The Practical SABSA using Modelling Tools course supplements the SABSA Foundation and Advanced Modules by exploring how to put SABSA theory into practice by effectively using modelling techniques.
SABSA Modelling Motivation
While many students of SABSA appreciate the framework for its completeness of vision and intellectual rigour, they often encounter challenges in establishing it as an agile, cost-effective practice within their organisation.
In particular, the number of required artefacts in the SABSA Matrices that must then be maintained with referential integrity represents a considerable document management overhead when applied at scale.
This is not a problem unique to security: it is inherent in developing complex, multi-faceted systems.
The problem has been addressed in similarly complex domains by moving away from traditional documentation towards a model-based systems engineering (MBSE) approach, supported by tooling.
Enterprise Architecture, of which security is an indispensable aspect, has access to such an MBSE approach through the adoption of ArchiMate® into its core practice.
Unfortunately, ArchiMate’s ‘out-of-the-box’ support for the security perspective is somewhat underdeveloped and does not support SABSA’s richness, rigour and attention to detail.
Using ArchiMate’s inbuilt extension mechanisms, a Working Group of experienced SABSA Practitioners has defined a Security Overlay for ArchiMate designed to fill this gap.
The Security Overlay has recently been updated and described in Modelling SABSA with ArchiMate, v2.0, published by The SABSA Institute.
The paper defines a set of properties, elements, conventions and patterns that enable the security perspectives required by the SABSA framework to be expressed in ArchiMate and overlaid onto conventional EA models.
This approach offers several advantages:
- the model-driven approach to EA is extended to security architecture, bringing the benefits of MBSE (agility, communication, cost-efficiency, error reduction, reusability, etc.) to the task of securing systems of scale and complexity
- use of ArchiMate’s inbuilt extension mechanisms enable vendor-neutral compatibility with existing EA Tools
- setting out the security perspective as a re-usable standard supports tooling and resource sharing
The Practical SABSA with Modelling Tools course provides a hands-on tour of theory and practice that will equip the candidate with basic proficiency in using the Security Overlay.
These proficiencies include:
- Comprehension of the Security Overlay: its concepts, structure, and conventions, with an understanding of the principles and trade-offs underlying its design
- Applying the Security Overlay in guided examples and practical exercises
- Analysing the impact of applying the Security Overlay to EA models: developing an effective modelling style while avoiding the most common pitfalls
- Conceptualising of underlying paradigms: to predict and evaluate the consequences of diagrammatic idioms on the ability to manipulate the model programmatically
- Applying automated scripts to the model for efficiency, validation, or anaylsis and extending the scripting capabilty to build a personal toolkit
Course instructors are leading experts in this field, each of whom participated in the SABSA Working Group that authored Modelling SABSA with ArchiMate, V2.0.
To benefit from this course, candidates:
- must previously have attended a SABSA Foundation Training Course
- should be familiar with the ArchiMate® modelling notation, preferably certified to at least ArchiMate Foundation level
Before taking the course, candidates should familiarise themselves with Archi, the free Open Source modelling toolkit for creating ArchiMate models and sketches, and have a basic competence in creating ArchiMate® models.
Practical SABSA using Modelling Tools Dates