SABSA Advanced Module A2: Service Excellence

SABSA Practitioner/Masters Certification Module

Service excellence is one of the most powerful differentiators for business, driving market share, repeat business, and customer referrals. Service excellence creates customer loyalty and service profitability, outcomes which can make the difference between business success and failure.

This course provides participants with a comprehensive understanding of how he SABSA Framework can be applied to deliver service excellence. Through a series of innovative presentations, case studies, and workshops, you will develop the knowledge and skills to use the most proven security architecture, design and service management processes in a way which drives service excellence throughout the whole system development life cycle, and which results in delivery to customers a defining difference in service.

This course covers the concepts and characteristics of process and customer excellence and shows how they can be represented as drivers in the SABSA framework. It covers the fundamentals of high assurance design and essential service survivability, service level management, and provides a 12-step end-to-end process for developing and delivering services which are truly customer-excellent.

Learning Outcomes

The top ten competencies developed on this course are:

Describe enterprise performance requirements in terms of the SABSA Performance Framework
Understand the formal process involved in designing high-availability services
Describe service performance in terms of underlying business attributes
Understand the concepts of survivability and survivable systems design
Identify and scope those services which by virtue of external regulation or internal demand are essential
Demonstrate the application of SLAs to end-to-end services and to service providers
Understand and be able to apply formal availability calculations for systems and services
Classify attacks into threat types and be able to create probabilistic threat trees
Analyse enterprise value from business processes and customer intelligence
Understand the SABSA SNAP process for delivering services customers rate as excellent.

Service Performance

One of the key issues facing businesses in an increasingly competitive environment is ensuring that their services are delivered effectively and efficiently, and meet the performance expectations of their customers. While the specific performance requirements of any service will vary, the way I which the service is assured of meeting those requirements can be engineered with a great deal of success by knowledgeable architects.

Service performance is a disciplined process of establishing as non-functional requirements the performance criteria, and designing the systems and processes used to deliver the service in a way which incorporates traceability to demonstrate how the performance criteria have been satisfied in the resulting design. This is then followed through into the service management processes used to ensure the performance of the service is properly maintained throughout its life.

One of the more usual forms of expressing service performance is the Service Level Agreement (SLA), which sets a mutual set of expectations between the service provider and the customer as to the reliability and responsiveness of all aspects of the service, including provisioning, maintaining service availability, and responsiveness of recovery after a service outage. The service provided to the customer will need to have back-to-back SLAs with its underlying service elements, including in particular any derived from external third parties. It will also need to have back-to-back agreements in place with operational service management, known as Operational Level Agreements (OLAs). While service level management is relatively straightforward in principle, it can often fail due to a variety of causes including inadequate back-to-back SLAs, misaligned service level terminology, misaligned expectations, and the tendency for service managers to provide metrics based on technical performance rather than service level measurements.

The ability to achieve performance targets is complicated by the need to not only design for performance, but also to counter failures and attacks which might compromise performance. A malicious denial of service is one such issue. Designers need to establish well thought out threat models and effective early warning systems to ensure these threats are not able to be realised.

Service Assurance

In creating a service, designers need to not only plan on delivering the required performance but also delivering it with a level of assurance that is proportional to the service value. Increasingly in areas of critical infrastructure with its associated public-private partnership obligations, there is a tendency to promote voluntary adoption or regulation of service performance. Such demands will often come with a requirement for formal assurance of service performance, and heavy penalties for failing to meet that.

Assurance management is the activity that provides feedback on the quality and completeness of the information security measures incorporated into the design, and is an integral part of the SABSA framework. The need to demonstrate formal assurance of service delivery is an increasingly important part of any service provider's business, and a clear differentiator for next generation services.

Service Performance Governance

The SABSA Framework provides its own governance framework for ensuring that all aspects of service management, including performance of service delivery, are in line with the strategic requirements set by the business, be they regulatory or business-enabling.

