1995 – 2009 SABSA Limited |email@example.comPage 1 of 25
Enterprise Security Architecture
John Sherwood, Andrew Clark & David Lynas
is a methodology for developing risk-driven enterprise information security and information assurancearchitectures and for delivering security infrastructure solutions that support critical business initiatives. It is anopen standard, comprising a number of frameworks, models, methods and processes, free for use by all, with nolicensing required for end-user organisations who make use of the standard in developing and implementingarchitectures and solutions
.SABSA is unique in that it fulfils ALL of the following criteria:
It is an open standard, comprising frameworks, models, methods and processes, free for use by all, with nolicensing required for end-user organisations who make use of the standard in developing andimplementing architectures and solutions;
The SABSA framework is not related to any IT solutions supplier and is completely vendor-neutral,
The SABSA framework is scalable, that is, it can be introduced in subsequent areas and systems andimplemented incrementally,
The SABSA framework may be used in any industry sector and in any organisation whether privately orpublicly owned, including commercial, industrial, government, military or charitable organisations;
The SABSA framework can be used for the development of architectures and solutions at any level ofgranularity of scope, from a project of limited scope to an entire enterprise architectural framework;
SABSA does not replace or compete with any other information risk or information security standard – rather it provides an overarching framework that enables all other existing standards to be integrated underthe single SABSA framework, enabling joined up, end-to-end architectural solutions.
SABSA fills the gap for ‘security architecture’ and ‘security service management’ by integrating seamlesslywith other standards such as TOGAF
The SABSA framework is continually maintained and developed and up-to-date versions are publishedfrom time to time,
is a registered trademark of SABSA Limited which governs and co-ordinates the worldwide development of the SABSA Method.SABSA is protected by copyright and by definition is therefore NOT public domain. However, SABSA intellectual property, includingSABSA publications and the content of official SABSA training courses, is available to the public. These published copyright materialsinclude the key components of the framework. Any organisation, in its drive to improve its Security Architecture or Security ServiceManagement processes and practices, may use the framework described in these publicly available resources, on condition that propercredit is listed and trademarks are reproduced. As with other leading frameworks considered to be publicly available (such as ITIL
) it isNOT true that the contents of official training courses or publications can be appropriated by anyone and everyone for reuse, reproductionor republication without the express permission of SABSA Limited. SABSA Limited owns SABSA, and copyright law protects the SABSAmaterials. Anyone wishing to reuse, reproduce or republish any part of a SABSA publication, should contact SABSA Limited. Permissionto reproduce SABSA property is not normally withheld. All organisations should be aware that SABSA materials and methods obtainedwithout permission, or from any source other than those listed on the official SABSA web sites as being authorised and accredited, areunauthorised and in breach of copyright law.