Greetings from The SABSA Institute!
We have lots of exciting events lined up for February and March, starting with SABSA World London!
SABSA World London
Welcome to SABSA World London, a gathering of SABSA enthusiasts aimed at sharing knowledge, building business relationships and having fun!
Event details: 18th March 2025 (Tuesday) from 6pm to 9pm
Location: PA Consulting Offices, London
7th Floor, 10 Bressenden Place
London SW1E 5DN
United Kingdom
Contact: +44 20 7730 9000
Address: Open in Google Maps
Join us for an exciting in-person event at PA Consulting’s office in Victoria, London. Connect with fellow SABSA enthusiasts, learn about the latest trends in security architecture, and expand your professional network. Don’t miss this precious opportunity to enhance your skills and knowledge in a vibrant setting. Mark your calendar and get ready for an unforgettable experience at SABSA World London on 18th March 2025.
All are welcome. Refreshments will be provided by PA Consulting.
Anthropology in Security Architecture
By Dr Mike Brass, Archaeologist and Head of Security Architect for National Highways
Strong interrelationships between academia and information security stretch back decades. However, it is only recently that the intersection between much of the social sciences and information security has come to the fore. The social sciences include, amongst others, Anthropology, Political Science, Psychology and Sociology. Criminology is also included as Criminal Anthropology. This talk takes a step back to include Anthropology as a whole into the discussion. Taken together, the social sciences emerge as a vital resource, offering distinctive perspectives to aid in comprehending and strengthening information security.
How Threat Actors use the DNS protocol to exfiltrate data
By Ollie Sheridan, Solutions Architect for Infoblox
Since its creation in 1983, the DNS protocol has been an essential component of every Internet connected organisation’s network. Whilst this has been seen traditionally as a harmless protocol with little or no controls applied to it, DNS has, over the years, been increasingly used by Threat Actors to infiltrate organisations by various means. One of the Threat Actor’s Action on Objectives is to exfiltrate data from an organisation by encoding the data and using the organisation’s infrastructure against itself. In this talk, we will have a look at how this is achieved by Threat Actors and potential ways in which you can mitigate against it.
Format – We will have two 45-minute presentations, each with 10 minutes of Q & A.
Event Size – Available places are currently limited to 40 spaces. Sign up quickly to reserve your seat now.
Registration Link
https://www2.paconsulting.com/SABSA-World-UK-meetup-with-Infoblox-register.html
Ticketing – Due to health and safety and dietary requirements, registration will be conducted on PA Consulting’s system.
Website – PAconsulting.com
Special thanks to PA Consulting for graciously hosting this event and sponsoring the location and refreshments, and to Simon Cross from Infoblox for his excellence and dedication in planning and spearheading SABSA World UK.
Simon Cross started his career in the year 2000 designing carrier-class VoIP networks, gaining extensive expertise in network security. In 2011, he transitioned into enterprise security architecture. Delivering senior roles in defence, aerospace, and financial services, he has built a strong reputation across multiple sectors. Now refocusing on technical aspects, Simon specialises in DNS solution design, helping clients enhance security posture and realise cloud efficiency through DNS optimisation.
Infoblox is a leader in cybersecurity and hybrid cloud core networking. They provide solutions that protect networks from threats while simplifying and automating critical functions like DNS, DHCP, and IP address management. Infoblox’s services are trusted by over 13,000 companies worldwide, including 75% of the Fortune 500. Their offerings ensure secure, efficient, and reliable network operations across on-premises and cloud environments.
Website – Infoblox.com
For more information on SABSA World London, please contact Simon.
Webinar – Using SABSA Principles to Establish Robust Architecture Functions
Date/ Time: 2nd March 2025, Sunday at 6pm (AEDT)/ 3pm (AWST)
Registration Link
https://us02web.zoom.us/webinar/register/WN_SFc1Fg3wROO56uMJi_8vTA#/registration
Overview
Struggling to align security architecture with business goals? Joshua Qwek will demonstrate how SABSA helps bridge the gap between security, risk and business objectives.
Discover a structured approach to building and integrating architecture functions into businesses.
Key takeaways
- The importance of aligning architecture governance with business goals
- How strong governance mitigates security risk
- Ideas on building a robust model that suits your organisation
Don’t miss out on this chance to participate in a thought-provoking dialogue with leading experts –
Register now and be part of the conversation!
Speaker – Joshua Qwek
Joshua Quek, Presenter of Using SABSA Principles to Establish Robust Architecture Functions
Joshua Qwek is a seasoned Cyber Security Architect with over 20 years of experience enhancing resilience and managing risks across industries such as finance, government, and manufacturing.
A sought-after speaker, Joshua has presented at prominent events, including:
- AISA PerthSEC Conference 2021: Presenting on “Shifting Left” and culture implications
- AISA (National / Melbourne) 2022: Cybersecurity Architecture
- CISO Perth 2023: Building a people-led security culture
He holds memberships with the Australian Institute of Company Directors (MAICD) and is an honorary member of AISA.
