SABSA: Key features, advantages & benefits summary
4 likes3,074 views
This document summarizes key features, advantages, and benefits of SABSA (Sherwood Applied Business Security Architecture). SABSA is a business-driven, risk-based method for architecting security into enterprises. It addresses concerns of various stakeholders like the board, CEO, CFO, and security leaders. SABSA's benefits include protecting shareholder value, ensuring efficient investment returns, and aligning security strategy with business goals. It takes a comprehensive, modular, and transparent approach to security that is scalable, agile, standards-based, auditable, and demonstrates compliance and value to relevant authorities.
SABSA: Key features, advantages & benefits summary
- 1. SABSA Key Features, Advantages & Benefits Summary Feature Advantage Benefits Chairman & Board CEO CFO COO CRO CIO CISO CTO & Architects Business driven Value-assured Protects shareholder value Protects corporate reputation Ensures efficient return on investment Focuses on performance management Enables flexible fit with industry regulations Enables a digital information-age business Facilitates alignment of security strategy with business goals Leverages the full power of information technology Risk & Opportunity focused Prioritised and proportional responses Optimises shareholder risk and aligns with risk appetite Meets corporate governance requirements Improves predictability and consistency Enables process improvement Supports enterprise risk management Identifies information exploitation opportunities Facilitates prioritisation of security and risk- control solutions Manages Information system risk Comprehensive Scalable scope Addresses all shareholder concerns Meets enterprise wide requirements Supports scalable, granular budgeting Provides end-to-end process coverage Enables a fully integrated risk control strategy Sustains through-life information architecture Ensures all business concerns regarding security and control are addressed Applies at any level of project size or complexity Modular Agility for ease of implementation and management Enables flexibility to meet dynamic market and economic conditions Enables fast time to market with business solutions Facilitates effective management of both development and operational costs Integrates with legacy environments Enables incrementally increasing maturity Enables technology neutral information management strategies Enables a project- focused approach to security and control development Provides a holistic architectural approach Open Source Free use, open source, global standard Guarantees 'escrow' and perpetuity of return on investment Provides assurance through industry standard Eliminates expensive on-going licence fees Simplifies recruitment and training Provides global acceptability for auditors and regulatory supervisors Provides a future- proof strategic framework for information management Provides a sustainable framework for integration of other security standards Avoids vendor dependence and lock- in Auditable Demonstrates compliance to relevant authorities Demonstrates compliance to regulators and external auditors Ensures a smooth and successful external and regulatory audit process Minimises costs of management time dealing with audit processes Minimises adverse effect of audits on performance targets Ensures that compliance risk is effectively managed Facilitates smooth and successful internal audits of information systems and processes Supports security and risk review processes Improves relationship and interactions with auditors and security reviewers Transparent Two-way traceability Supports market transparency and disclosure Provides a clear view of where expenditure is made and what value is returned Enables full audit ability for effectiveness of expenditure Measures efficiency and effectiveness of processes and resource deployment Demonstrates 'current state' and 'desired state' of compliance levels Encourages fully integrated people - process - technology solutions Provides traceability of implementation of business-aligned security requirements Verifies justification and completeness of technical solutions Copyright SABSA courses 2015