SABSA Practitioner: Risk Assurance
Assurance Management
Not only does an organisation need to plan and execute an appropriate information security programme – the senior management team also needs to have a means by which it can check that this is so – to provide assurance that all is well in this respect. Assurance management is the activity that provides this feedback on the quality and completeness of the information security programme. It is an integral part of the SABSA framework and appears in the SABSA Matrix in column 1, row 6, under the title of ‘assurance of operational continuity’.
‘Operational continuity’ should be taken in its very broadest sense here. Within the SABSA methodology that means that you need assurance that all of the Business Attributes in your SABSA Business Attributes Profile are being provided to a level compatible with the performance targets that you have set for each one.
Course Overview
This 2-day course provides participants with a practical guide on how to implement an assurance programme in the wider context of a SABSA-based enterprise information security architecture and risk management programme.
High-Level Learning Outcomes
After attending this course attendees will be able to:
- Implement and manage an assurance strategy and programme within the SABSA framework
- Plan, implement and manage a risk-based audit programme within the SABSA framework
- Design, implement and manage a business process assurance programme within the SABSA framework
- Apply capability maturity modelling techniques to plan, implement and manage a programme of continuous process and systems analysis and improvement within the SABSA framework
- Implement a SABSA-based IT and information security governance framework within which to develop security and risk management policies, define control objectives and manage projects
- Apply the SABSA framework to assure compliance with external standards such as ISO 17799 and ISO 27001
- Within the SABSA framework, plan and implement a comprehensive programme for testing of systems and software to provide assurance of their compliance with business and operational requirements
Pre-Requisite Knowledge
There are no pre-requisites for attending this course or for sitting the SABSA Institute PT2 examination on completion of the course. However, attendees will probably benefit most if they have some previous knowledge of the SABSA framework, and for those wishing to be awarded the SABSA Chartered Practitioner Certificate, they will need to complete the SABSA Chartered Foundation Certificate before the Practitioner award can be made.
What a Course Attendee will take away
- A comprehensive knowledge of the principles and practice of assurance management within the SABSA framework
- A plan for implementing and managing an assurance programme based on best-practice methods, standards and tools and linked directly to the SABSA Business Attributes Profile
- A practical SABSA-based approach to assuring business processes and systems through monitoring, measuring, benchmarking, testing and continuous improvement
Who Should Attend
- CIO / CISO / CRO / CIRO
- IT Strategists and Planners
- IT Architects
- IT Development Managers and Project Leaders
- Software Managers and Architects
- Computer / Information Security Managers, Advisors, Consultants & Practitioners
- IT Line Managers
- IT Service Delivery Managers
- Risk Managers
- Internal and External Auditors
Methodology
The course consists of lectures and workshop sessions, supplemented by case studies drawn from a combination of published real life examples and/or practical experience. In the workshops attendees will work in small groups to synthesise ideas and strategies and to apply the material in the context of case studies and simulations. Open forum discussions will also feature where appropriate.
Lecture content is naturally less intense than in Foundation classes, with more emphasis on practical work. The course focuses heavily on developing the skills and knowledge for a practitioner through hands-on workshop sessions and discussions, so as to provide the appropriate balance and emphasis on practice rather than theory.
