In an effort to provide clearer guidance for enterprise and security architects in aligning security and risk management with business goals and objectives, The Open Group and the SABSA Institute have released a new TOGAF SABSA Integration Whitepaper.
Intended as a practical guide, the whitepaper views security architecture as an integral part of how enterprise architecture should be approached. While TOGAF, The Open Group Architectural Framework addresses security, it doesn't give concrete advice on how to achieve those goals. This whitepaper is designed to plug that gap. [Disclosure: The Open Group is a sponsor of Briefings Direct podcasts.]
“For too long, security and risk management have been considered a discipline separate from enterprise architecture, which has led to increased costs, reduced interoperability and less productive organizations," said Jim Hietala, VP of Security for The Open Group. "This guide empowers enterprise architects to apply a holistic, business-driven approach to IT security decisions.”
The SABSA methodology was chosen for integration with TOGAF based on its objective of developing security architectures that facilitate the business, much like TOGAF’s business driven approach and open methodology. Utilizing the SABSA Business Attributes Profiling method, the integrated methodology enables the creation of better architectures that drive tighter alignment between business and IT within enterprises.
“In the past, security and enterprise architectures have been designed and acquired in silos, without common architecture languages that help tie both to broader business objectives,” said John Sherwood, Head of the SABSA Academy, a division of The SABSA Institute. “We’re proud to integrate SABSA with TOGAF finally to provide structure for the relationship between enterprise and security architectures, and help create more efficient, cost effective and productive enterprises.”
The whitepaper includes detailed guidance on how to produce business and risk management-based security architectures, along with practical approaches to improve the integration of information security across the enterprise. Within this context, a main objective of the paper is to spark debate in the enterprise architecture community about the evolving role of enterprise architects in enabling the business to manage operational risk.
The whitepaper marks the culmination of an 18-month effort spurred on by requests from Open Group members.
Get a copy of the whitepaper (registration required).
You may also be interested in: