The document discusses the Sherwood Applied Business Security Architecture (SABSA) framework. It describes the different views within SABSA including the Business View, Architect's View, Designer's View, Builder's View, Tradesman's View, and Service Manager's View. It also defines attributes as conceptual abstractions of real business requirements that are modeled into a normalized language to articulate security requirements. The document provides an example of attributes derived from interviewing a CFO about security needs to protect customer data and control user access.

1. PRACTICAL SECURITY
ARCHITECTURE
WAYNE TUFEK
15TH – 16TH OF FEBRUARY 2019
SACON
BANGALORE

2. 2
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
Source: SABSA
Business View Contextual Architecture
Architect’s View Conceptual Architecture
Designer’s View Logical Architecture
Builder’s View Physical Architecture
Tradesman’s View Component Architecture
Service Manager’s View Operational Architecture

3. 3
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
Source: SABSA

4. 4
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
Source: SABSA

5. 5
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
Source: David Lynas Consulting
https://sacramento.iiba.org/sites/sacramento/files/Events/201709/Introduction%20to%20SABSA%20for%20BAs%20-
%20Sac%20Valley%20IIBA%2009.20.17%20FINAL.pdf

6. 6
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
So, what is an Attribute?
SABSA define an attribute as a conceptual abstraction of a real
business requirement (the goals, objectives, drivers and targets)
which are modelled into a normalised language that articulates
requirements and measures performance in a way that is
instinctive to all stakeholders.
Source: SABSA

7. 7
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
What does this mean?
You interview the CFO, and ask, “What would be the impact of a
data breach and the theft of our customer’s data?”, she states:
“ABC Company’s reputation is critical for our business. If our
customers loose faith in us, it would be detrimental to our
growth. We collect a lot of sensitive personal information. I need
a security solution that provides value for our spend and reduces
our risk effectively. Given the current financial climate I can’t
afford to spend a great deal. Specifically, I need to be able to
ensure that user access is controlled and my people only have
access to the functions and data they need.”

8. 8
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
What does this mean?
You interview the CFO, she states:
“ABC Company’s reputation is critical for our business. If our
customers loose faith in us, it would be detrimental to our
growth. We collect a lot of sensitive personal information. I need
a security solution that provides value for our spend and reduces
our risk. Given the current financial climate I can’t afford to spend
a great deal. Specifically, I need to be able to ensure that user
access is controlled and my people only have access to the
functions and data they need.”

9. 9
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE
Source: David Lynas Consulting
https://sacramento.iiba.org/sites/sacramento/files/Events/201709/Introduction%20to%20SABSA%20for%20BAs%20-
%20Sac%20Valley%20IIBA%2009.20.17%20FINAL.pdf

10. 10
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE

11. 11
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE

12. 12
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE

13. 13
Sensitivity: Confidential
SHERWOOD APPLIED BUSINESS
SECURITY ARCHITECTURE

14. 14
Sensitivity: Confidential
EXERCISE

15. 15
Sensitivity: Confidential
EXERCISE

16. 16
Sensitivity: Confidential
EXERCISE

17. 17
Sensitivity: Confidential
EXERCISE

18. 18
Sensitivity: Confidential
EXERCISE

19. 19
Sensitivity: Confidential
EXERCISE

20. 20
Sensitivity: Confidential
EXERCISE

21. 21
Sensitivity: Confidential
EXERCISE

22. 22
Sensitivity: Confidential
EXERCISE

23. 23
Sensitivity: Confidential
QUESTIONS?
Questions

24. 24
Sensitivity: Confidential
PA S S I O N • I N T E G R I T Y • E X P E R I E N C E • R E S U LT S