Executive Summary
SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.
It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks.
The SABSA framework and methodology is used successfully around the globe to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management.
SABSA has evolved since 1995 to be the ‘approach of choice’ for organizations in 50 countries and in sectors as diverse as Banking, Homeless Management, Nuclear Power, Information Services, Communications Technology, Manufacturing and Government.
SABSA ensures that the needs of your Enterprise are met completely and that security services are designed, delivered and supported as an integral part of your business and IT management infrastructure. Although copyright protected, SABSA is an open-use methodology, not a commercial product.
SABSA is comprised of a series of integrated frameworks, models, methods and processes, used independently or as an holistic integrated enterprise solution, including:
- Business Requirements Engineering Framework (known as Attributes Profiling)
- Risk and Opportunity Management Framework
- Policy Architecture Framework
- Security Services-Oriented Architecture Framework
- Governance Framework
- Security Domain Framework
- Through-life Security Service Management & Performance Management Framework
The SABSA Institute develops and maintains the method and certifies and accredits the professional Architects who use it in approximately 50 countries around the world.
