SABSA Enterprise Security Architect
Overall, SABSA is a: - answer methodology
COTS - answer commercial off the shelf
Standard ESA programs fail because - answer too much emphasis on tech, not
business problems
Describe SABSA concept of "Enterprise" - answer Treatment of an organization as a
single entity and aims to optimize all parts of the organization in a coherent way that
delivers improved performance
Describe the SABSA concept of Security - answer To support the business objectives
relative to a specific business context and within a specific risk appetite.
Describe the SABSA concept of Architecture - answer Architecture supports business
strategy
Describe the role of an architectural Framework - answerA consistent set of principles,
policies, capabilities, and standards that sets the direction and vision for the
development and operation of the organizations business information systems so as to
ensure alignment with and support for the business needs
List SABSA drivers &constraints - answerDrivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to security -
answerensures the holistic, biggest picture is taken into account and how and why they
work together towards common business goals
List the 7 primary features & advantages of the SABSA approach to Enterprise Security
Architecture - answerFeature - Advantage
Business Driven - value assured
risk focused - prioritized and proportional
comprehensive - scalable scope
modular - agility
, open source - free use, standard
auditable - demonstrates compliance
transparent - two way traceability
List the benefits of an Architecture Framework - answerManaging Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles - answerArch must not presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ - answera good framework
will answer YES
Architecture must meet _____ business requirements - answerYour own unique
business reqs
Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation - answerFlexibility to incorporate and pivot in these
areas
A layered Framework is: - answera framework within which many people can work
harmoniously and all act toward the goal of a SINGLE design authority (NASCAR)
ESA Scope - answerMust never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: - answerUsability,
interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
Architecture needs a ______ approach - answerHolistic
Overall, SABSA is a: - answer methodology
COTS - answer commercial off the shelf
Standard ESA programs fail because - answer too much emphasis on tech, not
business problems
Describe SABSA concept of "Enterprise" - answer Treatment of an organization as a
single entity and aims to optimize all parts of the organization in a coherent way that
delivers improved performance
Describe the SABSA concept of Security - answer To support the business objectives
relative to a specific business context and within a specific risk appetite.
Describe the SABSA concept of Architecture - answer Architecture supports business
strategy
Describe the role of an architectural Framework - answerA consistent set of principles,
policies, capabilities, and standards that sets the direction and vision for the
development and operation of the organizations business information systems so as to
ensure alignment with and support for the business needs
List SABSA drivers &constraints - answerDrivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to security -
answerensures the holistic, biggest picture is taken into account and how and why they
work together towards common business goals
List the 7 primary features & advantages of the SABSA approach to Enterprise Security
Architecture - answerFeature - Advantage
Business Driven - value assured
risk focused - prioritized and proportional
comprehensive - scalable scope
modular - agility
, open source - free use, standard
auditable - demonstrates compliance
transparent - two way traceability
List the benefits of an Architecture Framework - answerManaging Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles - answerArch must not presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ - answera good framework
will answer YES
Architecture must meet _____ business requirements - answerYour own unique
business reqs
Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation - answerFlexibility to incorporate and pivot in these
areas
A layered Framework is: - answera framework within which many people can work
harmoniously and all act toward the goal of a SINGLE design authority (NASCAR)
ESA Scope - answerMust never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: - answerUsability,
interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
Architecture needs a ______ approach - answerHolistic
