SABSA

A Brief Introduction Mark Battersby

2013-05-15

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

Agenda

SABSA Overview

SABSA Security Architecture

SABSA Security Architecture Matrix

Operational Security Architecture Matrix

SABSA Business Attributes

SABSA Strategy and Concept/Design Process

SABSA Architecture Development Process

SABSA Lifecycle

2

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Overview

The SABSA (Sherwood Applied Business Security Architecture) framework has evolved as a "best practice" method for delivering cohesive information security solutions to

enterprises

SABSA is a six-layer model covering all four parts of the IT lifecycle: Strategy, Design, Implementation and Management & Operations

SABSA ensures the security needs of your enterprise are met completely and that security services are designed, delivered, and supported as an integral part of your IT Management

infrastructure

SABSA is essentially a model and methodology for developing risk-driven enterprise information security

3

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Security Architecture

Contextual Security Architecture:

Business View: Business Risk Model

Business Process Model

Conceptual Security Architecture:

Architects View: Control Objectives

Security Strategies & Architecture

Logical Security Architecture:

Designers View: Security Policies

Security Services

Physical Security Architecture

Builders view: Security Rules, Practices, Procedures Security Mechanisms

Component Security Architecture

Tradesmans view: Security Standards Security Products & Tools

Operational

Security

Architecture:

Facility

Managers View:

Operational

Risk Mgmt

Security

Service Mgmt

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

An IA Architecture is a consistent set of principles, policies and standards that sets the direction and vision for the development

and operation of the organisations communication and information services so that they are aligned with and support the business needs of the organisation in an Assured way

Enterprise Security Architecture Matrix

5

Insert "Title, Author, Date"

Contextual

Conceptual

Logical

Physical

Component

Operational

Assets

(What)

Motivation

(Why)

Process

(How)

People

(Who)

Location

(Where)

Time

(When)

The Business

Business Attributes

Profile

Business

Information Model

Business Data

Model

Detailed Data

Structures

Assurance of

Operational

Continuity

Business Risk

Model

Control Objectives

Security Policies

Security Rules,

Practices and

Procedurees

Security Standards

Operational Risk

Management

Business Process

Model

Security Strategies

and Architectural

Layering

Security Services

Security

Mechanisms

Security Products

and Tools

Security Service

Management and

Support

Business

Organization and

Relationships

Security Entity

Model and Trust

Framework

Entity Schema and

Privilege Profiles

Users, Applications

and the User

Interface

Identities,

Functions, Actions

and ACLs

Application and

User Management

and Support

Business

Geography

Security Domain

Model

Security Domain

Definitions and

Associations

Platform and

Network

Infrastructure

Processes, Nodes,

Addresses and

Protocols

Security of Sites,

Networks and

Platforms

Business Time

Dependencies

Security-Related

Lifetimes and

Deadlines

Security

Processing Cycle

Control Structure

Execution

Security Step

Timing and

Sequencing

Security Operations

Schedule

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Operational Security Architecture Matrix

6

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Business Attributes

7

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Business Attributes

8

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Strategy and Concept/Design Process

9

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Architecture Development Process

10

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

SABSA Lifecycle

Strategy &

Concept

Design

Implement

Manage &

Measure

Logical,

Physical,

Component,

Operational

Contextual

Conceptual

Attributes defined

and measured

Copyright SABSA Limited. Printed with permission

From: www.SABSA.com

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

Questions ?

12

Insert "Title, Author, Date"

| Sector, Alliance, Offering

2011 Capgemini. All rights reserved.

More Information

Insert "Title, Author, Date"

13

Please contact:

Mark Battersby email: mark.battersby@capgemini.com

www.se.capgemini.com

The information contained in this presentation is proprietary. 2011 Capgemini. All rights reserved