: Use TOGAF ADM as the process engine and SABSA as the security design method embedded inside it.
| Aspect | SABSA | TOGAF | |--------|-------|-------| | | Sherwood Applied Business Security Architecture | The Open Group Architecture Framework | | Primary Focus | Security architecture (risk‑driven, business‑centric) | Enterprise architecture (holistic, cross‑domain) | | Core Philosophy | “Security by design, not bolt‑on” – security as an enabler for business | “Structured method for designing, planning, implementing, and governing enterprise architecture” | | Key Output | Security architecture artifacts (policies, standards, controls, metrics) | Enterprise architecture deliverables (architectures, roadmaps, governance frameworks) | | Origin | Mid‑1990s, John Sherwood | Mid‑1990s, The Open Group (based on TAFIM) | sabsa vs togaf
Use to run the architecture development lifecycle. Use SABSA inside TOGAF’s security‑related tasks to ensure the result is complete, traceable, and risk‑driven. : Use TOGAF ADM as the process engine
In the end, the treasury wasn't just well-built; it was . The kingdom realized that TOGAF manages the complexity of the build, while SABSA manages the integrity of the mission. In the end, the treasury wasn't just well-built; it was
Together, they form a .
| Scenario | Recommended | |----------|--------------| | You need a complete enterprise architecture framework (business, data, app, tech, plus governance). | | | You are designing or auditing a security architecture from scratch. | SABSA | | Your organization already uses TOGAF and needs to add rigorous security architecture. | SABSA + TOGAF (embed SABSA into ADM) | | You are a security architect in a non‑enterprise‑architecture mature org. | SABSA (lightweight) | | You need a common framework to align multiple teams (business, IT, security, operations). | TOGAF (with security cross‑cutting) |
