Integrate security and risk management: TOGAF and SABSA
There is a new free guide that enables enterprise and security architects to integrate security and risk management approaches into enterprise-level architectures.
Endorsed and developed by The Open Group Security and Architecture Forums and The SABSA Institute, the whitepaper aims to help architects align IT security decisions with critical business goals while reducing costs and improving interoperability across the enterprise.
“For too long, security and risk management have been considered a discipline separate from enterprise architecture, which has led to increased costs, reduced interoperability and less productive organizations. This guide empowers enterprise architects to apply a holistic, business-driven approach to IT security decisions,” said Jim Hietala, VP of security for The Open Group. “Like TOGAF, the SABSA methodology provides guidance for aligning architecture with business value, in addition to addressing a critical need for greater integration between security and enterprise architectures within organisations.”
Intended as a practical guide, the whitepaper views security architecture as an integral part of how enterprise architecture should be approached, a critical shift that is often overlooked in enterprise architecture frameworks but that encourages enterprise architects to focus attention on business processes rather than just technology solutions.
To address security and risk management more effectively within enterprise architecture frameworks, the whitepaper also describes ways that TOGAF and SABSA can be seamlessly integrated for optimum security and business productivity.
This includes detailed guidance on how to produce business and risk management-based security architectures, along with practical approaches to improve the integration of information security across the enterprise. Within this context, a main objective of the paper is to spark debate in the enterprise architecture community about the evolving role of enterprise architects in enabling the business to manage operational risk.
The SABSA methodology was chosen for integration with TOGAF based on its objective of developing security architectures that facilitate the business, much like TOGAF’s business driven approach and open methodology.
Utilizing the SABSA Business Attributes Profiling method, the integrated methodology enables the creation of better architectures that drive tighter alignment between business and IT within enterprises. The whitepaper is the culmination of the TOGAF-SABSA Integration Project that began in May 2010 as a joint initiative of The Open Group Architecture Forum, Security Forum and The SABSA Institute.
The TOGAF SABSA Integration whitepaper is available for free download here (registration required).