This page was last edited on 30 December 2019, at 00:16 (UTC). TSI is a professional body incorporated as a Community Interest Company, registered in England and Wales. dustervoice Member Posts: 877 November 2015 in General Certification. What is it that you think you need to do? The SABSA method provides a clear cut path from long-term strategy to implementing operational details by using its 7-layer model. subjects in very understandable way. P.S. 1.2 ‘Website’ refers to the sites published under the following domains: sabsa.org, sabsainstitute.org and sabsa … Then, after reviewing the cloud security best practices from the Cloud Security Alliance and the European Network and Information Security Agency (ENISA), Malcolm shows how to use SABSA, a popular security requirements mapping approach, to figure out the business requirements for a successful and secure cloud deployment of your own. arguments for any doubts in the subjects he covers. By utilizing the steps in the 36-cell Matrix, we can clearly see how every preceding step trickles down to make a more detailed framework to maintain alignment with solutions for business risk, processes, geography, time dependencies, … Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance. In contrast, SABSA presents its unique Business Attribute Profiling technique as a means to effectively describe requirements. SABSA is a ‘Through-Life’ method and framework: it applies throughout the entire lifecycle from Business Requirements Engineering to management of the solutions delivered. This section describes the use of Business Attribute Profiling with respect to security requirements management, along with the added value this technique offers for requirements management in general. — It was originally published in 1976, and I think worth a read for anyone who enjoys thinking more deeply about themselves and the world we live in. Hove. However, it was the first thing that came to mind after a couple of the conversations I had yesterday about SABSA. I agree that there's a lot of value in applying those core concepts of tying security to the business, and that's going to be relevant whoever you work for and whatever frameworks they use. Or, if you want to know more about what you’re going to get if you do and how it works, then just go knock on the front door: https://archistry.com and you’ll get the whole deal. His breadth of thinking and understanding of the business Those who work and have conversations with me, eventually hear me mutter the words “SABSA” at some point in time. SABSA (in use since 1995) is: • A methodology for: o developing an enterprise information security architecture. The horse called Architecture is gonna race, no matter what, Playing well with the good little ERM children. innovative in his thinking and merits the title of 'thought With guidance from your expert trainer, you'll develop skills to implement these strategies efficiently and seamlessly. It is described as a security architecture method, but it takes a very wide view of security architecture. For me, more than anything, it allows me to focus my message according to “stakeholder view” I’m having a conversation with and that it stays relevant and focused for him/her, and also provide a mechanism to understand what’s missing and what needs to be worked on. Here you can see an example I built: That will depend on your preferred view, or where you would mostly contribute to in the stack. It ensures a) you don’t oversee aspects of your enterprise architecture and b) it enables traceability and the association of metrics to measure yourself against them. But there’s a not-so-subtle shift you have to make in your little brain if you want to be successful with SABSA, and, to bastardize an iconic line from the Matrix: The 2 SABSA matrices are interesting  and useful frameworks for thinking and  problem solving, but those two grids of 66 cells aren’t a list of something you create…. The 2 SABSA matrices are interesting and useful frameworks for thinking and problem solving, but those two grids of 66 cells aren’t a list of something you create… No, dear reader…SABSA is a way of solving problems that you DO. Man vs. machine: where are you going to put your faith. Adapting to New Normals – Architecting for Ever-moving Goalposts. What is a proxy server and how does it work? — And It’s a Lattice Bake in The Lead. It provides a framework for developing risk driven enterprise information security and information assurance architectures. [Note: there can be more than one attribute assigned to a BD.] table. It stands for “Sherwood Applied Business Security Architecture” as it was first developed by John Sherwood. We then use a process called Attribute Profiling to either assign a pre-defined attribute or create a new one. For me, as an independent consultant and security architect, it allows to capture everyone’s input in a traceable way that I can associate the information between them. The concept of architecture as the means by which we integrate different solutions and approaches to differing and complex needs, and provides a mechanism to