What is SABSA ?
Sherwood Applied Business Security Architecture.
It is a method for developing business-driven, risk and opportunity focused enterprise security & Information assurance architectures.
What are the six SABSA Domains ?
- What (Assets)
- Why (Risk and Motivation factors)
- How (Process factors)
- Who (People Factors)
- Where (Location Factors)
- When (Temporal Factors)
[Thoughts] Security is a property …
Security does not exist in Isolation relative to a business context there is no absolute scene 'secure' has no intrinsic meaning what do you mean by secure? What are you trying to protect ? Against what threats? What would be the business impact? Does your business have vulnerabilities? What is your risk appetite ?
[Thoughts] Concept of Enterprise …
You treat an organisation as a single entity.
* Not as a set of cooperating departments.
Embrace the end-to-end nature of business processes.
Can be applied to anything (Charity, Bank, Public service)
Aims to optimise all parts of an organisation in a coherent way.
* Not just local optimisation
Delivers Improved Overall Performance.
- Competitiveness
- Service Excellence
- Diversification of risks for optimal risk management
What is an Architecture Framework ?
A consistent set of principles, policies, capabilities and standards that sets the direction and vision for the development and operation of the organisations business information systems so as to ensure alignment with and support for the business needs.
Benefits of an Architecture Framework?
Managing Complexity
Maintaining Integrity of design in large complex developments.
Providing a roadmap for all to follow.
Lowering the total cost of ownership.
Good Integration of technical and procedural solutions to business problems.
a rational framework for making design decisions & solving new problems.
Attaining an appropriate balance between strategy tactics and operations.
Resolving conflicting Objectives & priorities
Predictability, flexibility & Agility.
What are the drivers and Constraints of Architecture?
- The overall business goals for the system.
- The functional requirements of the system - what should it do?
- The materials and/or components available for constructing systems .
- The environment in which the system will be built and used.
- The skills of the people who will build the system.
- The skill of the people who will use the system.
SABSA Architecture’s Guiding Principles:
Architecture must meet your set of business requirements.
Architecture must provide sufficient flexibility to incorporate choice and change of policy, standards, practices or legislation.
Architecture must not presumer any of the following as they are subject to change over time:
- Cultures or operating regimes.
- management style.
- Set of management processes.
- management standards.
- Technical standards.
- Technology platforms.
Enterprise Security Architecture (ESA) Scope ?
- True Architecture never happens from the bottom up.
- ESA resolves business problems.
- Business strategy for security is closely linked to the goals of operational risk management.
- As part of a business strategy, security must balance with other requirements:
- usability, inter-operability, integration, supportability.
- Fast time-to-market, scalability, re-usability.
- Cost effectiveness.
- Dealing with conflicts.
