If you want to dive deeper into implementing this framework, tell me: What is your organization in?
Designing a Resilient Enterprise Security Architecture: A Business-Driven Approach
The Sherwood Applied Business Security Architecture (SABSA) framework is the gold standard for business-driven security. SABSA is entirely driven by business requirements and utilizes a matrix structure based on six layers of abstraction:
The manager's view (How will the security environment be operated and maintained over time?).
What is your primary (e.g., cloud migration, remote work security, M&A integration)?
Enterprise Security Architecture: A Business-Driven Approach
Historically, organizations built their security infrastructure reactively. When a new threat emerged, IT teams purchased a new tool. This led to fragmented, complex environments filled with overlapping software, high maintenance costs, and significant security blind spots.
If you would like to explore this topic further, tell me about your organization's current focus:
Establishes security objectives and attributes (e.g., trust, reliability). Designer's View
Enterprise Security Architecture: A Business-Driven Approach — The Ultimate Guide
From top to bottom, the PDF argues that architecture must be built in this order:
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
Product selection and detailed configuration (e.g., specific EDR settings). Service Manager
While the specific Component Layer technologies have changed (e.g., moving from on-premise firewalls to cloud-native security posture management), the Contextual, Conceptual, and Logical layers remain timeless. The SABSA methodology provides the structural agility needed to adapt to new technologies.
" by John Sherwood, Andrew Clark, and David Lynas. It introduces the (Sherwood Applied Business Security Architecture) framework, which shifts the focus from "buying software" to building a proactive system that serves as a business enabler rather than a preventer. The Core SABSA Framework
SABSA is the gold standard for business-driven security architecture. It uses a matrix model based on six layers of abstraction, answering six fundamental questions: The layers of the SABSA matrix include:
If you want to dive deeper into implementing this framework, tell me: What is your organization in?
Designing a Resilient Enterprise Security Architecture: A Business-Driven Approach
The Sherwood Applied Business Security Architecture (SABSA) framework is the gold standard for business-driven security. SABSA is entirely driven by business requirements and utilizes a matrix structure based on six layers of abstraction:
The manager's view (How will the security environment be operated and maintained over time?).
What is your primary (e.g., cloud migration, remote work security, M&A integration)?
Enterprise Security Architecture: A Business-Driven Approach
Historically, organizations built their security infrastructure reactively. When a new threat emerged, IT teams purchased a new tool. This led to fragmented, complex environments filled with overlapping software, high maintenance costs, and significant security blind spots.
If you would like to explore this topic further, tell me about your organization's current focus:
Establishes security objectives and attributes (e.g., trust, reliability). Designer's View
Enterprise Security Architecture: A Business-Driven Approach — The Ultimate Guide
From top to bottom, the PDF argues that architecture must be built in this order:
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
Product selection and detailed configuration (e.g., specific EDR settings). Service Manager
While the specific Component Layer technologies have changed (e.g., moving from on-premise firewalls to cloud-native security posture management), the Contextual, Conceptual, and Logical layers remain timeless. The SABSA methodology provides the structural agility needed to adapt to new technologies.
" by John Sherwood, Andrew Clark, and David Lynas. It introduces the (Sherwood Applied Business Security Architecture) framework, which shifts the focus from "buying software" to building a proactive system that serves as a business enabler rather than a preventer. The Core SABSA Framework
SABSA is the gold standard for business-driven security architecture. It uses a matrix model based on six layers of abstraction, answering six fundamental questions: The layers of the SABSA matrix include: