Sabsa Enterprise Security Architecture [portable] -

He tapped the screen. "We are going to map every security control to a business driver. If a control doesn't answer 'Why is this here?' in terms of business value, it goes."

Every attribute (e.g., "Traceable," "Available," "Confidential") is assigned a metric.

What is the overarching strategy? Designer's View (Logical): How do the components interact? sabsa enterprise security architecture

The most common mistake in security is starting with technology ("We need a next-gen firewall"). SABSA flips this model. It asks a series of escalating questions:

"So we build a wall around the truck?" Marcus asked, confused. He tapped the screen

Attributes are distilled from the organization’s specific goals.

In the old days, the malware would have hit the database, and the game would have been over. What is the overarching strategy

The heart of SABSA is a 6x6 matrix that maps six architectural layers against six key questions. This is often called the .

"I heard we had a breach last night," the CEO said. "But the manifests are still running. The ships are loading. Why?"