At its core, Enterprise Security Architecture refers to the holistic foundations of your security. However, considering the ubiquitous advantages and impacts of security in today’s business operations, it’s crucial that this architecture extends beyond merely the IT security realm. In addition to identifying, designing and explaining security controls, your architecture should justify the inherent business value of these controls from a stakeholder and risk management perspective. This is where business-driven frameworks, like SABSA, can provide your organisation with the greatest value.
Implementing a cohesive and comprehensive enterprise security architecture starts with using the right framework. While there are a myriad of methodologies to choose from, SABSA is particularly advantageous since it takes a variety of security views into account. Its layered model ensures you don’t overlook aspects of your enterprise architecture, and further guarantees consistency and traceability throughout your organisation.
We offer certified SABSA architects to assist with planning and implementing your architecture across different enterprise layers, from business drivers to operational aspects. Ultimately, we help you design and deploy the necessary infrastructure solutions, controls and processes to support your critical business initiatives in a top-down manner.
Sherwood Applied Business Security Architecture (SABSA) is a globally recognised and proven methodology for developing business-driven security architecture at both the enterprise and solutions level.
It enables an organisation to analyse security and business requirements and subsequently build an architecture around these unique needs. Spanning 6 conceptual layers, this framework integrates security into enterprise architecture in a seamless manner:
There are a variety of enterprise frameworks that we help align your security architecture to. Above all, our Governance, Risk and Compliance (GRC) team are here to help you:
Identify your key business objectives, goals and strategy as well the elements required to meet these targets. Second, we determine the risks associated with these elements and how they could prevent you from your achieving goals.
We help to define and architect a program to implement the controls needed to manage this risk, from a conceptual, physical, component, operational and business point of view.
This stage of the process involves putting the program into action by implementing the necessary security services and processes.
Finally, we help with monitoring and information security posture assessments to ensure your architecture is meeting your enterprise’s evolving requirements.
Our team is filled with seasoned professionals, each brandishing a myriad of industry qualifications. In addition to being SABSA certified, we are a qualified ISO 27001 lead auditor and implementer. This means our team not only ensures our compliance with the relevant standards, but can readily assist clients with expert consultancy, documentation and the establishment of compliant information security frameworks.
The benefits of SABSA are plenty. Firstly, it integrates with ITIL, COBIT, ISO 27001 and other governance, compliance and audit frameworks. Second, the 6 layers map to different views to ensure that a variety of objectives and values are met:
Finally, it also extends more specific advantages for your key stakeholders. For instance, for CEOs, SABSA helps protect corporate reputation and assists in meeting corporate governance requirements. On the other hand, for CTOs, the open source element avoids vendor dependence and provides a holistic architectural approach that can be applied to projects of any size or complexity.