SlideShare a Scribd company logo

SABSA Security Architecture Framework

Aniq Eastrarulkhair
Aniq Eastrarulkhair

Talk about SABSA model

Education
1 of 11
SHERWOOD APPLIED BUSINESS SECURITY ARCHITECTURE (SABSA) PRESENTED BY: MUHAMMAD ANIq EASTRARULkHAIR B MOHMAD HAIRIN MC101053 1
SABSA History SABSA is a six-layer model for security architecture widely accepted today as the most mature and most comprehensive security architecture framework available SABSA is based on an idea first developed by John Sherwood in 1995 and published in 1996 as ‘SABSA: A Method for Developing the Enterprise Security Architecture and Strategy’ The starting point for this work was ISO 7498-2 1989.This standard is relatively unsophisticated in terms of business drivers, but it sets out an important framework in terms of ‘security services’. The Sherwood team added two upper layers to provide a business-driven approach (contextual and conceptual architectures), and a lower layer to map onto real tools and products (component architecture). 2
WHAT IS SABSA?  SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management used successfully by numerous organisations around the world  SABSA used globally to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management,  SABSA ensures that enterprise are met completely and that security services are designed, delivered and supported as an integral part business and IT management infrastructure  SABSA is an open-use methodology, not a commercial product 3
sabsa Overview  The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security  The process analyses the business requirements at the outset, and creates a chain of traceability through the strategy and concept, design, implementation, and ongoing ‘manage and measure’ phases of the lifecycle to ensure that the business mandate is preserved  The model is layered, with the top layer being the business requirements definition stage. Going through the definition of the conceptual architecture, logical services architecture, physical infrastructure architecture and finally at the lowest layer, the selection of technologies and products (component architecture)  The SABSA model itself is generic and can be the starting point for any organisation, but by going through the process of analysis and decision-making implied by its structure, it becomes specific to the enterprise, and is finally highly customised to a unique business model 4
sabsa MODeL  ‘Operational security architecture’ has been placed vertically across the other five layers. This is because operational security issues arise at each and every one of the other five layers 5
sabsa MaTriX  These six vertical architectural elements are summarised for all six horizontal layers. This gives a 6 x 6 matrix of cells, which represents the whole model for the enterprise security architecture  The process of developing an enterprise security architecture is a process of populating all of these thirty-six cells 6
SABSA FrAmework For Security Service mAnAgement  This layer of the framework is applied vertically across all of the other five providing enormous flexibility to ensure seamless and holistic integration with the standards & operational frameworks  SABSA not only ensures Information Security compliance with frameworks such as ITIL, BS15000 / AS8018, ISO 17799, and COBIT, but where these state what needs to be done SABSA delivers the invaluable roadmap to determine how it should be done in business context 7
cont… 8
SABSA LiFecycLe  In the SABSA Lifecycle, the first two phases of the SABSA Development Process are grouped into an activity called ‘Strategy & Concept’  This is followed by an activity called ‘Design’, which embraces the design of the logical, physical, component and operational architectures  The third activity is ‘Implement’, followed by ‘Manage and Measure’  Once the system is operational, it is essential to measure actual performance against targets, and to manage any deviations observed. Such management may simply involve the manipulation of operational parameters, but it may also feed back into a new cycle of development. 9
BENEFITS  Usability  Inter-Operability  Integration  Supportability  Low Cost Development  Fast Time to Market  Scalability of Platforms  Scalability of Cost  Scalability of Security Level  Re-Usability  Lower Operations and Administration Costs 10
ThE ENd 11

Recommended

SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSAcourses
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 

Recommended

SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSAcourses
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0Maganathin Veeraragaloo
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
SABSA white paper
SABSA white paperSABSA white paper
SABSA white paperSABSAcourses
 
SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0Maganathin Veeraragaloo
 
Board secretaries and general counsels
Board secretaries and general counsels Board secretaries and general counsels
Board secretaries and general counsels Maganathin Veeraragaloo
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
TOGAF 9 Architecture Partitioning
TOGAF 9 Architecture PartitioningTOGAF 9 Architecture Partitioning
TOGAF 9 Architecture PartitioningMaganathin Veeraragaloo
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
Securing Information Servicesv1.0
Securing Information Servicesv1.0Securing Information Servicesv1.0
Securing Information Servicesv1.0Vibi Abraham
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementCA API Management
 
TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0Maganathin Veeraragaloo
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
What’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementWhat’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementMichael S. Gurican
 
