Sabsa Security Architecture Framework Pdf 14
Jennell Venier
It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks.
SABSA ensures that the needs of your Enterprise are met completely and that security services are designed, delivered and supported as an integral part of your business and IT management infrastructure. Although copyright protected, SABSA is an open-use methodology, not a commercial product.
Certification by the SABSA Institute is competency-based and delivers to stakeholders the assurance, trust and confidence that a professional has demonstrated the skill and ability to use the SABSA method in the real world.
As SABSA is free-use and registrations not required, we do not have a definitive list of user organisations. However, we do know the profiles of the thousands of professionals who have qualified as SABSA Chartered Architects in nearly 50 countries, on every continent and from every imaginable business sector.
SABSA certification is widely requested by employers globally and is a mandatory requirement for Security Architects and Enterprise Architects alike in numerous large-scale and national financial sector bodies.
We use cookies to understand how you use our site and to improve your experience. This includes personalizing content, advertising, transaction processing and security. To learn more, go to -policy/. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use.
SABSA (Sherwood Applied Business Security Architecture) is a model and methodology for developing a risk-driven enterprise information security architecture and service management, to support critical business processes. It was developed independently from the Zachman Framework, but has a similar structure. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited.
The model is layered, with the top layer being the business requirements definition stage. At each lower layer a new level of abstraction and detail is developed, going through the definition of the conceptual architecture, logical services architecture, physical infrastructure architecture and finally at the lowest layer, the selection of technologies and products (component architecture).
The SABSA model itself is generic and can be the starting point for any organization, but by going through the process of analysis and decision-making implied by its structure, it becomes specific to the enterprise, and is finally highly customized to a unique business model. It becomes in reality the enterprise security architecture, and it is central to the success of a strategic program of information security management within the organization.
Note: The above is the original SABSA Matrix, which is still valid today, but it has been expanded by a comprehensive service management matrix and updated in some detail and terminology areas. In the words of David Lynas, SABSA author, "The SABSA Matrix and the SABSA Service Management Matrix have not been updated since the late 90s. We have redesigned them to deliver the improvements your feedback has requested over the years. We have not fundamentally changed the structure or principles of the matrices (very few elements have changed position) but have focused on terminology update and consistency." The new versions can be downloaded (along with the 2009 revision of the SABSA White Paper and other important documents like the SABSA Certification Roadmap) at the SABSA Members' Web Site.
The SABSA Certification framework is a comprehensive, competencies-based testing programme that provides employers and peers with assurance and confidence that employees, job candidates, service providers and contractors have the professional capability to meet the needs of your organisation to design, deliver and manage enterprise security architectures. It tests professional proficiency in all aspects of enterprise security as delivered by the SABSA method.
Check current schedules for authorised training in your region.
SABSA Competency FrameworkThe SABSA Certification Framework goes much further than other certification efforts, which are largely knowledge-based. The SABSA syllabus comprises of a set of required professional competencies expressed as a series of task-oriented or behavioural learning objectives.
SABSA Certification RoadmapFrom Foundation level certification which requires a candidate to pass two test modules covering the major principles, design concepts, and management processes of Enterprise Security Architecture, up to Master level certification which demonstrates advanced competencies and leadership in a chosen area of specialism, the SABSA certification framework is suitable for Security Architects at all career levels. There are three levels of qualification:
Examination candidates must have previously attended an official SABSA Foundation training course prior to participating in an Advanced module. The SCF certification is a pre-requisite to obtaining an SCP.
It is not possible to assess Advanced competency using multiple-choice testing techniques so Advanced module examinations take the form of demonstrable assignments. Examination papers contain 5 questions from which candidates must choose 2 to answer. Using examples from real working environments, or by creating a case study, or a combination of both, candidates are required to assess issues, evaluate solution approaches, and customise and apply the SABSA method and framework to create and populate appropriate SABSA work-products (techniques, tools, templates, models, frameworks, etc.).
SABSA is the best method to develop your security architecture for your enterprise architecture. It is simple to say 'Security Architecture is a Cross-Cutting Concern.' What that means is for every domain, every element, we must consider every decision in terms of risk and security.
SABSA is based on a comprehensive top-down model. The SABSA model drives the SABSA Development Process that develops the security architecture domain of your enterprise architecture. First, you understand the strategic context creating foundational business requirements. Step-by-step you extend the chain of traceability through the entire security architecture.
SABSA's tools were built from practical experience, and work together. Some of the most important include the SABSA Model, the SABSA Business Attributes Profile, the SABSA Risk Model, and the SABSA Domain Model.
SABSA is a Domain Architecture Framework. Domain Architecture Frameworks are optimized for one architecture domain. SABSA is optimized for Security Architecture and provides detailed techniques and method. Conexiam enterprise architecture consulting recommends every enterprise architect take SABSA Certification.
The concepts and strategic approach to enabling, supporting and protecting the context; comprises a series of frameworks and objectives from a particular architecture perspective, such as Security Architecture
The SABSA Model is difficult to represent in an enterprise architecture model. Implementing enterprise architecture tools to support SABSA takes care in the model construction. Conexiam Naviagate focuses on SABSA's domain and risk models. We represent most of the SABSA Model in other enterprise architecture models.
Through the entire SABSA method at every stage you return to the business attribute profile to ensure your architecture development consistently addresses your stakeholders objectives, vision, preferences and trade-off.
The Business attributes profile provide a taxonomy, or checklist of possibility aligned with your organization's priorities. Stop brainstorming from a blank piece of paper, and start with a standard list. This increases the amount of time you spend on analysis.
For the attributes you select, the process of identify the metrics, or performance targets, moves your understanding past the label. These attributes make your stakeholder's hopes and fears tangible. Using the SABSA Business Attributes Profile is central to ensuring your business mandate, risk profile, goals and objectives are carried through the entire architecture development.
In most casual conversations, we use risk differently. We use risk as a synonym for a threat. Or a synonym for something that can go wrong. SABSA takes us down the path of professional risk management, with a focus on removing uncertainty.
The reason for focusing risk of uncertainty is simple - everything we do in business carries an upside and downside. We launch a product with an upside and downside. We enable customers to remotely access our systems for an upside with a potential downside. The product launch has an objective - market share, revenue, competitive position. Remote access also had an objective. When a bad thing happens, we fail to reach our objective.
Every Domain has a definable boundary. Everything inside a Domain shares common trust, policy, and risk appetite. Whenever these things change you need a new Domain. A Domain may delegate risk appetite or performance targets to a specialist domain at a lower level of abstraction.
The concept of Domains can be difficult to grasp. We observe architects either immediately grasp that Domains are a flexible logic construct or try to map to a rigid structure. Keep in mind that Domains are logical constructs. All Domains have a relationship to something larger, something smaller, or a peer.
b37509886e