Registration Link
https://us02web.zoom.us/webinar/register/WN_SFc1Fg3wROO56uMJi_8vTA#/registration
For more information on TSI Webinars, please contact Rob Laurie.
Presentation on the Benefits of Enterprise Architecture Modelling for Security and Introducing SABSA
We are pleased to inform that a one-hour presentation on the Benefits of Enterprise Architecture Modelling for Security, which can also be delivered as part of a two-session series Introducing SABSA, is now available.
We would be happy to offer this presentation to anyone involved in security as part of an Enterprise Architecture practice; anyone interested in having this presented at their place of work is more than welcome to get in touch with Steven Bradley via email.
The Open Group Summit, Amsterdam, 19th May 2025
Steven Bradley will be presenting the SABSA Security Overlay at The Open Group Summit in Amsterdam on 19th May, Monday in the Industry Awareness sessions.
In consideration of the user demand for Security in ArchiMate, the ArchiMate Forum is keen to promote the T100 Paper (recently republished as a The Open Group guide) at The Open Group Summit in Amsterdam in May, and Steven has proposed a couple of papers on the topic, one general paper and one that is more technical.
For more information on The Open Group Summit in Amsterdam, please refer to https://meet.opengroup.org/event/AmsterdamSummit2025
Steven Bradley
SABSA Enhanced NIST Cybersecurity Framework (SENC) Working Group
February update from Glen Bruce, Leader of SENC
The SENC project continues to make progress focussing on completing the NIST CSF Business Attributes component of the project. The team has defined a good collection of Attributes that reflect the categories and subcategories of NIST CSF 2.0. These Attributes provide examples that can be leveraged by organisations that are aligning their security architecture to the NIST Cybersecurity Framework. Work continues to fill in the corresponding Attribute Profiles including the definitions, attribute measurements and metrics, performance targets and industry sector applicability. Due to multiple and exciting new business and professional opportunities including a key role in a professional association and opening his own consultancy, Bruce Large, the Attributes task master for the SENC Business Attributes, had to limit his oversight involvement but continues as a valued project contributor.
The SENC project will provide a library of example Attribute Profiles that can be adapted to the specific needs and context of an organisation’s requirements. The current thinking on the treatment of Attributes in the next generation of SABSA has been shared with the SENC project. The documented SENC project recommendations supporting the Business Attribute Profiles will include guidance on the requirement for customization of the Attributes reflecting the domains, external business relationships and service providers that are essential for the enterprise-specific security architecture. It is noteworthy that using the SENC library of Attributes “as-is” without adapting them to the context of the Enterprise defeats the value of the SABSA method.
The next activity of the project will be to define a SABSA-specific NIST CSF Profile to provide enhancements and additions to the NIST CSF 2.0 functions, categories and subcategories to augment the integration of the CSF into the Security Architecture using the SABSA method. The objective of this project component is to produce a SABSA NIST CSF 2.0 Profile identifying the recommended enhancements and additions that are useful to the SABSA community. The SABSA NIST CSF 2.0 Profile will include suggested enhancements and additions to the existing NIST CSF 2.0 functions, categories and subcategories that are aligned to the SABSA method to provide a more complete and easier integration of the CSF. This Profile can be used as a template to assist leveraging the NIST CSF 2.0 when developing or enhancing a security architecture using the SABSA method. It will provide a reference for the SABSA community when incorporating the NIST CSF 2.0 into their security architecture.
To contribute to the SENC Working Group, please contact Glen Bruce.
SABSA World Australia
SABSA World is the banner under which SABSA community members and practitioners can organise events and gatherings to connect with one another. SABSA World can be an evening talk, a weekday lunch, a study group or a casual social networking event and may be regularly scheduled or spontaneous and occasional.
All SABSA World activities are intended to be a welcoming space for everyone – and all are welcome – seasoned SABSA practitioners or just the SABSA-curious alike.
SABSA World Perth (5th February)
Upcoming Melbourne events
Here are the SABSA World events taking place in Melbourne in February and March.
· SABSA World Melbourne – Security Architect Cocktails
24th February, Monday
· SABSA World Melbourne – Monthly security architect’s lunch
26th March, Wednesday
SABSA World Melbourne, 28th January – A monthly casual networking lunch for the local security architect community in Melbourne – for both the SABSA-curious and the SABSA enthusiast.
SABSA World Groups
The following are pages for SABSA World community groups which organise events and provide resources to security architects around the world. For more information on how to join, help, host or participate in SABSA World community groups, please visit:
SABSA World Australia
SABSA World Australia is a community project focused on the Australian SABSA Community, but is open to all.
Links to SABSA World Australia pages, events, and resources can be found via the Linktree: https://linktr.ee/sabsaworldaustralia
Europe
For information on upcoming events in Europe, follow SABSA World Belgium.
Interested in joining a Liaison Group?
