The open group security forum is responsible for developing standards and guidance on a wide range of informationsecurity topics. A white paper published by the open group 32 figure 15. It also helps deliver security infrastructure solutions. Download the sabsa whitepaper published 2009 sha256 w101 architecting a secure digital world an introduction to sabsa for people who are new to the topic, providing a highlevel overview and describing the benefits of adopting the methodology for architecting a secure. The togaf library is maintained under the governance of the open group architecture forum. Jun 14, 2018 sabsa stands for the sherwood applied business security architecture, and is a leading methodology for developing business operational risk and opportunitybased architectures. After submitting your details below, an email with a download link for the white paper will be sent to.
Download sabsa white papers, the sabsa white paper, architecting a secure digital world, sabsatogaf integration white paper, security services catalog. The services landscape provides architects with a canvas to structure the it landscape, to map their inherent challenges, and scope solutions quickly. Cloud business solution architecture white paper deep dive on the business problems and requirements that may be best e in requests for cloud. This approach combines the best of breed architecture paradigms into a comprehensive approach to cloud security. The open group architecture framework togaf introduction. If you are looking for a nice slice of buttered bread for breakfast at home, you are probably going t. It was developed independently from the zachman framework, but has a similar structure sabsa is a model and a methodology for developing riskdriven enterprise information security architectures and for delivering security.
Sabsa risk management part one the meaning of risk. However, to guarantee support from sabsa limited in validating and accrediting such a tool, the vendor merely needs to approach sabsa. Sabsa and togaf for security architecture capgemini. Apr 05, 2014 sabsa does not reinvent the wheel if there is something out there that does the job well, it references out to that an example of this is sabsa does not have any models or frameworks for the implementation phase of the lifecycle, it merely recommends you use something like prince2 which exists and can deliver this far better than sabsa. The pocket guidethis provides a concise introduction to togaf 9.
Information sheets on the togaf 9 certification program pdf advice to candidates sheet for those attending a pearson vue test center. It contains the definitions of terms used throughout togaf and release notes detailing the changes between this version and the previous version of togaf. The license is free to any organization wishing to use togaf entirely for internal purposes for example, to develop an information system architecture for use within that organization. Sabsa sherwood applied business security architecture is a framework and methodology for enterprise security architecture and service management.
An approach to enhance the togaf enterprise architecture methodology with the sabsa security architecture approach and thus create one holistic architecture methodology. By illustrating the contextual, conceptual, logical. The purpose of this white paper is to propose a set of changes to togaf 9 to include additional best practices, based on the latest industry experiences and insights as applied in governance of the it domain. Adapting the frameworks together yields several key benefits. Integration of sabsa security architecture approaches with. It includes a practice paper of 8 questions, plus four bonus questions. Togaf whitepaper role of enterprise architecture as a. The other frameworks address project management, it service management and governance. It is designed to help individuals prepare for the togaf 9 part 1 examination by providing a set of practice. Togaf is very strong in its business requirements but a little light on how to do security. Introduction this part provides a highlevel introduction to the key concepts of enterprise architecture and in particular the togaf approach. Togaf whitepaper role of enterprise architecture as a capability in todays world last updated on aug 22, 2017 12. Sabsa risk management part one the meaning of risk w117. Sabsa white papers the sabsa institute latest sabsa.
Our community of professionals is committed to lifetime learning, career progression and sharing expertise for the benefit of individuals and organizations around the globe. A book is also available in hardcopy and pdf from the open group bookstore as document g091. W101 architecting a secure digital world, has been published by the sabsa institute and is now available on general release. Togaf architecture development method adm, togaf content metamodel, sabsa. W101 is an introduction to sabsa for people who are new to the topic, providing a highlevel overview and describing the benefits of adopting the methodology for architecting a secure digital business. At present, togaf does not give much specific guidance on how to address security issues though there are initiatives in place ot correct this. The open groups marketleading togaf framework is continually enhanced and updated by members of the open group architecture forum. How sabsa and togaf complement each other to create better architectures.
