide which controls are necessary -- and SABSA provides a framework for achieving this.

    If you're looking for how to architect a DMZ, this isn't the course for you. It's very much presented at an enterprise architect level, and it's not really about technology. But rather it'll give you a framework that shows you how to decide which components, mechanisms, services, etc. should be chosen in order to support the business.

    In order to take the exam, you need to take the training course. This is because the failure rate was very high when they allowed self study. Trust me when I say this isn't the type of thing you can learn from reading a book. You need the group exercises and a chance to ask a lot of questions. The price of the course is worth every cent.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2013
    Posts
    1,260

    Certifications
    CISSP, GWAPT, GSEC, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #2
    It seems in the U.S. that TOGAF / Zachman / DODAF are the most common forms...to be honest I’ve never heard of SABSA...is it really common out that way?
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Jun 2016
    Location
    New Zealand
    Posts
    14

    Certifications
    CISSP, CISA, CISM, CRISC, ITILv3 Foundations
    #3
    Yes, it's quite common in Australia. I've only heard people talking about TOGAF or SABSA here.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Aug 2015
    Posts
    7
    #4
    I concur that. I attended SABSA last month in Singapore by David Lynas and it was really good. There are two things which we felt could be improved - that would be the connection between David's real-life examples and the relevance towards paper examination. Towards F2 module, we literally took only 1 day to complete whole of the module, which is kinda rush from the class perspective and it holds true during the exam when we were struggling.

    As for the exam, like what Steve has mentioned, there is no way you can pass the exam without going through the entire 5-days course. We had no idea whether we will pass or fail the examination, especially for F2 module paper. Time is also challenging considering we need to complete 48 questions in one hour for each module.

    All in all, if this course is sponsored by the company, I would highly recommend. But if it's self-sponsored, I will reconsider and not place this as a high priority.

    Btw, I passed the exam after 2 weeks waiting period
    Last edited by Skyyyyy2001; 12-04-2017 at 06:01 AM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jun 2016
    Posts
    112
    #5
    Here in the UK, SABSA is a very highly thought off architecture framework that allows you to bridge the security and business gap. Togaf is still used but I have seen not on security projects/programmes, mainly typical enterprise architecture ones. i have TOGAF myself and have been contemplating for sometime whether to go for SABSA or not (SCF). Might just do the CISSP ISSAP
    CISSP, CISM, CRISC, GSNA, CEH, CHFI, TOGAF, CISMP
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    990

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #6
    SABSA is a British thing. Therefore all the former colonies/current Commonwealth countries in this thread, such as Australia, Singapore. In the US people I talk to usually have no idea what SABSA is.

    There's CISSP-ISSAP in the US and TOGAF.
    Reply With Quote Quote  

  8. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #7
    I came across SABSA today when reading the CSA+ guidance. So I guess it has some international currency. I think it differs more from TOGAF in the focus is very much Security architecture and not general IT architecture.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks