Module A4 – Advanced SABSA Incident, Monitoring & Investigations

The increasing tempo of cyber attacks by cyber criminals, state sponsored actors, and hacktivists is a major concern for all organisations within government and industry. The internet is now a hostile environment where businesses can be destroyed overnight. The sophistication of cyber attack is challenging even the most capable cyber defender, and is well beyond the preventative capability of most organisations. Attacks will be successful, and there is an increasing requirement for businesses to monitor their systems and networks, and to respond effectively to incidents.

One of the key challenges for the security team is to be able to articulate to management why a specific operational capability is required, and to ensure the capability most effectively integrates with the overall technology strategy for the business. This requires the ability to trace business requirements down to the monitoring solutions, and to trace the solutions back to business requirements. It also requires an understanding of the impact of a cyber incident to justify the type and extent of response capabilities.

The SABSA Advanced A4 module provides participants with a comprehensive understanding of how the SABSA framework can be applied to deliver effective incident management and monitoring. Through a series of innovative presentations, case studies, and workshops, you will develop the knowledge and skills to use the most proven security architecture, design and service management processes in a way which ensures comprehensive and effective monitoring and incident management capabilities are achieved. This course approaches the incident management and monitoring capabilities in the context of both a baseline security operations center and the requirements which justify its development into an advanced security operations center.