Sabsa introduction 2 free download as powerpoint presentation. This is a practical document, which will be used by enterprise architects within banks and the vendor community who wish to reap the benefits of both architecture frameworks. Togaf is the bestpractice framework for enterprise architecture, consisting of a stepbystep development method and a set of guidelines. Togaf is a framework an in depth method and a set of supporting tools for creating an enterprise construction, developed by members of the open group construction dialogue board. Heres a whitepaper on togaf that focuses on leveraging the capability components of an enterprise architecture practice to further business objectives in todays world. Togaf and sabsa integration white paper, with the full approval and permission of the sabsa institute. This white paper explores the advantages of this businessfocused approach for.
Includes integrating with the sherwood applied business security architecture sabsa framework enterprise security architecture esa guide. Integrating risk and security within a togaf enterprise architecture ix. How does togaf solve the integration and security gap in. Download the sabsa whitepaper published 2009 sha256 w101 architecting a secure digital world an introduction to sabsa for people who are new to the topic, providing a highlevel overview and describing the benefits of adopting the methodology for architecting a. Sherwood applied business security architecture wikipedia. Eawg leverages four industry standard architecture models. A comparison of the top four enterprisearchitecture. An introduction to the togaf for people certification program.
W100 sabsa white paper an executive summary of the sabsa method, its tools, techniques and concepts. However, it feels a bit like asking why doesnt my swiss army knife butter my bread as well as a butter knife. Library resources are organized into four sections. Enterprise security architecture is a unifying framework and reusable services that implement policy, standard and risk management decision. Sabsa foundation 2010 44 for more information sabsa text book enterprise security architecture. It also helps deliver security infrastructure solutions that support critical business. The paper starts off with a brief introduction of relevant togaf and sabsa concepts for the integration which include. Sabsa framework enterprise security architecture esa guide. The reality is that building an effective security architecture for your organization isnt that hardif you have a system. Sans attempts to ensure the accuracy of information, but papers are published as is.
This white paper aims to support enterprise architects within the banking. Sabsa stands for the sherwood applied business security architecture, and is a leading methodology for developing business operational risk and opportunitybased architectures. The togaf library is a reference library containing guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise. Sabsatogaf integration white paper download request the. Bian and the open group collaborated to produce a white paper, in which the core elements of the two individual frameworks have been projected onto each other. Togaf is a framework and a set of supporting tools for developing an enterprise architecture. On this point, the open group and sabsa have been working closely for a while and togaf has started to align itself with sabsa to facilitate a seamless integration of the two. Togaf and sabsa guidance for integrating security and risk. The sabsa institute has an interesting selection of white papers. A white paper by the open group sabsatogaf integration working group comprising a joint effort by the sabsa institute and the open group architecture and security forums. After submitting your details below, an email with a download link for the white paper will be sent to the email address provided. Also, thank you for taking the time to comment on the quality attributes. The sabsa framework is continually maintained and developed and uptodate versions are published from time to time, 1. I agree to receive email communications from the sabsa institute that contains relevant news, updates, event invitations and promotions.
Gartner even suggested that the white paper greatly aids the big problem of arriving at a consistent reference model for banks. This paper provides an overview of enterprise architecture and togaf, and how they relate to cobit, prince2 and itil. Sabsa is a model and a methodology for developing riskdriven enterprise information security architectures. This paper from the open group, documents an approach to enhance the togaf enterprise architecture methodology with the sabsa security architecture approach to create one.
