SABSA Enterprise Security Architect Test Questions and Answers Already Passed
methodology - Answers Overall, SABSA is a:
commercial off the shelf - Answers COTS
too much emphasis on tech, not business problems - Answers Standard ESA programs fail because
Treatment of an organization as a single entity and aims to optimize all parts of the organization in a
coherent way that delivers improved performance - Answers Describe SABSA concept of "Enterprise"
To support the business objectives relative to a specific business context and within a specific risk
appetite. - Answers Describe the SABSA concept of Security
Architecture supports business strategy - Answers Describe the SABSA concept of Architecture
A consistent set of principles, policies, capabilities, and standards that sets the direction and vision for
the development and operation of the organizations business information systems so as to ensure
alignment with and support for the business needs - Answers Describe the role of an architectural
Framework
Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered - Answers List SABSA drivers &constraints
ensures the holistic, biggest picture is taken into account and how and why they work together towards
common business goals - Answers Identify how SABSA resolves the historical, tactical & silo-ed approach
to security
Feature - Advantage
Business Driven - value assured
risk focused - prioritized and proportional
comprehensive - scalable scope
,modular - agility
open source - free use, standard
auditable - demonstrates compliance
transparent - two way traceability - Answers List the 7 primary features & advantages of the SABSA
approach to Enterprise Security Architecture
Managing Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility - Answers List the benefits of an Architecture Framework
Arch must not presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time - Answers List SABSA guiding principles
a good framework will answer YES - Answers Is this architecture compatible with/compliant with
_______
Your own unique business reqs - Answers Architecture must meet _____ business requirements
Flexibility to incorporate and pivot in these areas - Answers Architecture must provide ______ to
incorporate choice and change of policy, standards, practices, or legislation
, a framework within which many people can work harmoniously and all act toward the goal of a SINGLE
design authority (NASCAR) - Answers A layered Framework is:
Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk mgmt
Deals with conflicting objectives - Answers ESA Scope
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness - Answers As part of a business strategy, ESA must balance these:
Holistic - Answers Architecture needs a ______ approach
All the links in the chain
ensure that security is provided through a fully integrated systems approach
ensure that security services are properly managed
ensure that security services are properly delivered and supported
ensure that security meets the needs of the business! - Answers Information Security Architecture must
provide these in its role:
Business View - Contextual Arch
Architects View - Conceptual Arch
Designers View - Logical Arch
Builders View - Physical Arch
Tradesman's View - Component Arch
Managers View - Management Arch - Answers List the 6 views of SABSA Architecture
What - The assets, goals and objectives to be protected and enhanced
Why - The risk and opportunity motivation
How - The processes required to achieve security
Who - The people and organizational aspects of security
methodology - Answers Overall, SABSA is a:
commercial off the shelf - Answers COTS
too much emphasis on tech, not business problems - Answers Standard ESA programs fail because
Treatment of an organization as a single entity and aims to optimize all parts of the organization in a
coherent way that delivers improved performance - Answers Describe SABSA concept of "Enterprise"
To support the business objectives relative to a specific business context and within a specific risk
appetite. - Answers Describe the SABSA concept of Security
Architecture supports business strategy - Answers Describe the SABSA concept of Architecture
A consistent set of principles, policies, capabilities, and standards that sets the direction and vision for
the development and operation of the organizations business information systems so as to ensure
alignment with and support for the business needs - Answers Describe the role of an architectural
Framework
Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered - Answers List SABSA drivers &constraints
ensures the holistic, biggest picture is taken into account and how and why they work together towards
common business goals - Answers Identify how SABSA resolves the historical, tactical & silo-ed approach
to security
Feature - Advantage
Business Driven - value assured
risk focused - prioritized and proportional
comprehensive - scalable scope
,modular - agility
open source - free use, standard
auditable - demonstrates compliance
transparent - two way traceability - Answers List the 7 primary features & advantages of the SABSA
approach to Enterprise Security Architecture
Managing Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility - Answers List the benefits of an Architecture Framework
Arch must not presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time - Answers List SABSA guiding principles
a good framework will answer YES - Answers Is this architecture compatible with/compliant with
_______
Your own unique business reqs - Answers Architecture must meet _____ business requirements
Flexibility to incorporate and pivot in these areas - Answers Architecture must provide ______ to
incorporate choice and change of policy, standards, practices, or legislation
, a framework within which many people can work harmoniously and all act toward the goal of a SINGLE
design authority (NASCAR) - Answers A layered Framework is:
Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk mgmt
Deals with conflicting objectives - Answers ESA Scope
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness - Answers As part of a business strategy, ESA must balance these:
Holistic - Answers Architecture needs a ______ approach
All the links in the chain
ensure that security is provided through a fully integrated systems approach
ensure that security services are properly managed
ensure that security services are properly delivered and supported
ensure that security meets the needs of the business! - Answers Information Security Architecture must
provide these in its role:
Business View - Contextual Arch
Architects View - Conceptual Arch
Designers View - Logical Arch
Builders View - Physical Arch
Tradesman's View - Component Arch
Managers View - Management Arch - Answers List the 6 views of SABSA Architecture
What - The assets, goals and objectives to be protected and enhanced
Why - The risk and opportunity motivation
How - The processes required to achieve security
Who - The people and organizational aspects of security
