SABSA Framework
CategoryArchitecture Framework
SABSA is a methodology for developing risk-driven enterprise information security architectures and infrastructure solutions, from a project of limited scope to an entire organization. It provides an overarching framework that enables information security and risk management standards.
Security Architecture Methodology
Risk-driven Enterprise Information Security
SABSA is an open standard comprising a number of frameworks, models, methods and processes of delivering and maintaining an Information Security architecture.
SABSA includes an industry-agnostic and vendor-neutral framework for implementing information risk and security measures. It fills the gap of security architecture and security service management within broader standards, such as TOGAF and ITIL.
The framework ensures that the information protection needs of an enterprise are met completely, and that security services are designed, delivered and supported as an integral part of its business and IT management infrastructure.
SABSA presents the whole model for the enterprise security architecture as a Matrix of six architectural layers (Contextual, Conceptual, Logical, Physical, Component and Service Management) and six aspects of their realization (What? Why? How? Who? Where? and When?). Addressing each cell indicates that the security architecture is complete.
