The process of applying the sabsa framework to solve a specific security architecture problem requires an understanding of the relationship between the five main sabsa layers. A businessdriven approach had been making you to know about other knowhow and of course you can take more information. Security is too important to be left in the hands of just one department or employee its a concern of an entire enterprise. Integrating risk and security within a enterprise architecture. In the example below, a fictitious public sector entity has planned on implementing a booking accommodation service for tourists visiting the united states. As the name suggests sabsa is focused on delivery of an architectural solution aligned to the needs of the business which makes perfect sense. It provides a framework for developing risk driven enterprise information security and information assurance architectures.
Sabsa stands for the sherwood applied business security. Sabsa security architecture for togaf alc training alc. Whether or not you decide to use the sabsa model, but book is great reference for a high level enterprise architect or security specialist to suggest better. This model is used as the basis of an architecture development process a methodology. Sherwood applied business security architecture sabsa methodology for developing businessdriven, risk and opportunity focused.
Issa, colorado springs chapter enterprise security architecture kurt danis, dafc. We dont know where we are going or how we are going to get there but we need to be ready. The business strategy, objectives, relationships, risks, constraints and enablers all selection from enterprise security architecture book. Enterprise security architecture based on sabsa paperback june 30, 2011 by van haren publishing author see all formats and editions hide other formats and editions. Created in mid1995 by three gentlemen called john sherwood, david lynas and andrew clark, sabsa stands for sherwood applied business security architecture. The chief architects blog was started in october 2017 and is a collection of articles written by john sherwood, the chief architect and original creator of sabsa, and the lead author of the book enterprise security architecture. Sabsa stands for the sherwood applied business security architecture. Sabsa the security architecture framework andy wood. In this blog post ill be using a fictitious example of a public sector entity aiming to rollout an accommodation booking service for tourists visiting the country. Is there any benefit in studying this book ahead of time to get me prepared for the exam.
Enterprise security architecture based on sabsa paperback. The problem with the approach is that it is very conceptual, and not well defined for actual business practices. Contemplating buying this book but is it still worth it. A business driven approach, in which the sabsa framework is described. I have the enterprise security architecture book by john sherwood and team on my desk all the time some visiting friends commented that they didnt realize that im such a star trek fan.
Buy enterprise security architecture based on sabsa by van haren isbn. Sabsa sherwood applied business security architecture is a framework and methodology for enterprise security architecture and service management. It also helps deliver security infrastructure solutions that support critical business. Describe sabsa principles, framework, approach and lifecycle. It provides a structured approach to the steps and processes involved in developing. Other readers will always be interested in your opinion of the. It also aids in delivering security infrastructure solutions that support critical business initiatives. To ensure that security meets the needs of the business. Sabsa is the sherwood applied business security architecture. Sabsa stands for the sherwood applied business security architecture, and is a leading methodology for developing business operational risk and opportunitybased architectures. In our enterprise security architecture book by sherwood, clark, and lynas, it describes the conceptual layer as able to design the forest rather the trees. Enterprise security architecture shows that having a comprehensive plan requires more than the purchase of security software it requires a framework for developing and maintaining a system that is proactive.
Sabsa sherwood applied business security architecture and no. Am taking the sabsa foundation training by the end of feb, am wondering if the book enterprise security architecture a business driven approach will be provided as part of the training. Everyday low prices and free delivery on eligible orders. Regardless of the methodology or framework used, enterprise security architecture in any enterprise must be defined based on the available risk to that enterprise. However, you cant enable business if you dont understand that business is about taking manageable risks to seize opportunities. By using sabsa, cobit and togaf together, a security architecture. Other readers will always be interested in your opinion of the books youve read. Oesa the opengroup enterprise security architecture, definitely. Sabsa training the pinnacle of security architecture alc. I intend taking the exam on the last day of the training. Enterprise security architecturea topdown approach isaca. Leading world authority on the integration of sabsa and togaf. A white paper published by the open group 6 introduction purpose enterprise architecture including security architecture is all about aligning business systems and supporting information systems to realize business goals in an effective and efficient manner systems being the. The book is based around the sabsa layered framework.
The approach to developing an enterprise security architecture that is proposed in this book is based upon a sixlayer model. Use business goals and objectives to engineer information security requirements. Enterprise security architecture is not about developing for a prediction. It is more or less sabsa in practice, in a very readable format.
It appears to be a good highlevel large business model, and my company has adopted it. Department of defense dod architecture framework dodaf. Enterprise security architecture for cyber security. The sabsa institute enterprise security architecture. As the name suggests sabsa is focused on delivery of an architectural solution aligned to. Security is too important to be left in the hands of just. Price new from used from paperback, june 30, 2011 please retry. The fundamental goal of enterprise architecture is the enablement of business by providing a lasting foundation for business execution. Security is too important to be left in the hands of just one department or employee. Whether youve loved the book or not, if you give your honest and detailed thoughts then people will find new books that are right for them. Virtual attendance is now available on this course. Chapter 9 contextual security architecture the key to success in the sabsa methodology is to be businessdriven and businessfocused.
It was developed independently from the zachman framework, but has a similar structure sabsa is a model and a methodology for developing riskdriven enterprise information security architectures and for delivering security infrastructure. Book description security is too important to be left in the hands of just one department or employeeits a concern of an entire enterprise. The sabsa accelerator is a package containing all the tools required to successfully align an organizations security architecture to the sabsa framework. Enterprise information security architecture wikipedia. Security is too important to be left in the hands of just one department or employeeits a concern of an entire enterprise. Dear sabsa community, many of you have used the original set of sabsa attributes from the blue book. Describe the sabsa model, architecture matrix, service management matrix and terminology.
The open group architecture framework togaf zachman framework enterprise cybersecurity book. Cyber security overview togaf and sherwood applied business security architecture sabsa o overview of sabsa o integration of togaf and sabsa enterprise security architecture framework the open group ea practitioners conference johannesburg 20 2. Ditto for zachman which is a dying framework outside of the us but i. If youre a togaf shop, then sabsa will fit nicely to cover the security part. Enterprise security architecture john sherwood englische. Sabsa is a framework and methodology for enterprise security architecture and service. The enterprise security architecture book plays heavily on the sabsa business model created by one of the authors. Enterprise security architecture shows that having a comprehensive plan requires more than the purchase of security softwareit requires a framework for developing and maintaining a system that is proactive. A businessdriven approach, by john sherwood, andy clark, david lynas, 2005. Lets talk about applying the sabsa framework to design an architecture that would solve a specific business problem. Sabsa is a framework for enterprise security architecture. Sherwood applied business security architecture wikipedia. Instead of wasting time and resources building a sabsaaligned architecture from scratch, you can opt to receive iserver already aligned to it. The problem with the approach is that it is very conceptual, and.
909 307 484 1048 1450 485 996 10 230 1304 340 392 89 1210 257 1010 71 31 465 861 434 1588 76 65 1017 1660 1135 627 1182 205 1489 1307 871 1333 572 576