Upload
zuzylove
View
2
Download
1
Tags:
Embed Size (px)
DESCRIPTION
BBSA
Citation preview
SABSA
A Brief Introduction Mark Battersby
2013-05-15
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
Agenda
SABSA Overview
SABSA Security Architecture
SABSA Security Architecture Matrix
Operational Security Architecture Matrix
SABSA Business Attributes
SABSA Strategy and Concept/Design Process
SABSA Architecture Development Process
SABSA Lifecycle
2
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Overview
The SABSA (Sherwood Applied Business Security Architecture) framework has evolved as a "best practice" method for delivering cohesive information security solutions to
enterprises
SABSA is a six-layer model covering all four parts of the IT lifecycle: Strategy, Design, Implementation and Management & Operations
SABSA ensures the security needs of your enterprise are met completely and that security services are designed, delivered, and supported as an integral part of your IT Management
infrastructure
SABSA is essentially a model and methodology for developing risk-driven enterprise information security
3
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Security Architecture
Contextual Security Architecture:
Business View: Business Risk Model
Business Process Model
Conceptual Security Architecture:
Architects View: Control Objectives
Security Strategies & Architecture
Logical Security Architecture:
Designers View: Security Policies
Security Services
Physical Security Architecture
Builders view: Security Rules, Practices, Procedures Security Mechanisms
Component Security Architecture
Tradesmans view: Security Standards Security Products & Tools
Operational
Security
Architecture:
Facility
Managers View:
Operational
Risk Mgmt
Security
Service Mgmt
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
An IA Architecture is a consistent set of principles, policies and standards that sets the direction and vision for the development
and operation of the organisations communication and information services so that they are aligned with and support the business needs of the organisation in an Assured way
Enterprise Security Architecture Matrix
5
Insert "Title, Author, Date"
Contextual
Conceptual
Logical
Physical
Component
Operational
Assets
(What)
Motivation
(Why)
Process
(How)
People
(Who)
Location
(Where)
Time
(When)
The Business
Business Attributes
Profile
Business
Information Model
Business Data
Model
Detailed Data
Structures
Assurance of
Operational
Continuity
Business Risk
Model
Control Objectives
Security Policies
Security Rules,
Practices and
Procedurees
Security Standards
Operational Risk
Management
Business Process
Model
Security Strategies
and Architectural
Layering
Security Services
Security
Mechanisms
Security Products
and Tools
Security Service
Management and
Support
Business
Organization and
Relationships
Security Entity
Model and Trust
Framework
Entity Schema and
Privilege Profiles
Users, Applications
and the User
Interface
Identities,
Functions, Actions
and ACLs
Application and
User Management
and Support
Business
Geography
Security Domain
Model
Security Domain
Definitions and
Associations
Platform and
Network
Infrastructure
Processes, Nodes,
Addresses and
Protocols
Security of Sites,
Networks and
Platforms
Business Time
Dependencies
Security-Related
Lifetimes and
Deadlines
Security
Processing Cycle
Control Structure
Execution
Security Step
Timing and
Sequencing
Security Operations
Schedule
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Operational Security Architecture Matrix
6
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Business Attributes
7
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Business Attributes
8
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Strategy and Concept/Design Process
9
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Architecture Development Process
10
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
SABSA Lifecycle
Strategy &
Concept
Design
Implement
Manage &
Measure
Logical,
Physical,
Component,
Operational
Contextual
Conceptual
Attributes defined
and measured
Copyright SABSA Limited. Printed with permission
From: www.SABSA.com
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
Questions ?
12
Insert "Title, Author, Date"
| Sector, Alliance, Offering
2011 Capgemini. All rights reserved.
More Information
Insert "Title, Author, Date"
13
Please contact:
Mark Battersby email: [email protected]
www.se.capgemini.com
The information contained in this presentation is proprietary. 2011 Capgemini. All rights reserved