Togaf and bian a strong proposition for the banking industry. This white paper documents an approach to enhance the togaf enterprise architecture methodology with the sabsa security architecture approach and thus create one holistic architecture methodology. Advanced topics for togaf integrated management framework. Aug 22, 2017 heres a whitepaper on togaf that focuses on leveraging the capability components of an enterprise architecture practice to further business objectives in todays world. Sabsa white paper an executive summary of its methods, techniques, and concepts. Sabsa may be incorporated into any appropriate computer software tool by a software tool vendor who wishes to offer such a tool to the open market subject to footnote 1. So good are attributes that the open group developers of togaf have been in conversation with sabsa institute to use them in future versions of the togaf framework. It provides a framework for developing risk driven enterprise information security and information assurance architectures. Whats more, its authoritative, with material derived from the open groups togaf 9 documentation and contributions from members of the open group architecture forum. The purpose of the security architecture is to bring focus to the key areas of concern for the enterprise, highlighting decision criteria and context for each domain. Zachman framework for enterprise architectures an architectural framework in which an enterprise is modeled as 30 or 36 cells, each of which represents an intersection between a stakeholder perspective and an abstraction.
This white paper documents an approach to enhance the togaf. The paper also discusses the sabsa methodology, explaining this approach by comparing it to the classical definition of architecture i. Alc security series sabsa security architecture for togaf. By combining business drivers with security infrastructure, eawg increases the value proposition of cloud services within an enterprise business. Jan 02, 2016 sabsa foundation 2010 44 for more information sabsa text book enterprise security architecture. This paper from the open group, documents an approach to enhance the togaf enterprise architecture methodology with the sabsa security architecture approach to create one holistic architecture. A candidates performance on this practice test does not guarantee similar performance on the actual examination.
Views such as design and operation are not covered, neither is the element of time. An integration of the togaf adm and the sabsa lifecycle. Integrating risk and security within a enterprise architecture. A white paper by the open group sabsatogaf integration working group comprising a joint effort by the sabsa institute and the open group architecture. Publish a white paper in collaboration with the open group on togaf establish a working relationship with omgs financial domain task force and tm forum enterprise cloud leadership council eclc first priority in parallel bian will put strong emphasis on standardization a twoway strategy to position bian. This white paper aims at supporting enterprise architects within the banking industry, reaping the synergies of two complementary industry frameworks.
A white paper published by the open group 12 sabsa matrix at each of the horizontal layers of abstraction of the architecture model a series of vertical cuts through each of these horizontal layers is made, answering the questions. Integrating risk and security within a togaf enterprise architecture. A white paper published by the open group 9 boundaryless information flow achieved through global interoperability in a secure, reliable, and timely manner executive summary this white paper is a companion to the togaf framework and is intended to bring the concepts and generic constructs in the togaf framework to life. Togaf is a little simpler than sabsazachman, essentially it has a 44 matrix. Sabsa and togaf the open group application framework make a good mix, according to john sherwood, head of the sabsa academy division of the sabsa institute. Nov, 2011 the paper starts off with a brief introduction of relevant togaf and sabsa concepts for the integration which include. This test is also included as part of the togaf 9 self study pack b097.
This white paper is intended to guide enterprise and security architects in fully integrating security. Most of the computer security white papers in the reading room have been written by students seeking giac certification to fulfill part of their certification requirements and are provided by sans as a resource to benefit the security community at large. Sabsa the security architecture framework andy wood. The purpose of this white paper is to propose a set of changes to togaf 9 to include additional best practices, based on the latest industry experiences and. The introduction of a new domain is based on a previous whitepaper by gartner. Aug 30, 2012 the white paper describes how togaf and bian fit together, and where and how to use the bian collateral. It was developed independently from the zachman framework, but has a similar structure. It includes question formats found in the actual examination. Modeling a sabsa based enterprise security architecture using. Sabsatogaf integration white paper download request. Togaf enterprise architecture and the sabsa enterprise security. Togaf and sabsa integration the open group south africa. This book will show you, where togaf can help you with iteam work and where you still need additional material to perform the full portfolio of iteam tasks.
159 781 1304 838 1099 930 729 1325 120 1469 746 51 548 802 76 1496 1052 390 1382 365 177 997 1306 1355 831 1115 1224 764 713 1397 91