Académique Documents
Professionnel Documents
Culture Documents
A Brief Introduction
Mark Battersby
2013-05-15
Agenda
SABSA Overview
SABSA Security Architecture
SABSA Overview
The SABSA (Sherwood Applied Business Security Architecture) framework has evolved as
a "best practice" method for delivering cohesive information security solutions to
enterprises
SABSA is a six-layer model covering all four parts of the IT lifecycle: Strategy, Design,
Implementation and Management & Operations
SABSA ensures the security needs of your enterprise are met completely and that security
services are designed, delivered, and supported as an integral part of your IT Management
infrastructure
SABSA is essentially a model and methodology for developing risk-driven enterprise
information security
Operational
Security
Architecture:
Facility
Managers
View:
Operational
Risk Mgmt
Security
Service Mgmt
Motivation
(Why)
Process
(How)
People
(Who)
Location
(Where)
Time
(When)
Contextual
The Business
Business Risk
Model
Business Process
Model
Business
Organization and
Relationships
Business
Geography
Business Time
Dependencies
Conceptual
Business Attributes
Profile
Control Objectives
Security Strategies
and Architectural
Layering
Security Entity
Model and Trust
Framework
Security Domain
Model
Security-Related
Lifetimes and
Deadlines
Logical
Business
Information Model
Security Policies
Security Services
Security Domain
Definitions and
Associations
Security
Processing Cycle
Physical
Business Data
Model
Security Rules,
Practices and
Procedurees
Security
Mechanisms
Users, Applications
and the User
Interface
Platform and
Network
Infrastructure
Control Structure
Execution
Component
Detailed Data
Structures
Security Standards
Security Products
and Tools
Identities,
Functions, Actions
and ACLs
Processes, Nodes,
Addresses and
Protocols
Security Step
Timing and
Sequencing
Operational
Assurance of
Operational
Continuity
Operational Risk
Management
Security Service
Management and
Support
Application and
User Management
and Support
Security of Sites,
Networks and
Platforms
Security Operations
Schedule
An IA Architecture is a consistent set of principles, policies and standards that sets the direction and vision for the development
and operation of the organisations communication and information services so that they are aligned with and support the
business needs of the organisation in an Assured way
SABSA Lifecycle
Strategy &
Concept
Contextual
Conceptual
Manage &
Measure
Attributes defined
and measured
Design
Logical,
Physical,
Component,
Operational
Implement
Questions ?
More Information
Please contact:
Mark Battersby
email: mark.battersby@capgemini.com
www.se.capgemini.com
The information contained in this presentation is proprietary. 2011 Capgemini. All rights reserved