Security Architecture

Source: (SABSA, 2021)

Introduction

I believe Information architecture is the most important as it represents the business by the information and information flow. I think it is synonymous with the company and technical requirements where everything else is built. A lousy requirement will have adverse effects downstream towards other architectures. According to (John Sherwood, 2005), Every business relationship, every business process, every business transaction, everything about the business, it's planning, its control, its management, and its success or failure are represented by information. Information is an abstract representation of something real and tangible.

With a completed and well-thought-out information architecture, all security architectures downstream will be constructed correctly and with minimal rework, if any. However, to be successful, you need a diverse understanding of industry standards for creating, storing, accessing, and presenting information (usability.gov, 2020).

The SABSA Model

SABSA (Sherwood Applied Business Security Architecture) is a business-driven, end-to-end development methodology designed to manage risk and opportunity-focused Security Architectures at both enterprise and solutions levels that traceably support business objectives (SABSA, 2020). SABSA enables a holistic view, highlight common issues, and incorporate analysis of possible risk in the design process (USD, 2020). There are six SABSA layers, and they are interconnected.

The Layers of SABSA Architecture

The contextual layer is the business view and defines the context in which the security system will operate (Balinda, 2019). Specification from the contextual layer informs the conceptual layer allowing architects to develop a concept of putting up a plan that will secure company assets. Based on the conceptual design, the logical layer lays out the components and information flow. The logical layer informs the physical layer allowing system builders to build security mechanisms to specification. The physical layer informs the component layer allowing products and tools implementation per specification. The management layer is connected to all the previous layers and provides overall control, allowing checks, balances, and operation over the whole system. Finally, the inspector's view is concerned with end-to-end system audit and ensuring the architecture is complete and fit for use (John Sherwood, 2005).

The 36-Cell of the SABSA Matrix

Reflection

Professional Consideration:

Without effective communication, the probability of errors, misunderstanding, frustration, or even disaster being misinterpreted or poorly delivered is high (Hereford, 2020). SABSA enables effective communication among all stakeholders. The SABSA model, when properly implemented, reduces the probability of failures due to its holistic approach. Its architectural layers are intertwined and allow for end-to-end checks and balances through the workflow.

Ethical Consideration:

It goes without saying that if you change your requirements or identify missing requirements during the project, the project scope will be impacted (Mooney, 2020). Common problems for loosely defined securities policies are project delays, project rework, and increased cost. The biggest problem for misinterpreted security policies is opening doors allowing for attackers into the network.

References

John Sherwood, A. C. (2005). Enterprise Security Architecture. CRC Press.

Mooney, A. (2020). 6 Problems That Delay Software Projects. Retrieved from https://soltech.net: https://soltech.net/6-problems-delay-software-projects/

https://www.secureassetsonline.com: https://www.secureassetsonline.com/security-architecture.html

Hereford, Z. (2020). Good Communication Skills -. Retrieved from https://www.essentiallifeskills.net:

https://www.essentiallifeskills.net/goodcommunicationskills.html#:~:text=Good%20communication%20skills%20are%20key,being%20misinterpreted%20or%20poorly%20delivered.

SABSA. (2020). SABSA Executive Summary. Retrieved from https://sabsa.org: https://sabsa.org/sabsa-executive-summary