Is SABSA? compatible with TOGAF??

A common question asked at SABSA certification training is “Does SABSA integrate with other Enterprise Architecture Frameworks, such as ‘The Open Group Architecture Framework’ i.e. TOGAF? ?”

The answer to this question is ”YES; SABSA integrates with and complements TOGAF”. Not only that, I’ve often heard David Lynas iterate at training that “SABSA ‘is’ and ‘must be’ compatible with other frameworks, standards and requirements, whatever they are today and whatever they become tomorrow”.?

SABSA is a problem-solving methodology that contains multiple frameworks, that have been applied to enterprise security architecture. A powerful value proposition of SABSA is that it is, and will be, compatible with any other framework or standards now and into the future. Compatiility is integral to SABSA being a successful architectural solution, as well as being capable of delivering on innovation, through its ability to architect and model solutions using the SABSA method.

SABSA supports a business-driven approach as an organisation strives to achieve its objectives, (e.g., to be a market leader, provide the best quality public services, and defend the nation) using today's and tomorrow's innovations in an architected and secure manner.

SABSA has been The Open Group’s framework of choice for integrating with TOGAF to fulfil the need for a security architecture development methodology and, more importantly, to apply SABSA’s Business Attributes Profiling (BAP) technique across the enterprise architecture domain as a means of engaging with stakeholders and managing business requirements. SABSA adds value to the TOGAF Architecture Development Model (ADM) by providing a robust, repeatable, consistent process for aligning business requirements with the development of solutions, including operational capabilities.

Let’s look at The SABSA Institute and The Open Group , some of the ways SABSA complements TOGAF, and how they have worked together over the years.

The SABSA Institute and The Open Group

The SABSA? Institute

The SABSA Institute (TSI) is the professional member and certification body for Enterprise Security Architects of all specialisms and at all career levels. It governs the ongoing development and management of SABSA intellectual property and the associated certification and education programs worldwide.

The SABSA Institute envisions a global business world of the future, leveraging the power of digital technologies, enabled in the management of information risk, information assurance, and information security through the adoption of SABSA as the framework and methodology of first choice for commercial, industrial, educational, government, military, and charitable enterprises, regardless of industry sector, nationality, size, or socio-economic status, and leading to enhancements in social well-being and economic success.

Further information on The SABSA Institute can be found at www.sabsa.org

?

The Open Group?

The Open Group is a global consortium that enables the achievement of business objectives through technology standards. Our diverse membership of more than 600 organizations includes customers, systems and solutions suppliers, tools vendors, integrators, academics, and consultants across multiple industries.

The mission of The Open Group is to drive the creation of Boundaryless Information Flow? achieved by:

• Working with customers to capture, understand, and address current and emerging requirements, establish policies, and share best practices
• Working with suppliers, consortia, and standards bodies to develop consensus and facilitate interoperability, to evolve and integrate specifications and open source technologies
• Offering a comprehensive set of services to enhance the operational efficiency of consortia Developing and operating the industry’s premier certification service and encouraging procurement of certified products.

Further information on The Open Group is available at www.opengroup.org .

The Open Group publishes a wide range of technical documentation, most of which is focused on the development of Standards and Guides, but which also includes white papers, technical studies, certification and testing documentation, and business titles. Full details and a catalogue are available at www.opengroup.org/library .

?

The TOGAF? Standard, a Standard of The Open Group

The TOGAF Standard is a proven enterprise methodology and framework used by the world’s leading organizations to improve business efficiency.

?

Whitepapers – Guides - Resources

?

1.?? ?TSI & TOG - W117 – SABSA-TOGAF Integration Whitepaper

https://sabsa.org/sabsa-togaf-integration-white-paper-download-request

A White Paper by The Open Group TOGAF-SABSA Integration Working Group,

comprising leading representatives from the SABSA Institute and members of The Open Group Architecture and Security Forums.

This White Paper documents an approach to enhance the TOGAF enterprise architecture methodology with the SABSA security architecture approach and thus create one holistic architecture methodology. This White Paper is intended to guide enterprise and security architects in fully integrating security and risk management into enterprise-level architectures.

?