High-Level Learning Outcomes

After attending this course, attendees will be able to:

Plan, develop, implement and manage a strategic enterprise-wide service performance framework, methodology, tool-set, and process, aligned to the SABSA Framework.
Implement a SABSA-based assurance framework within which to develop services with a demonstrable assurance of meeting performance targets.
Define business driven control and enablement objectives for meeting assured service performance targets.
Apply SABSA assurance and performance management methods in the context of service delivery, both at the strategic and at the operational level.
Develop an over-arching SABSA service performance assurance strategy to address the needs of isolated service performance activities, and create and integrated, holistic approach.
Develop a SABSA service level management strategy to ensure customers are provided with high assurance of service satisfaction.
Discover, analyse, and evaluate internal and external business factors, including regulatory regimes, to drive the priorities of the SABSA proportional performance assurance strategy.
Develop the architectures necessary to provide high assurance and high availability systems, based on survivable underlying transport services and high assurance application services.
Discover and define the essential services necessary to ensure business success, and architect them in such a way as to be assured of survivability even in the event of threats being realised.
Develop practical SABSA methods to model and measure threats, and to architect early warning systems to enable real-time response to attacks.
Plan and conduct risk-based reviews to assess the potential survivability of services based on their ability to continue to serve the requirements of their mission whilst under attack.
Apply the SABSA Framework to assure compliance with external standards for service availability and performance assurance.
Within the SABSA Framework, plan and implement a comprehensive programme for testing of systems and software to provide assurance of their compliance with business objectives for service performance.

Pre-requisite Knowledge

There are no pre-requisites for attending this course or for sitting the SABSA Institute A2 examinations on completion of the course.

However, attendees will probably benefit most if they have some previous knowledge of the SABSA framework, and for those wishing to be awarded the SABSA Chartered Practitioner Certificate or the SABSA Chartered Master Certificate, they will need to complete the SABSA Chartered Foundation Certificate before the practitioner award can be made, which is in turn a pre-requisite for the award of the Master Certificate.

What A Course Attendee Will Take Away

A comprehensive knowledge of the principles and practice of service performance management, assurance and governance within the SABSA framework.
A plan for implementing service performance management and assurance management throughout the enterprise using the unique SABSA Business Attributes Profile approach combined with the comprehensive SABSA framework for threat and risk modelling, assessment, analysis, mitigation, management and measurement.
A new and more comprehensive definition of “best-practice” service performance assurance methods that exceed existing standards and definitions through the application of the SABSA Business Attributes Profile as a proxy for the ‘assets’ at risk.
A practical SABSA-based approach to building an ever more accurate and assured enterprise performance strategy – and facilitating performance assessment of new ventures through the work already done and the lessons already learned in developing that strategy.
A plan for implementing ongoing improvement of existing service performance and assurance management through monitoring, measurement and benchmarking.

Who Should Attend

CIO / CISO / CRO / CIRO
IT Strategists and Planners
IT Architects
IT Development Managers and Project Leaders
Software Managers and Architects
Computer / Information Security Managers, Advisors, Consultants & Practitioners
IT Line Managers
IT Service Delivery Managers
Risk Managers
Internal and External Auditors

This course is of particular importance to those personnel involved with service delivery of national critical infrastructure and Cloud services.

Methodology

The course consists of lectures and workshop sessions, supplemented by case studies drawn from a combination of published real life examples and/or practical experience.

In the workshops attendees will work in small groups to synthesise ideas and strategies and to apply the material in the context of case studies and simulations. Open forum discussions will also feature where appropriate.

Lecture content is naturally less intense than in Foundation classes, with more emphasis on practical work. The course focuses heavily on developing the skills and knowledge for a practitioner or master through hands-on workshop sessions and discussions, so as to provide the appropriate balance and emphasis on practice rather than theory.

Course Content

1 SABSA Refresher

Principles of SABSA
Matrices and Attributes
Traceability
Certification Roadmap

2 Service Excellence

Roles of the Architect and Service Manager
Assured Service Delivery
Effective Business Processes
Skilled and Motivated Staff
Customer Intelligence and Service Excellence

3 SABSA Time Concepts

Development Lifecycle
Lifecycle alignment
Processing Schedules
Performance Management
Performance Measurement

4 High Assurance Design

Service Performance Factors
Application Problem Areas
Operational Continuity
Security Strategies
Reliability Requirement
Design Verification
HA Design Principles
Security Design Patterns
High Assurance Attributes

5 Survivability

Defining Survivability
Survivable Network Analysis
RAPSA critical infrastructure survivability

6 Service Level Management

SLAs
Market Chains
SLA Measurements, KPIs/KQIs
Service Decomposition and Service Maps
SLA Correlation

7 UK Telecommunications Systems and Services Standard

System and Services Security
Availability Calculations
Threat Model
Controls

8 Threat Modelling

Threat Domains
Multistage Threat Modeling

9 Assured Service Delivery

Production Controls
Event Management
Change Controls
BCP/DR
Situational Awareness
Availability Management
Accreditation
Audit

10 SNAP: A SABSA Approach to Service Excellence

Customer and Service Excellence Attribute Taxonomy
SNAP Methodology