BriefingsDirect

Dana Gardner

The Open Group, SABSA release white paper on aligning enterprise, security architecture to achieve business goals

By Dana Gardner | November 7, 2011, 7:47am PST

Summary: For too long, security and risk management have been considered a discipline separate from enterprise architecture, which has led to increased costs, reduced interoperability and less productive organizations.

In an effort to provide clearer guidance for enterprise and security architects in aligning security and risk mana gement with business goals and objectives, The Open Group and the SABSA Institute have released a new TOGAF SABSA Integration Whitepaper.

Intended as a practical guide, the whitepaper views security architecture as an integral part of how enterprise architecture should be approached. While TOGAF, The Open Group Architectural Framework addresses security, it doesn’t give concrete advice on how to achieve those goals. This whitepaper is designed to plug that gap. [Disclosure: The Open Group is a sponsor of Briefings Direct podcasts.]

“For too long, security and risk management have been considered a discipline separate from enterprise architecture, which has led to increased costs, reduced interoperability and less productive organizations,” said Jim Hietala, VP of Security for The Open Group. “This guide empowers enterprise architects to apply a holistic, business-driven approach to IT security decisions.”

The SABSA methodology was chosen for integration with TOGAF based on its objective of developing security architectures that facilitate the business, much like TOGAF’s business driven approach and open methodology. Utilizing the SABSA Business Attributes Profiling method, the integrated methodology enables the creation of better architectures that drive tighter alignment between business and IT within enterprises.

Common languages

“In the past, security and enterprise architectures have been designed and acquired in silos, without common architecture languages that help tie both to broader business objectives,” said John Sherwood, Head of the SABSA Academy, a division of The SABSA Institute. “We’re proud to integrate SABSA with TOGAF finally to provide structure for the relationship between enterprise and security architectures, and help create more efficient, cost effective and productive enterprises.”

The whitepaper includes detailed guidance on how to produce business and risk management-based security architectures, along with practical approaches to improve the integration of information security across the enterprise. Within this context, a main objective of the paper is to spark debate in the enterprise architecture community about the evolving role of enterprise architects in enabling the business to manage operational risk.

The whitepaper marks the culmination of an 18-month effort spurred on by requests from Open Group members.

Get a copy of the whitepaper (registration required).

More from “BriefingsDirect”

Cloud procurement services give OSU Medical Center wins on buyer savings and process productivity

Case study: Southwest Airlines' productivity takes off using virtualization to enable 'IT as a service'

Topics

The Open Group, Enterprise Architecture, Security Architecture, Whitepaper, Strategy, Business Agility, It infrastructure, Security, Management, Dana Gardner

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm.

Full Bio
Disclosure
Contact

Disclosure

Dana Gardner

Dana Gardner is president and principal analyst at Interarbor Solutions, LLC, a New Hampshire-based IT analysis and new media content production and consultancy firm that he founded in 2005. He produces a series of podcast/videocast/transcript/blog content shows, called BriefingsDirect[tm/sm], some of which are sponsored and which he blogs on. Such sponsored shows are declared individually as such and by what organization or company. When Dana blogs on ZDNet on companies that he does have, or has had, consulting and/or sponsorship relationships, he declares that in each blog entry. There is no connection between the negotiation of such sponsorships and the opinions expressed by Dana here on ZDNet. To date, the following organizations/companies have sponsored, or do sponsor, some BriefingsDirect content, or have consulting relationships with Dana: Active Endpoints Akamai Technologies Aster Data Systems BP Logix Business Technology Quarterly CA Compuware Electric Cloud Genuitec Gerson Lehrman Group Greenplum Hewlett-Packard iTKO JustSystems North America, Inc. Kapow Technologies LogLogic Nexaweb Technologies, Inc. The Open Group Paglo Panda Security Platform Computing Progress Software rPath Sailpoint Splunk TIBCO Software Weblayers Workday WSO2 ZDNet As a matter of CNET Networks and Interarbor Solutions policies, when Dana covers an organization that is also a sponsor of a BriefingsDirect-produced podcast, videocast or any other content, a disclosure will be included with the coverage. Updated (1/4/2010): Instead of providing a disclosure on just those editorials (blog posts, etc.) that intersect the above listed companies, we have changed the policy to include a link to this full disclosure at the end of every one of Dana's blog posts. In the case of audio or video-based coverage, such disclosures will be provided within the editorial content itself.