2.????? TOGAF Series Guide - TOG G152 – Integrating Risk & Security within a TOGAF Enterprise Architecture

https://sabsa.org/integrating-risk-and-security-within-a-togaf-enterprise-architecture-white-paper-download-request

Prepared by the Security Forum, a Forum of The Open Group?, in collaboration with The SABSA? Institute.

This document is a TOGAF? Series Guide to Integrating Risk and Security within a TOGAF Enterprise Architecture. It provides guidance for security practitioners and Enterprise Architects who need to work with the TOGAF Standard, a standard of The Open Group, to develop an Enterprise Architecture. It has been developed and approved by The Open Group Security Forum.

Integrating security and risk management in Enterprise Architecture strongly supports The Open Group vision of Boundaryless Information Flow?, by informing well-justified design decisions, which maximize business opportunity whilst minimizing business risk.

?

3.????? The SABSA Institute - R100 – SABSA & TOGAF: Security Services Catalogue

Note: This document is only accessible by The SABSA Institute members ?https://sabsa.org/white-papers/

This document is a Concept Paper that sets out the architectural framework for the Security Services Catalogue. It has been developed and approved by both The Open Group Security Forum and The SABSA Institute.

The practice of enterprise architecture, and within that discipline, Enterprise Security Architecture, requires there to be standardised resources available to enable enterprise architects and Enterprise Security Architects to share a common set of concepts and a common language to describe them. This is one of the key functions of ‘architecture’.

This Report describes the concept of ‘security services’ and positions this in the wider context of ‘security architecture’. The intention is to build a catalogue of standardised security services that are available ‘off the shelf’ so that both enterprise architects and security architects can share in the collective wisdom of the architecture community, and be able to make the leap from business-driven requirements for security and risk management to conceptual and logical enterprise architectures and solution architectures.

The Report is written from the perspective of architecture practitioners working with the TOGAF framework and/or SABSA. These two frameworks fit well together and are increasingly used together so as to add detailed security architecture thinking from SABSA into enterprise architecture thinking from the TOGAF framework.

??

4.????? The Open Group Guide – G192 – Axioms for the Practice of Security Architecture

Note: Requires registering with The Open Group

https://publications.opengroup.org/

?The Open Group in collaboration with The SABSA Institute. This document provides 20 Axioms for the Practice of Security Architecture. It has been developed and approved by The Open Group.

Cybersecurity is an evolving discipline. The last four decades of digital history have brought the widespread invention and proliferation of computing technologies, and with them both vast new benefits for the organizations that use them – and severe new threats. The art of architecting a response to these emerging threats has fallen to practitioners of Security Architecture, and as that discipline has evolved in response to continually evolving technologies and threats, some timeless themes for what works and what does not have surfaced for long-time practitioners.

The axioms in this document are a distillation of these timeless themes. They are distilled from years of experience in the practice of Security Architecture during the formative decades of the discipline. They are designed to be timeless statements with broad applicability now and into the future, regardless of how digital technologies and threats continue to evolve.

?

5.?? The SABSA Institute - T100 – Modelling SABSA with ArchiMate

Note: This document is only accessible by The SABSA Institute members https://sabsa.org/white-papers/

This White Paper discusses how security architecture concepts can be expressed using ArchiMate: The Open Group’s widely-adopted Enterprise Architecture (EA) modelling language. It describes a model-based approach to creating SABSA artefacts that conforms with the standard’s EA notation and tooling.

The integration of security into EA methodologies, through the alignment of SABSA concepts with Zachman, TOGAF ADM and other popular frameworks, has been formally established for several years. In practice, however, the lack of native support for security concepts in EA modelling notations (and therefore tools and processes) has placed security architects at a disadvantage to their architectural peers.

A means of expressing the full range of security perspectives in ArchiMate addresses a deficiency that has been impeding the realisation of a truly holistic architecture methodology that serves the needs of all architecture practitioners with a concern for security, not just security architects.

Conclusion

SABSA is compatible with TOGAF and there are numerous resources that have been produced in collaboration between The SABSA Institute and The Open Group to further enhance your security architect journey.

Trademarks

SABSA? is a registered trademark of The SABSA Institute?.

The Open Group?, TOGAF?, and ArchiMate? are registered trademarks of The Open Group.

?