manage such complexity. Because while the certifications are nice, they’re not the point—or they shouldn’t be if you really believe in the value of SABSA. When you think of applying SABSA to a problem, what comes to mind? Certification junkies just see SABSA as one more badge they can add to their LinkedIn profile and move instantly on to the next one. This disambiguation page lists articles associated with the title SABSA. Archistry Chief Executive. SABSA is a business-driven security framework for enterprises that is based on risk and opportunities associated with it. They’re not the kind of people who are going to try and figure out how to apply it because they’re too focused on collecting proof that they’re Security Wizards and can do everything with anything you might ask them to use. communication style were of great benefit in moving the process SABSA ® is the world’s leading open security architecture framework and methodology. Pin. All of them that make sense to you. SABSA is an Enterprise Security Architecture Framework. 10. Your email address will not be published. In more practical terms on how to implement and visualise application of SABSA, the “SABSA mappings” as they’re sometimes referred to can be used. This is related to a few other tables on how to overlay these concepts. I’ll be here either way. Remember, SABSA is a framework and methodology for building business-driven, risk-proportional security architectures you can prove really will deliver value and protect the organization. SABSA is used all over the world and the Institute has certified SABSA Chartered Architects in nearly 70 countries. SABSA (Sherwood Applied Business Security Architecture) is an operational risk management framework that includes an array of models and methods to be used both independently and as a holistic enterprise architecture solution. So that means, you don’t have SABSA…you DO it. Or if they are, they’re breaking their fingers clicking the Unsubscribe link at the bottom of this email just now. His experience is actually That book was, To Have, Or To Be? • An open standard comprised of models, methods, and processes, with no You can always unsubscribe at any time, and we won't sell your data to third parties. I've done a bit of googling but cant find anything to satisfy how this framework is used one a day to day basis. o delivering security infrastructure solutions. For those familiar with, it also leverages the Zachman Framework and is compatible with TOGAF, ISO 27001, Agile and other methodologies. ", — Doug Reynolds, Product Manager, MobileAware, "Andrew is a fabulous consultant and presenter that you simply Services, "Andrew was able to bring clarity and great depth of knowledge to the You get a problem of “how will we demonstrate compliance with Framework X?”, …and, Wow! Feel free to keep mapping away like a one-armed paper-hanger if you want. forward towards a successful conclusion. Makes things work. It’s part of their collection. This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services. "Archistry", the stained glass window logo, "Pragmantix" and the Pragmantix™ logo, "Archistry Execution Framework (AEF)", "Archistry Execution Framework, Cybersecurity Edition (ACS)", "The Agile Security System", "The Agile Business System", "Baseline Perspectives", "Architecture Wall" and "Archistry Execution Engine" are trademarks of Archistry Limited. They are designed to create a broad-spectrum of knowledge and understanding of the SABSA method, its frameworks, concepts, models & … It’s a set of techniques you use together to help you accomplish something else. You get a problem of “how will I approach this risk assessment?”. Andrew is a highly skilled and experienced information systems ast The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security, especially those in which … Andrew S. Townley I’ve been having quite a number of conversations recently with people about their experiences with putting SABSA in practice. The SABSA Foundation Modules (F1 & F2) are the SABSA Institute’s official starting point for developing Security Architecture Competencies. Not surprisingly, these aren’t the people who are on the list getting these emails with you. It is purely a methodology to assure business alignment. An interesting week, Lockdown 2.0 ‘The Sequel’ started and I spent the week back in school, virtually. SABSA Foundation. A long time ago in a country far, far away, I discovered the work of Erich Fromm. SABSA ensures that different Views of security are taken in consideration through the layered model, as different stakeholders will need to be differently informed about what it means to them, whilst still allowing for traceability across the stack. We’ve got SABSA, and NIST…and ISO…and ISF…and Monkeys Fly Out Of My Butt! What Does a VPN Security Audit Really Prove? Certification Junkies are gonna’ keep testin’, and collectors are gonna keep collectin’. SABSA body of knowledge. The SABSA Model is the key to this and covers the whole lifecycle of operational capabilities. Right now. SABSA is the leading open-use method for delivering cohesive