As information systems have become tightly integrated with an organization’s business processes, they have become key to the long-term success and sustainability of the organization. Information systems have become increasingly complex and difficult to manage, maintain, and keep relevant to the organization. Enterprise Architecture is a means of simplifying this complexity, creating a strong link between information systems and the business objectives they enable, and providing focus on a planned, long-term approach to ensuring that information systems support the organization’s goals. This need has led to the development of a number of enterprise architecture frameworks such as Zachman Framework for Enterprise Architecture, The Open Group Architecture Framework (TOGAF), the Federal Enterprise Architecture Framework (FEAF), and others. These frameworks have different focuses, strengths, and weaknesses but, ultimately, they share common characteristics.
Enterprise Security Architecture (ESA) applies enterprise architecture concepts and practices in the information security domain. Information security is a pervasive element in all aspects of an enterprise architecture but most enterprise architecture frameworks only address information security peripherally. The Sherwood Applied Business Security Architecture (SABSA) is a business-driven approach to enterprise security architecture that provides a robust framework and set of methodologies to establish an ESA that enables, supports, and protects the business drivers of an organization. The SABSA framework integrates and supports enterprise architecture frameworks, best practices, and standards, making it a robust, open standard for ESA development and management. The SABSA framework uses a layered architecture model with different perspectives and elements borrowed from the Zachman Framework, with an additional Operational Layer. The ESA is developed by first understanding the organization at the Contextual Layer and then developing models that move from the abstract to the concrete as successive architectural layers are developed.
Once the ESA has been developed, maintaining the vitality of the ESA is critical and requires effective governance, management processes, and communication processes to ensure that the ESA remains relevant and useful to the organization. Part of maintaining this vitality is ensuring that the capacity and capability for performing enterprise architecture activities are developed within the organization through the use of training and application of the frameworks and supporting methodologies.
