SABSA is a proven framework and methodology for Enterprise Security Architecture and Service Management and is used successfully by numerous organisations, large and small, around the world.
Ensures value: SABSA ensures that the business needs of your organisation are met completely and that security and risk management services are designed, delivered and supported as an integral part of your business and IT management infrastructure.
All information assurance, risk management and security solutions, whether described by security strategies, security services, security mechanisms or security components, are derived entirely from a set of business requirements for protecting corporate information.
Prioritised and proportional responses: SABSA ensures that all information assurance and security solutions, whether technical or procedural in their nature, are designed according to the level of perceived business risk to which the organisation is exposed and contain risk within the risk appetite of the organisation.
SABSA, through its risk measurement approach, also enables the provision of monitoring and reporting solutions to ensure that management are always aware of the residual and changing risks to which they are exposed.
Scalable scope: SABSA can be implemented globally for an enterprise. SABSA can also be implemented within an Enterprise for just one project. The use of SABSA can be extended within an enterprise, project by project.
The security architecture developed using the SABSA approach takes into account the widest set of the organisation’s business drivers and requirements, thus ensuring maximum flexibility, agility, return on investment and future-proofing.
SABSA does not replace other frameworks. SABSA can however extend other frameworks (for example ASL, BiSL, CobiT, ISO/IEC 27000 series, ITIL, TOGAF, ) to ensure all aspects of information assurance, security and risk have been addressed.
SABSA already has extensive mappings with other frameworks. These are being constantly developed and enhanced by active users of SABSA.
Easily implemented and managed: SABSA does not have to be implemented completely. It is not a ‘cookbook’ but an approach that allows highly tailored solutions to be developed according to business need.
SABSA is highly modular and only the appropriate parts of SABSA need be considered and implemented.
This enables the development of information assurance, security and risk management solutions that have clear modularity and thus allows new technologies to be introduced as they emerge, without the need for massive redesign of the infrastructure and applications into which these new technologies will be integrated. Similarly it allows for agile and flexible responses to changes in the business landscape.
Global standard: Although copyright protected, SABSA is an open-use methodology, not a commercial product.
It is now used globally to meet a wide variety of Enterprise needs including Risk Management, Information Assurance, Governance, and Continuity Management.
SABSA has evolved since 1995 to be the 'approach of choice' for commercial organisations and governments alike.
Demonstrates compliance to relevant authorities: The only thing worse than not being compliant is being compliant but not being able to demonstrate it. SABSA can be used to demonstrate compliance to regulators and external auditors, providing a credible story of current levels of compliance, identifying gaps and planning projects to accomplish the desired state of compliance, whilst tracking progress towards that state.
In areas of non-compliance SABSA can be used to determine and implement the road-map to compliance, demonstrating a clear understanding to external and regulatory auditors along with a desire and plan to become compliant.
Two-way traceability: The SABSA approach ensures that there is full two-way traceability on key decisions.
Every technical feature of a solution can be related back to a business requirement and a business benefit - otherwise the technical feature would not be needed.
Conversely every business requirement can be shown to be fulfilled through the detailed design and implementation of procedural and technical solutions.
