Solving the ITIL Security Problem - Course Content
1. Introduction
2. SABSA Overview
- The ITIL security problem
- Benefits & objectives
- Role of risk & governance
- Security services & security service management
- The SABSA lifecycle & process
- Structure, scope & application
- How SABSA maps to ITIL
3. Security Service Strategy
- ITIL functions & processes in service strateg
- Financial management & ROI
- Service portfolio management
- Demand` management - SABSA business-driven security context
- Business goals & objectives
- Business risks & opportunities
- Business processes and governance
- Business geography & time - Business security activities
- Defining business drivers
- Business risk governance
- Service capability & value proposition
- Service provider & customer relationships
- Point-of-supply management
- Defining performance targets - SABSA strategic security concepts
- Service requirements attributes profile
- Risk & opportunity management
- Strategy for process assurance
- Security organisation, roles & responsibilities
- Security domain framework - Strategic security activities
- Defining proxy assets
- Developing ORM objectives
- Service delivery planning
- Service management roles
- Security service catalogue
- Service performance criteria & targets
4. Security Service Design
- ITIL functions & processes in service design
- Catalogue management
- Service level management
- Capacity planning
- Availability management
- Continuity planning
- Supplier management - SABSA Logical Security Architecture
- Information asssets
- Risk management policy
- Security process maps
- Entity trust framework
- Through-life management - Logical Security Activities
- Release, configuration & asset management
- Security policy management
- Security service delivery management
- Administration & provisioning
- Capacity & availability management
- Reporting on KPIs & KRIs - SABSA Physical Security Architecture
- Data assets
- Risk management practices
- Security mechanisms
- ICT infrastructure - Physical Security Activities
- Integrity & change protection
- Operational risk monitoring
- Incident control
- User support
- Service resources protection
- Performance data collection - SABSA Component Security Architecture
- Security data repositories
- Risk management tools
- Products, tools & technical standards
- Identity & access control
- Location components, nodes & addresses
- Component Security Activities
- Data asset protection
- Risk analysis techniques & registers
- Product & tool selection & procurement
- Product, tool & location security management
- Service level reporting techniques
5. Security Service Transition
- ITIL functions & processes in service transition
- Transition planning & support
- Change management
- Asset & configuration management
- Release & deployment management
- Validation & test management
- Evaluation & knowledge management - Security functions & processes in service transition
6. Security Service Operation
- ITIL functions & processes in service operation
- Event management
- Incident management
- Request management
- Access management
- Monitoring & control management
- IT operations
- Service desk - SABSA operational security architecture
- Assurance of operational continuity & excellence
- Operational risk management
- Process delivery management
- Personnel management
- Management of installations
- Management schedule
7. Continual Security Service Improvement
- ITIL functions & processes in continual service improvement
- Continual service improvement
- Service reporting - SABSA functions & processes in continual security service improvement
- Performance reporting using SABSA Attributes
- Security benchmarking
- Security service capability maturity modeling
