Sherwood Applied Business Security Architecture (SABSA) Framework
What is the Sherwood Applied Business Security Architecture Framework (SABSA)?
SABSA (Sherwood Applied Business Security Architecture) is a framework for designing and managing enterprise security systems. It was developed by the SABSA Institute, a professional association for enterprise security professionals.
The SABSA framework is based on the idea that security should be an integral part of an organization's business processes and not an afterthought. It is designed to help organizations understand the threats they face and design security systems that are tailored to their specific needs.
The SABSA framework consists of six layers:
- The business layer: This layer represents the goals and objectives of the organization.
- The strategy and policy layer: This layer defines the policies and strategies that the organization will use to achieve its goals.
- The design and architecture layer: This layer defines the design and architecture of the security system.
- The implementation and operation layer: This layer covers the implementation and operation of the security system.
- The monitoring and review layer: This layer is concerned with monitoring and reviewing the security system to ensure that it is effective.
- The governance layer: This layer is concerned with the management and oversight of the security system.
The SABSA framework is intended to be flexible and adaptable, allowing organizations to design security systems that meet their specific needs. It is often used in conjunction with other security frameworks, such as OWASP, to provide a comprehensive approach to enterprise security.