SABSA

SABSA

SABSA (Sherwood Applied Business Security Architecture) is a framework and methodology for Enterprise Security Architecture and Service Management. It was developed independently from the Zachman framework, but has a similar structure.

SABSA is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions that support critical business initiatives. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited.

The process analysis the business requirements at the outset, and creates a chain of traceability through the strategy and concept, design, implementation, and ongoing ‘manage and measure’ phases of the lifecycle to ensure that the business mandate is preserved. Framework tools created from practical experience further support the whole methodology.

The model is layered, with the top layer being the business requirements definition stage. At each lower layer a new level of abstraction and detail is developed, going through the definition of the conceptual architecture, logical services architecture, physical infrastructure architecture and finally at the lowest layer, the selection of technologies and products (component architecture).

The SABSA model itself is generic and can be the starting point for any organization, but by going through the process of analysis and decision-making implied by its structure, it becomes specific to the enterprise, and is finally highly customized to a unique business model. It becomes in reality the enterprise security architecture, and it is central to the success of a strategic program of information security management within the organization.

The SABSA Matrix for Security Architecture Development

References

* [http://www.sabsa.org/the-sabsa-method.aspx The SABSA Method]
* [http://shiflett.org/blog/2006/jan/php-security-and-sabsa PHP Security and SABSA]

External links

* [http://www.sabsa.org/ SABSA website]

* [http://www.learnsabsa.com/ SABSA Training and Certification]

* [http://www.opensecurityarchitecture.org Open Security Architecture]


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Viru Viru International Airport — Infobox Airport name = Viru Viru International Airport nativename = nativename a = nativename r = image width = caption = IATA = VVI ICAO = SLVR type = Public owner = operator = abertis airports (Abertis) city served = location = Santa Cruz de la …   Wikipedia

  • Santa Cruz de la Sierra — Infobox City official name = Santa Cruz de la Sierra native name = Santa Cruz nickname = motto = imagesize = 240px image caption = image image shield = image blank emblem = Escudo Santa Cruz de la Sierra.jpg mapsize = 150px map caption = pushpin… …   Wikipedia

  • Aeropuerto Internacional El Alto — IATA: LPB   OACI: SLLP …   Wikipedia Español

  • Aeropuerto Internacional Viru Viru — (Biru Biru) IATA: VVI   OACI: SLVR Sumario Tipo Público …   Wikipedia Español

  • Gordon Institute of Business Science — Established 2000[1] Type Business school …   Wikipedia

  • Saudi Arabian Boy Scouts Association — Infobox WorldScouting name =Saudi Arabian Boy Scouts Association image size = caption =جمعية الكشافة العربية السعودية type = owner = age = headquarters = location = country =Saudi Arabia coords = f date =1961 defunct = founders = founder = award… …   Wikipedia

  • El Alto International Airport — Infobox Airport name = El Alto International Airport nativename = nativename a = nativename r = image width = caption = IATA = LPB ICAO = SLLP type = Public owner = operator = abertis airports (Abertis) city served = location = La Paz elevation f …   Wikipedia

  • Jorge Wilstermann International Airport — Aeropuerto Internacional Jorge Wilstermann IATA: CBB – ICAO: SLCB …   Wikipedia

  • Enterprise Information Security Architecture — (EISA) is a part of enterprise architecture focusing on information security throughout the enterprise. Definition Enterprise Information Security Architecture (EISA) is the practice of applying a comprehensive and rigorous method for describing… …   Wikipedia

  • Flughafen La Paz — in El Alto …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”