Video Library


What is SABSA


What is SABSA?

SABSA stands for the Sherwood Applied Business Security Architecture, and is the leading methodology for developing business operational risk-based architectures.

It provides a framework for developing risk driven enterprise information security and information assurance architectures. It also helps deliver security infrastructure solutions that support critical business initiatives.

The SABSA methodology provides guidance for aligning architecture with business value. It also addresses a critical need for greater integration between security and enterprise architectures within organizations.

With SABSA, organizations can achieve that important risk/reward balance, using a range of frameworks, models, methods and processes to manage risk and measure performance.

 The SABSA Model is the key to this and covers the whole lifecycle of operational capabilities.

The SABSA Model has six layers:

  • The Contextual
  • Conceptual
  • Logical
  • Physical
  • And Component Architectures

The Security Service Management Architecture is placed vertically across all layers to ensure it covers any issues arising from the other five layers.

Each of the layers of the architecture model is also supported by a vertical analysis based on six key questions: What, Why, How, Who, Where, When? This is represented in the SABSA Master Matrix.

The SABSA framework is flexible, scalable, and applicable to any industry sector. And rather than replacing other risk-based standards, it can also be combined with other standards such as TOGAF, ITIL and COBIT to create an integrated compliance framework.

SABSA provides organizations with an enterprise operational risk management architecture that can be completely tailored to a specific business model.

Learn more about how SABSA can help you improve your organization’s security architecture capability by booking your short consultation today. 

Governance RIsk and Compliance Video