Both EMEA & NA and APAC LGs welcome expressions of interest from community members who are keen to join. TSI Members can join either group, based on their time zone, location or preference.
Members who would like to join an LG are encouraged to write in to:
EMEA & NA LG
LG-emea@sabsainstitute.org
APAC LG
LG-apac@sabsainstitute.org
March Highlights – SABSA Foundation Course by David Lynas, SABSA Co-Author, in Australia
We are pleased to announce that SABSA Co-Author David Lynas will be in Sydney (from 10th to 14th March) and Canberra (from 17th to 21st March) to conduct the SABSA Foundation course in person.
Register for your SABSA Foundation course today!
TSI Training and Certification
SABSA training is available through the TSI network of Accredited Education Partners (AEPs). Our training covers all levels in the SABSA training continuum from Foundation to Practitioner.
Certification by TSI is competency-based and requires candidates to demonstrate the knowledge, skills and abilities required to use the SABSA method in the real world. SABSA Certification Examinations can only be taken after completion of training provided by a TSI AEP.
For more details, please refer to the TSI AEP website.
Upcoming Courses
A schedule of all upcoming SABSA-approved (non-certification based) and SABSA official (certification-based) courses can be found on our website here.
Our Publications Team is growing!
Ghariba has joined our Publications Team as Community Manager. Ghariba has 10 years of risk management experience (six years in cybersecurity and four years in financial risk), volunteers with the SABSA EMEA Liaison Group, and has attained SABSA Chartered Foundation Certification.
As the first SABSA Founders Bursary recipient, she created the COSAC Lab with Jason Kobes as a mentor, fostering idea development through innovative themes. Her sessions include cybersecurity’s nomadic aspects and the value of creativity in security professionals.
Passionate about African identity and history, she integrates hybrid ecosystems, biomimicry, and cultural values to enhance system robustness.
A warm welcome to Ghariba!
SABSA Publishing
This is a call for expressions of interest to join the SABSA Publications Team. We would like to invite you to reach out to us if you’re keen to be a volunteer or have your materials published by us. Those who submit their EOIs will be contacted by a member of the Publications Team to schedule an interview.
Authors
We welcome all submissions and are particularly interested in working with those who have successfully passed the examination for Practitioner courses (A1 and A3).
Those interested in having their work published by The SABSA Institute may submit their details here.
Publications Team Volunteers
Document editor
Technical editor
Document composer (LaTeX software typesetter)
Graphic designer
Technical document translator
Project manager
Video editor
Audio editor
Anyone who wishes to join the Publications Team as a volunteer may register using this form.
For more enquiries, please contact Kirk Nicholls.
Recommended Reading
A monthly selection of material assembled by the Publications Team for the SABSA community.
Community Video
Dependency Modelling in SABSA by Andy Clark
Dependency modelling is a way of analysing risks to an enterprise. It uses a variety of different approaches to describe and predict how different systems components interact and interdepend. Typically, it provides graphical representations of these relationships that help systems engineers design and implement resilient systems. The goal is to use Dependency Modelling within SABSA to make the design of resilient business systems easier.
https://www.youtube.com/watch?v=Lm0JuvobEOQ
SABSA White Paper
TSI W103 – SABSA Responsibility Assignment Modelling
An introduction to SABSA Responsibility Assignment Modelling and the abstract and conceptual views of stakeholders’ roles and responsibilities.
Without stakeholders, the concept of enterprise is meaningless. Stakeholders in all their capacities are the purpose of an enterprise, the lifeblood that enables the enterprise to operate. Those who benefit or suffer and the ultimate cause of success or failure.
Understanding stakeholders and, more importantly ensuring that their various roles and responsibilities in the enterprise are properly architected, is arguably the most important aspect of architecture.
TSI Digital Badges
We are excited to announce the launch of Digital Badges for The SABSA Institute.
On 19th February 2025, The SABSA Institute launched our Digital Credentials Program.
Digital Badging will allow The SABSA Institute Chartered Architects to:
– Clearly outline the steps taken to achieve your #SABSA Certification
– Easily share your digital credentials online
– Utilize a reliable method for real-time credential verification
– Discover direct connections between your skills and job opportunities
We carefully designed our new digital badges based on detailed feedback from our Liaison Group members, and the immediate and unparalleled impact has been clear, with hundreds of shares on social media already.
For more information:
You can find a preview of the badges, including an FAQ, on the website: https://sabsa.org/digital-badges/
Contact Support:
If you have not received your badge due to being registered with an old email address, you can contact the support page: https://sabsa.org/digital-badge-support/
Acknowledgements:
We would like to thank the following people for their efforts in making the Digital Credentials Program a reality:
· Gareth Watters (Lead)
· Lauren Calvert
· James Lynas
· The Board of Directors
· Liaison Group Members
· The TSI Legal Team
And with that, we’ve come to an end of our exciting updates for February.
See you soon.
The SABSA Institute