Module 1

Security Across the Lifecycle

This module introduces the Solution Architect to the various security concerns and considerations when embarking on a new development project all the way to in-service support.

Module 2

The Basics of Security Architecture

This module lays down the basic principles of security architecture and provides an understanding of what it means to be a security architect. It describes the relationship to Enterprise Architecture Frameworks and how these frameworks address security.

Being an SA is a technical job, without doubt, but the key to success in these areas comes from detailed knowledge of what comprises security technology in terms of product assurance, network and technical design/development work, and the trade-off between physical, logical and procedural controls. Unlike technical architecture, where components are added together to create an endsolution based on technical know-how, security architecture adopts a framework approach for deploying patterns of risk-reducing technology that provide varying levels of assurance depending on the underlying security requirements.

Module 3

Advanced Security Architecture Concepts

This module builds on Module 2, laying down the next level of detail for a variety of architectural concepts. It starts with security mechanisms such as cryptography. It then goes on to a wide range of security services. Finally the module describes how the security services can be applied within a system and how design patterns are an important tool for a SA.

Topics covered include:

• Common methods for identification, authentication, access control
• Common methods for content control, such as anti-virus and data loss prevention
• Common cryptographic based services, such as a public key infrastructure
• Intruder detection and prevention services and their placement in systems
• The role of directories in a system
• Functions of security management within a system
• Network security controls and the threats they counter, including layer 2 controls, packet filtering, firewalls
• Common methods for resilience and recovery capabilities and techniques, including back-up and audit trails
• Security aspects of virtualisation
• Distinguish between different cryptographic mechanisms and techniques
• Use of threat modelling techniques to establish where security services should be positioned within a system
• Design patterns to explain the threats and security controls used to counter the threats

 Module 4

Information Security Methodologies

This module covers various methodologies and techniques that can be used to assure the implementation of a system or a product. This includes Information Assurance Frameworks and the purpose of vulnerability and penetration testing.

Module 5

Preparation for the SASP exam

The final module provides preparation for the SASP examination.