This model is used as the basis of an architecture development process a methodology. This chapter focuses on this practical aspect, pointing out some of the key steps and deliverables and. Sabsa is an enterprise security architecture framework. It provides a framework for developing riskdriven enterprise information security and information assurance architectures. Competence is value why knowledgebased training falls short. Security architecture framework all you need to know. It appears to be a good highlevel large business model. Nov 15, 2005 security is too important to be left in the hands of just one department or employeeits a concern of an entire enterprise. This concise guide explains the overarching elements of the sabsa approach. The entire book is based upon a sixlayer model of security architecture known as sabsa, an idea first developed by john sherwood in 1995 and published in. Sabsa stands for the sherwood applied business security architecture, and is a leading methodology for developing business operational risk and opportunitybased architectures. The chief architects blog was started in october 2017 and is a collection of articles written by john sherwood, the chief architect and original creator of sabsa, and the lead author of the book enterprise security architecture. What is sabsa enterprise security architecture and why should you. David lynas consulting ltd 17 ensign house admirals way, londone14 9xq.
Enterprise security architecture for cyber security. Sabsa architecture and design case study information security. Sabsa is a toptobottom framework and methodology to conceive, conceptualise, design, implement and manage security in a businessdriven model. Security is too important to be left in the hands of just one department or employee. A businessdriven approach hardcover november 12, 2005 by john sherwood author, andrew clark author, david lynas author. Sabsa is a businessdriven security framework for enterprises that is based on risk and opportunities associated with it. What is sabsa enterprise security architecture and why should. It covers succinctly an approach for developing riskdriven enterprise information security architectures, information risk management architectures, and information. Modeling a sabsa based security architecture using enterprise. A succinct guide to the premier global approach to security architecture and prereading for training and certificationthis concise guide explains the overarching elements of the sabsa approach. Enterprise information security architecture eisa is the practice of applying a comprehensive and rigorous method for describing a current andor future structure and behavior for an organizations security processes, information security systems, personnel, and organizational subunits so that they align with the organizations core goals and strategic direction. Nov 17, 2020 an independently designed, but later integrated, subset of the zachman framework is the sherwood applied business security architecture sabsa. Security is too important to be left in the hands of just. Sabsa training the pinnacle of security architecture alc.
In the security architecture course, i learned how the sabsa model provides a framework for developing riskdriven enterprise information security and information assurance architectures to help undertake complex security implementations. The problem with the approach is that it is very conceptual, and not well defined for actual business practices. As the name suggests sabsa is focused on delivery of an architectural solution aligned to the needs of the business which makes perfect sense. Integration of sabsa security architecture approaches with. Sabsa is a particular example of a methodology that can be used both for it information technology and ot operational technology environments. Enterprise security architecture pages 1 25 flip pdf. Nov 12, 2005 the title of this book is enterprise security architecture and it was written by john sherwood, andrew clark, david lynas. Enterprise security architecture a business driven. Sabsa is the worlds leading open security architecture framework and methodology. Thats why before we completely revamped our flagship, 7week, fullyinteractive online training course building effective security architectures, we wanted to be sure we could back up our claims of being able to create actionable sabsa security architectures in hours instead of weeks or months.
It stands for sherwood applied business security architecture as it was first developed by john. Sabsa is a framework for enterprise security architecture. Sabsa fills the gap for security architecture and security service management by integrating seamlessly with other standards such as togaf and itil. For background information on the integration with enterprise architect, please view the modeling a sabsa based enterprise security architecture using enterprise architect paper. May 30, 2011 this concise guide explains the overarching elements of the sabsa approach. Security architecture model the approach to developing an enterprise security architecture that is proposed in this book is based upon a sixlayer model. It covers succinctly an approach for developing riskdriven enterprise information security architectures, information risk management architectures, and information assurance architectures, and for delivering security solutions that support critical business initiatives through the deployment of ict infrastructure and. Sabsa stands for the sherwood applied business security architecture, and is the leading methodology for developing business operational riskbased architectures. Download for offline reading, highlight, bookmark or take notes while you read enterprise security architecture. This chapter focuses on this practical aspect, pointing out some of the key steps and deliverables and describing how to plan and execute the process itself. Security architecture sabsa, nist oct 29, 2020, 15.
Sherwood applied business security architecture wikipedia. As with many enterprise architecture frameworks, the philosophy of the approach stems from the belief that security architectures, like enterprise architecture generally, should map efforts back to underlying business goals and harmonize that is, be aware of. Enterprise security architecture shows that having a comprehensive plan requires more than the purchase of security software. It also aids in delivering security infrastructure solutions that support critical business initiatives. The sabsa framework is continually maintained and developed and uptodate versions are published from time to time, 1.
Enterprise security architecture meet your next favorite book. In this blog post ill be using a fictitious example of a public sector entity aiming to rollout an accommodation booking service for tourists visiting the country. It was developed independently from the zachman framework, but has a similar structure sabsa is a model and a methodology for developing riskdriven enterprise information security architectures and for delivering security infrastructure. Apr 05, 2014 created in mid1995 by three gentlemen called john sherwood, david lynas and andrew clark, sabsa stands for sherwood applied business security architecture. Overview of togaf and sabsa integration why bolster togaf with security architecture and why use sabsa. Mar 11, 2018 lets talk about applying the sabsa framework to design an architecture that would solve a specific business problem. Sherwood applied business security architecture sabsa methodology for developing businessdriven, risk and opportunity focused.