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft NorgeSikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft NorgeIKT-Norge
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]Tyrone Parker, MBA
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Managed Services
Managed ServicesManaged Services
Managed ServicesVenkat J
 
Modeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageModeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageIver Band
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 

More Related Content

What's hot

Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCorporater
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
Securing Information Servicesv1.0
Securing Information Servicesv1.0Securing Information Servicesv1.0
Securing Information Servicesv1.0Vibi Abraham
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementCA API Management
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
What’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementWhat’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementMichael S. Gurican
 
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft NorgeSikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft NorgeIKT-Norge
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information SecurityJohn Macasio
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Managed Services
Managed ServicesManaged Services
Managed ServicesVenkat J
 

What's hot (20)

SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
 
SABSA white paper
SABSA white paperSABSA white paper
SABSA white paper
 
SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0
 
Board secretaries and general counsels
Board secretaries and general counsels Board secretaries and general counsels
Board secretaries and general counsels
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
TOGAF 9 Architecture Partitioning
TOGAF 9 Architecture PartitioningTOGAF 9 Architecture Partitioning
TOGAF 9 Architecture Partitioning
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
Securing Information Servicesv1.0
Securing Information Servicesv1.0Securing Information Servicesv1.0
Securing Information Servicesv1.0
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy Enforcement
 
TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
 
What’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementWhat’s Happening in Information Risk Management
What’s Happening in Information Risk Management
 
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft NorgeSikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
Sikkerhet i skyen v/ Ole Tom Seierstad, Chief Security Adviser, Microsoft Norge
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]
 
Enterprise Architecture and Information Security
Enterprise Architecture and Information SecurityEnterprise Architecture and Information Security
Enterprise Architecture and Information Security
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Managed Services
Managed ServicesManaged Services
Managed Services
 

Viewers also liked

Modeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageModeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageIver Band
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Practical Stakeholder Engagement
Practical Stakeholder EngagementPractical Stakeholder Engagement
Practical Stakeholder EngagementSABSA_Institute
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 

Viewers also liked (10)

Modeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageModeling Enterprise Risk Management and Security with the ArchiMate Language
Modeling Enterprise Risk Management and Security with the ArchiMate Language
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
 
SABSA overview
SABSA overviewSABSA overview
SABSA overview
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Practical Stakeholder Engagement
Practical Stakeholder EngagementPractical Stakeholder Engagement
Practical Stakeholder Engagement
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Similar to SABSA Security Architecture Framework

Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1Dr. Mehmet Yildiz
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidentsbelsis
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Ifw framework for banking industry presentation
Ifw framework for banking industry presentationIfw framework for banking industry presentation
Ifw framework for banking industry presentationRavi Sarkar
 
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010ARC Advisory Group
 
Time to Rethink Process Automation Systems
Time to Rethink Process Automation SystemsTime to Rethink Process Automation Systems
Time to Rethink Process Automation SystemsARC Advisory Group
 
Cloud Computing Security V1.2
Cloud Computing Security V1.2Cloud Computing Security V1.2
Cloud Computing Security V1.2Dr. Mehmet Yildiz
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
 
Secure Data Center for Enterprise
Secure Data Center for EnterpriseSecure Data Center for Enterprise
Secure Data Center for EnterpriseCisco Russia
 
A method to_define_an_enterprise_architecture_using_the_zachman_framework
A method to_define_an_enterprise_architecture_using_the_zachman_frameworkA method to_define_an_enterprise_architecture_using_the_zachman_framework
A method to_define_an_enterprise_architecture_using_the_zachman_frameworkbambangpadhi
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbLalit Choudhary
 

Similar to SABSA Security Architecture Framework (20)

Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1
 
SASE.pptx
SASE.pptxSASE.pptx
SASE.pptx
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Security Incidents
Security IncidentsSecurity Incidents
Security Incidents
 
Top SASE (Secure Access Service Edge) Vendors of 2024
Top SASE (Secure Access Service Edge) Vendors of 2024Top SASE (Secure Access Service Edge) Vendors of 2024
Top SASE (Secure Access Service Edge) Vendors of 2024
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
 
Ifw framework for banking industry presentation
Ifw framework for banking industry presentationIfw framework for banking industry presentation
Ifw framework for banking industry presentation
 
CISSPills #3.03
CISSPills #3.03CISSPills #3.03
CISSPills #3.03
 
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010
ARC's Dave Woll Process Automation Systems @ ARC Industry Forum 2010
 
