|
SABSA is a model and a
methodology for developing risk-driven enterprise information security
architectures and for delivering security infrastructure solutions that
support critical business initiatives. The primary characteristic of
the SABSA model is that everything must be derived from an analysis of
the business requirements for security, especially those in which
security has an enabling function through which new business
opportunities can be developed and exploited.
The process analyses the
business requirements at the outset, and creates a chain of
traceability through the strategy and concept, design, implementation,
and ongoing ‘manage and measure’ phases of the lifecycle to ensure that
the business mandate is preserved. Framework tools created from
practical experience further support the whole methodology.
The model is layered, with
the top layer being the business requirements definition stage. At
each lower layer a new level of abstraction and detail is developed,
going through the definition of the conceptual architecture, logical
services architecture, physical infrastructure architecture and finally
at the lowest layer, the selection of technologies and products
(component architecture).
The SABSA model itself is
generic and can be the starting point for any organisation, but by
going through the process of analysis and decision-making implied by
its structure, it becomes specific to the enterprise, and is finally
highly customised to a unique business model. It becomes in reality
the enterprise security architecture, and it is central to the success
of a strategic programme of information security management within the
organisation.
For more information: http://www.sabsa.org/
Only registered users can write comments.
Please login or register. |
