© 2020 Content Security Pty Ltd.

Advisory services

Enterprise Security Architecture

Implementing formal enterprise security architecture allows your organisation to integrate security and risk into your broader business objectives.

With cybercrime increasing exponentially and attacks rising in number and sophistication, your enterprise needs a reliable and comprehensive security architecture in place

This means having an overarching framework that helps to safeguard your organisation and ultimately, supports your business goals

At its core, Enterprise Security Architecture refers to the holistic foundations of your security. However, considering the ubiquitous advantages and impacts of security in today’s business operations, it’s crucial that this architecture extends beyond merely the IT security realm. In addition to identifying, designing and explaining security controls, your architecture should justify the inherent business value of these controls from a stakeholder and risk management perspective. This is where business-driven frameworks, like SABSA, can provide your organisation with the greatest value.

Often times, the question with building a business-led, risk-focused enterprise architecture is ‘where do we start?’

Implementing a cohesive and comprehensive enterprise security architecture starts with using the right framework. While there are a myriad of methodologies to choose from, SABSA is particularly advantageous since it takes a variety of security views into account. Its layered model ensures you don’t overlook aspects of your enterprise architecture, and further guarantees consistency and traceability throughout your organisation.

We offer certified SABSA architects to assist with planning and implementing your architecture across different enterprise layers, from business drivers to operational aspects. Ultimately, we help you design and deploy the necessary infrastructure solutions, controls and processes to support your critical business initiatives in a top-down manner.

SABSA

“Architecture means taking a holistic, enterprise-wide view, and creating principles, policies and standards by which the system will be designed and built […] [ensuring] consistency of the design approach across a large complex system.”

– John Sherwood, Founder of the SABSA Institute

What is the SABSA Framework?

SABSA is a risk and opportunity balanced methodology, ensuring completeness and traceability throughout your entire organisation

Sherwood Applied Business Security Architecture (SABSA) is a globally recognised and proven methodology for developing business-driven security architecture at both the enterprise and solutions level.

It enables an organisation to analyse security and business requirements and subsequently build an architecture around these unique needs. Spanning 6 conceptual layers, this framework integrates security into enterprise architecture in a seamless manner:

  • Contextual Security Architecture
  • Conceptual Security Architecture
  • Logical Security Architecture
  • Physical Security Architecture
  • Component Security Architecture
  • Management Architecture

With the right framework and certified guidance, you can swiftly implement a holistic, tailored enterprise architecture

Our certified security consultants are with you at every step of the way, taking the confusion and complexity out of the process

There are a variety of enterprise frameworks that we help align your security architecture to. Above all, our Governance, Risk and Compliance (GRC) team are here to help you:

Risk Assessment

Identify your key business objectives, goals and strategy as well the elements required to meet these targets. Second, we determine the risks associated with these elements and how they could prevent you from your achieving goals.

Design

We help to define and architect a program to implement the controls needed to manage this risk, from a conceptual, physical, component, operational and business point of view.

Implementation

This stage of the process involves putting the program into action by implementing the necessary security services and processes.

Monitoring

Finally, we help with monitoring and information security posture assessments to ensure your architecture is meeting your enterprise’s evolving requirements.

Industry experts with over 21 years’ experience and comprehensive qualifications

We proudly validate our stance as a leading security advisory firm by continually learning and gaining the necessary credentials to keep our clients, our partners and ourselves secure

21 years’ experience and comprehensive qualifications

Our team is filled with seasoned professionals, each brandishing a myriad of industry qualifications. In addition to being SABSA certified, we are a qualified ISO 27001 lead auditor and implementer. This means our team not only ensures our compliance with the relevant standards, but can readily assist clients with expert consultancy, documentation and the establishment of compliant information security frameworks.

ISO 27001

CRT

OSCP

SABSA is comprised of a series of integrated frameworks, each delivering unique advantages for your business and your customers

It is an open, vendor-neutral standard that can be scaled for organisations of any size, across any industry

The benefits of SABSA are plenty. Firstly, it integrates with ITIL, COBIT, ISO 27001 and other governance, compliance and audit frameworks. Second, the 6 layers map to different views to ensure that a variety of objectives and values are met:

  • Business’s View
  • Architect’s View
  • Designer’s View
  • Constructor’s View
  • Technician’s View
  • Manager’s View

Finally, it also extends more specific advantages for your key stakeholders. For instance, for CEOs, SABSA helps protect corporate reputation and assists in meeting corporate governance requirements. On the other hand, for CTOs, the open source element avoids vendor dependence and provides a holistic architectural approach that can be applied to projects of any size or complexity.  

SABSA

For more information please contact our cybersecurity professionals today.