Time to Rethink Process Automation Systems
Time to Rethink Process Automation SystemsTime to Rethink Process Automation Systems
Time to Rethink Process Automation Systems
 
Cloud Computing Security V1.2
Cloud Computing Security V1.2Cloud Computing Security V1.2
Cloud Computing Security V1.2
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
 
Secure Data Center for Enterprise
Secure Data Center for EnterpriseSecure Data Center for Enterprise
Secure Data Center for Enterprise
 
ESA for Business
ESA for BusinessESA for Business
ESA for Business
 
A method to_define_an_enterprise_architecture_using_the_zachman_framework
A method to_define_an_enterprise_architecture_using_the_zachman_frameworkA method to_define_an_enterprise_architecture_using_the_zachman_framework
A method to_define_an_enterprise_architecture_using_the_zachman_framework
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
 

Recently uploaded

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 

Recently uploaded (20)

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 

SABSA Security Architecture Framework

  • 1. SHERWOOD APPLIED BUSINESS SECURITY ARCHITECTURE (SABSA) PRESENTED BY: MUHAMMAD ANIq EASTRARULkHAIR B MOHMAD HAIRIN MC101053 1
  • 2. SABSA History SABSA is a six-layer model for security architecture widely accepted today as the most mature and most comprehensive security architecture framework available SABSA is based on an idea first developed by John Sherwood in 1995 and published in 1996 as ‘SABSA: A Method for Developing the Enterprise Security Architecture and Strategy’ The starting point for this work was ISO 7498-2 1989.This standard is relatively unsophisticated in terms of business drivers, but it sets out an important framework in terms of ‘security services’. The Sherwood team added two upper layers to provide a business-driven approach (contextual and conceptual architectures), and a lower layer to map onto real tools and products (component architecture). 2
  • 3. WHAT IS SABSA?  SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management used successfully by numerous organisations around the world  SABSA used globally to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management,  SABSA ensures that enterprise are met completely and that security services are designed, delivered and supported as an integral part business and IT management infrastructure  SABSA is an open-use methodology, not a commercial product 3
  • 4. sabsa Overview  The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security  The process analyses the business requirements at the outset, and creates a chain of traceability through the strategy and concept, design, implementation, and ongoing ‘manage and measure’ phases of the lifecycle to ensure that the business mandate is preserved  The model is layered, with the top layer being the business requirements definition stage. Going through the definition of the conceptual architecture, logical services architecture, physical infrastructure architecture and finally at the lowest layer, the selection of technologies and products (component architecture)  The SABSA model itself is generic and can be the starting point for any organisation, but by going through the process of analysis and decision-making implied by its structure, it becomes specific to the enterprise, and is finally highly customised to a unique business model 4
  • 5. sabsa MODeL  ‘Operational security architecture’ has been placed vertically across the other five layers. This is because operational security issues arise at each and every one of the other five layers 5
  • 6. sabsa MaTriX  These six vertical architectural elements are summarised for all six horizontal layers. This gives a 6 x 6 matrix of cells, which represents the whole model for the enterprise security architecture  The process of developing an enterprise security architecture is a process of populating all of these thirty-six cells 6
  • 7. SABSA FrAmework For Security Service mAnAgement  This layer of the framework is applied vertically across all of the other five providing enormous flexibility to ensure seamless and holistic integration with the standards & operational frameworks  SABSA not only ensures Information Security compliance with frameworks such as ITIL, BS15000 / AS8018, ISO 17799, and COBIT, but where these state what needs to be done SABSA delivers the invaluable roadmap to determine how it should be done in business context 7
  • 9. SABSA LiFecycLe  In the SABSA Lifecycle, the first two phases of the SABSA Development Process are grouped into an activity called ‘Strategy & Concept’  This is followed by an activity called ‘Design’, which embraces the design of the logical, physical, component and operational architectures  The third activity is ‘Implement’, followed by ‘Manage and Measure’  Once the system is operational, it is essential to measure actual performance against targets, and to manage any deviations observed. Such management may simply involve the manipulation of operational parameters, but it may also feed back into a new cycle of development. 9
  • 10. BENEFITS  Usability  Inter-Operability  Integration  Supportability  Low Cost Development  Fast Time to Market  Scalability of Platforms  Scalability of Cost  Scalability of Security Level  Re-Usability  Lower Operations and Administration Costs 10
  • 11. ThE ENd 11