TOGAF vs. SABSA
At the heart of the SABSA method is the SABSA Model, a top-down approach that drives the SABSA Development Process. This process analyses the business requirements at the outset, and creates a chain of traceability through the SABSA Lifecycle phases of ‘Strategy & Planning’, ‘Design’, ‘Implement’ and ongoing ‘Manage and Measure’ to ensure preservation of the business mandate. Framework tools created from practical experience, including the SABSA Matrix and the SABSA Business Attributes Profile, further support the whole method.
In TOGAF 9.2 the Security material was removed from the foundation document. The material was replaced with a TOGAF Series Guide. Guides allow a better treatment of how best-practice technique specializes the essential scaffolding.
The strategic transformation of TOGAF was to pull guidance out of TOGAF, allowing more dynamic and context specific use of the core concepts of the framework. in 2010, the TOGAF and SABSA Integration Paper started the journey.
TOGAF 9.2 moved guidance into specialized documents support focus. TOGAF Series Guide - Integrating Risk & Security within Enterprise Architecture provides the core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.
Download Integrating Risk & Security within Enterprise Architecture for core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.
Integrating Risk & Security within Enterprise Architecture was jointly developed by the Open Group and the SABSA Institute.
TOGAF vs SABSA - Put them together
In 2010, the SABSA Institute and the Open Group's Architecture Forum published the TOGAF and SABSA Integration Paper. Enhancing the TOGAF enterprise architecture methodology with the SABSA security architecture approach.
The paper started the journey of liberating TOGAF. In terms of standards development, it was a turning point. Core elements of the standard were being developed by domain specialists in the Open Group's Security Forum and the SABSA Institute.
I highlight the following aspects:
- Why bolster TOGAF best practice security architecture from SABSA.
- Operational risk and its relevance to enterprise architecture—why incorporating the concept of operational risk is essential to modern enterprise architecture design.
- Dramatic improvement to enterprise architecture requirements management using SABSA Business Attribute Profiling.
- Creating an enterprise architecture with integrated security—how to align SABSA concepts to the TOGAF ADM.
SABSA General Business Attributes Profile
SABSA Business Attributes Profile is at the heart of the SABSA method. It is this ‘requirements engineering’ technique that makes SABSA truly unique and provides the linkage between business requirements and technology / process design.
Developing the Business Attributes Profile, developing operational risk management objectives through risk assessment, service delivery planning, defining service management roles, responsibilities, liabilities and cultural values, service portfolio management, planning and maintaining the service catalogue and managing service performance criteria and targets (service level definition).
SABSA ICT Business Attributes Profile
SABSA's Business Attributes come from extensive experience across many organisations in many countries and various industry sectors. It became apparent that although every business is unique, there are commonly recurring themes.
The original SABSA Business Attributes Taxonomy focused specifically on ICT systems and their environment.
Each SABSA Business Attribute is an abstraction of a real business requirement previously encountered in several organisations. Each SABSA Business Attribute has a detailed definition
We should see both the General Business and ICT taxonomies as examples only. They are not comprehensive or definitive. SABSA intends both taxonomies to be customised to describe a unique organisation with a unique set of business requirements.
TOGAF vs SABSA merging the techniques
If you take nothing else away, Business Attributes Profiling are the most powerful tool for creating translated, standardised and ‘normalised’ set of business requirements.
Like other excellent reference tools, the taxonomy provides a checklist of possibility. Instead of brainstorming from a blank piece of paper, you can start with a standard list. Spend your time on analysis. Decide whether a given attribute should be included. Once included, identify the metrics that that explain performance targets.
TOGAF vs. SABSA Next Steps
Start with the SABSA whitepaper. It will provide a solid introduction to SABSA. Once you are comfortable with SABSA, look at Integrating Risk & Security within Enterprise Architecture. Integrating Risk & Security provides the core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.
TOGAF considers security architecture is a cross-cutting domain. Every domain has risk and security aspects.
TOGAF, SABSA & Navigate
We integrated SABSA's risk model and the Business Attributes Profile techniques into Conexiam Navigate.
Join the Personal Enterprise Architecture Kickstart
Free 12-week program to be a better enterprise architect