Module 1
Security Across the Lifecycle
This module introduces the Solution Architect to the various security concerns and considerations when embarking on a new development project all the way to in-service support.
Module 2
The Basics of Security Architecture
This module lays down the basic principles of security architecture and provides an understanding of what it means to be a security architect. It describes the relationship to Enterprise Architecture Frameworks and how these frameworks address security.
Being an SA is a technical job, without doubt, but the key to success in these areas comes from detailed knowledge of what comprises security technology in terms of product assurance, network and technical design/development work, and the trade-off between physical, logical and procedural controls. Unlike technical architecture, where components are added together to create an endsolution based on technical know-how, security architecture adopts a framework approach for deploying patterns of risk-reducing technology that provide varying levels of assurance depending on the underlying security requirements.
Module 3
Advanced Security Architecture Concepts
This module builds on Module 2, laying down the next level of detail for a variety of architectural concepts. It starts with security mechanisms such as cryptography. It then goes on to a wide range of security services. Finally the module describes how the security services can be applied within a system and how design patterns are an important tool for a SA.
Topics covered include:
- Common methods for identification, authentication, access control
- Common methods for content control, such as anti-virus and data loss prevention
- Common cryptographic based services, such as a public key infrastructure
- Intruder detection and prevention services and their placement in systems
- The role of directories in a system
- Functions of security management within a system
- Network security controls and the threats they counter, including layer 2 controls, packet filtering, firewalls
- Common methods for resilience and recovery capabilities and techniques, including back-up and audit trails
- Security aspects of virtualisation
- Distinguish between different cryptographic mechanisms and techniques
- Use of threat modelling techniques to establish where security services should be positioned within a system
- Design patterns to explain the threats and security controls used to counter the threats
Module 4
Information Security Methodologies
This module covers various methodologies and techniques that can be used to assure the implementation of a system or a product. This includes Information Assurance Frameworks and the purpose of vulnerability and penetration testing.
Module 5
Preparation for the SASP exam
The final module provides preparation for the SASP examination.