information security solutions to enterprises. The SABSA framework can be used for the development of architectures and solutions at any level of granularity of scope, from a project of limited scope to an entire enterprise architectural framework. What I told nuclear regulators about quantum computers, 2019 Predictions and Investment Picks for Cyber Security, Crypto Bake-Off — The FINAL! Sabsa use in real world. management of risk. The SABSA methodology has six layers (five horizontals and one vertical). Required fields are marked *. and technical issues along with a clear and effective (TSI) TSI is registered as a Community Interest Company in England & Wales, Company Number 08439587, regulated by Companies House & the UK Office of the Regulator of Community Interest Companies. SABSA is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions [buzzword] that support critical business initiatives. architect and consultant, which in my view is a rare thing. One of our clients is proposing to use the SABSA framework to better develop the security within their organisation. ", — Biljana Cerin, Director, Information Security and SABSA does not offer any specific control and relies on others, such as the International Organization for Standardization (ISO) or COBIT processes. Each layer has a different purpose and view. What is SABSA®? Everyone’s gotta make their own choice. So that means, you don’t have SABSA…you DO it. SABSA closely follows the Zachman Framework and is adapted to a secu… Its registered office is at 126 Stapley Road, Hove, UK, BN3 7FG. And subscribe to our new print newsletter, and sometime after August 1st when it goes to the printer, the easiest way I’ve ever found to get started BEING a SABSA practitioner is laid out in about 47 pages that you can read and apply right now. I’d say it’s unfortunate it’s not an open standard so that hopefully more organisations and security professionals would become acquainted with it, and is currently mostly the space of high paid management consultants, but hopefully adoption will continue to grow and, within the limits of the licence imposed by SABSA institute, I shall try and do my bit in writing about its benefits. SABSA have produced a standard taxonomy of attributes which can be used “out the bag” with engagements as a … The SABSA framework is continually maintained and developed and up-to-date versions are published from time to time. The contrast of the two viewpoints or approaches to life are basically, we are the sum of what we have or own, or we choose to focus on defining what it is that we think is important and then striving to make sure they live up to those ideals—independently of what anyone else chooses to think of them. Completeness and justification for all components of your Enterprise Security architecture, No hand-waving nor personal/professional bias towards what your security should look like. Look, Ma. It also aids in delivering security infrastructure solutions that support critical business initiatives. Contact Details 1.1 This website is operated by The SABSA Institute C.I.C. SABSA is an Enterprise Security Architecture Framework. Indeed, it covers a whole variety of availability, usability and agility issues, to the point where it addresses the complete set of non-functional requirements. Article by Andrew Townley / Archistry Daily / Agile Security, Fromm, SABSA Leave a Comment, Your email address will not be published. With SABSA, organizations can achieve that important risk/reward balance, using a range of frameworks, models, methods and processes to manage risk and measure performance. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the need… ", "Fabulous person to work with. If an internal link led you here, you may wish to change the link to point directly to the intended article. surprising and his thoughts leave you without considerable This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. sabsa When looking to adopt a framework and methodology for your enterprise security architecture it would be recommended to utilize a well-known and trusted solution, that framework is the SABSA. Extremely Now Fromm was a German Jew who was quite an accomplished thinker and writer in terms of psychology, philosophy and sociology. …other bits and piecesWhat is SABSA?SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Managementused successfully by numerous organisations around the world. Main Trading Address: 126 Stapley Road. Now, while I don’t always agree with his politics, there’s one book in particular he wrote that’s relevant here to the shift of mindset you actually need to make in order to start getting value out of SABSA. But for everyone else, there’s this challenge you need to face on your SABSA journey that – as I see it, anyway – is pretty-much the ultimate rite of passage for you. Building your knowledge of the SABSA framework will help you design more efficient security plans and strategies. This is another highly customizable and scalable framework – it can be adopted in a small scope and then incrementally implemented on an enterprise-wide level.