© 1995 – 2007 SABSA Limited | info@sabsa.org
Page 1 of 17
White Paper
Enterprise Security Architecture
John Sherwood, Andrew Clark & David Lynas
Contact: info@sabsa.org
Executive Summary
SABSA®1 is a model and a methodology for developing risk-driven enterprise information security architectures
and for delivering security infrastructure solutions that support critical business initiatives. At the heart of this
methodology is the SABSA® Model, a top-down approach that drives the SABSA® Development Process. This
process analyses the business requirements at the outset, and creates a chain of traceability through the strategy
& concept, design, implementation and ongoing ‘manage and measure’ phases of the SABSA® Lifecycle to
ensure that the business mandate is preserved. The whole methodology is further supported by framework tools
created from practical experience, including the SABSA® Matrix and the SABSA® Business Attributes Profile.
This white paper explores the advantages of this business-focused model for creating security architecture. It
discusses the pitfalls of a technology-centric approach, and recognises the challenges of integrating the business
leaders with the technology strategists in order to fulfil the potential of the enterprise.
The paper also discusses the SABSA® methodology, explaining this approach by comparing it to the classical
definition of architecture (i.e., the construction of buildings). By illustrating the contextual, conceptual, logical,
physical, component-oriented and operational layers of the architectural process, a comprehensive approach
unfolds that provides a roadmap for business and information and communications technology (ICT) leadership
to follow to ensure the technology foundation becomes an enabler of business performance.
The Origins of Architecture
Architecture has its origins in the building of towns and cities, and everyone understands this sense of the word,
so it makes sense to begin by examining the meaning of ‘architecture’ in