Sabsa supportsthestrategicworkofbusinessanalysts 6 collaborate with stakeholders identify the business need align with other strategies enable value creation for stakeholders assess risks and recommend action enable the enterprise to address need sabsa sherwoodappliedbusiness security architecture. The security architecture practitioners initiative is a joint effort of the open group security forum a global thought leader in enterprise architecture and the sabsa institute a global thought leader in security architecture to articulate in a clear, approachable way the characteristics of a highlyqualified security architect. The enterprise security architecture book plays heavily on the sabsa business model created by one of the authors. Enterprise security architecture world leading book. Feb 11, 2021 the sabsa framework provides a generic framework for security architecture efforts.
Enterprise security architecture kurt danis, dafc cisspissep. Enterprise security architecture, how it relates to enterprise architecture, and how this guide supports the togaf standard. Mar 02, 2014 enterprise security architecture is not about developing for a prediction. It becomes in reality the enterprise security architecture, and it is central to the success of a strategic program of information security management within the organization. Sabsa security architecture enterprise modeling solutions.
The primary purpose of this book is to provide the reader with a practical guide to developing an enterprise wide security architecture within an organisation. Operational risk and its relevance to enterprise architecture why incorporating the concept of. Ditto for zachman which is a dying framework outside of the us but i digress. The working group this working group will bring together a group of security architects, to develop a security overlay for the archimate 3. Aug 26, 2019 sabsa is an enterprise security architecture framework. We dont know where we are going or how we are going to get there but we need to be ready. Contact us to see a demonstration of how the extension operates, or to customize it in order to meet your specific security architecture modeling requirements. Meaning, the architect is concerned with the overall shape and size of the forest, tree locations, density, and overall mix of tree species. A businessdriven approach ebook written by nicholas sherwood. Contemplating buying this book but is it still worth it. The term businessdriven is the key to sabsas power, and its acceptance. It stands for sherwood applied business security architecture as it was first developed by john sherwood. The sabsa model stands for the sherwood applied business security architecture and was first developed in 1995 by john sherwood.
A businessdriven approach, by john sherwood, andy clark, david lynas, 2005. This is a series of articles based around sabsa business attributes. Security is too important to be left in the hands of just one department or employeeits a concern of an entire enterprise. This paper will look briefly at each layer of the model, discuss the stakeholder view for that layer, the typical questions asked within the layer, and the interrelationship between our target layer and others in the model. It also helps deliver security infrastructure solutions that support critical business initiatives. Modeling a sabsa based security architecture using. To aid in the development of an effective enterprise security architecture, we utilize the sabsa model, which is the base for the process methodology. It provides a framework for developing risk driven enterprise information security and information assurance architectures. The official sabsa foundation material is based on the 2005 sabsa blue book, enterprise security architecture. If youre a togaf shop, then sabsa will fit nicely to cover the security part. The sabsa security architecture extension integrates seamlessly into existing architectural models, be they based on togaf, updm, zachman, or a homegrown methodology, by adding an extra dimension to the framework.
The sabsa model is a sixlayer approach to developing an enterprise security architecture. It appears to be a good highlevel large business model, and my company has adopted it. Enterprise security architecture based on sabsa books. Enterprise security architecture shows that having a comprehensive plan requires more than the purchase of security softwareit requires a framework for developing and maintaining a system that is proactive. In our enterprise security architecture book by sherwood, clark, and lynas, it describes the conceptual layer as able to design the forest rather the trees. To ensure that security meets the needs of the business.
Cyber security overview togaf and sherwood applied business security architecture sabsa o overview of sabsa o integration of togaf and sabsa enterprise security architecture framework the open group ea practitioners conference johannesburg 20 2. Ditto for zachman which is a dying framework outside of the us but i. The book is based around the sabsa layered framework. It is purely a methodology to assure business alignment. Security architecture and design from a businessenterprise. Sep 01, 2004 the book is based around the sabsa layer enterprise security architecture shows that having a comprehensive plan requires more than the purchase of security softwareit requires a framework for developing and maintaining a system that is proactive. Jul, 2016 sabsa business attribute profile business attribute profile is at the heart of sabsa it is the artifact that link security architecture with requirement engineering this is also the linkage between enterprise architecture like togaf and sabsa each sabsa business attribute is an abstraction of reallife business requirements. Integrating risk and security within a enterprise architecture.
Like the zachman framework, this model and methodology was developed for riskdriven enterprise information security architectures. Sabsa does not offer any specific control and relies on others, such as the international organization for standardization iso or cobit processes. Sabsa the security architecture framework andy wood. Sabsa defines documented artifacts to be produced in the matrix. Also, thank you for taking the time to comment on the quality attributes. Is there any benefit in studying this book ahead of time to get me prepared for the exam. This paper will look briefly at each layer of the model, discuss the stakeholder view for that layer, the typical questions asked within the layer, and the interrelationship. Enterprise security architecture oreilly online learning. I intend taking the exam on the last day of the training. Enterprise information security architecture wikipedia.
The sabsa institute enterprise security architecture. The approach to developing an enterprise security architecture that is proposed in this book is based upon a sixlayer model. It was published by crc press and has a total of 608 pages in the book. However, since 2007, the material has been greatly expanded and updated. Further informationfor those who would like greater detail on this subject, there is a major reference work 587 pages affectionatelyknown as the book of sabsa and entitled. Am taking the sabsa foundation training by the end of feb, am wondering if the book enterprise security architecture a business driven approach will be provided as part of the training. However, if a businessdriven approach isutilized, the fruits of the architectural work will be enjoyed throughout the enterprise. A business driven approach, in which the sabsa framework is described.
1605 255 841 1646 1009 1178 1019 1337 655 29 585 178 1463 1313 496 1134 1217 599 1245 995 39 1479 405