TOGAF vs. SABSA

TOGAF vs SABSA is a false dichotomy. SABSA is the world's leading Security architecture framework. TOGAF provides the  essential scaffolding for enterprise architecture.

The SABSA Institute and the Open Group's Architecture Forum work together to leverage both. We have been working together since 2008. The TOGAF and SABSA Integration Paper started the journey.

SABSA

The SABSA ModelAt the heart of the SABSA method is the SABSA Model, a top-down approach that drives the SABSA Development Process. This process analyses the business requirements at the outset, and creates a chain of traceability through the SABSA Lifecycle phases of ‘Strategy & Planning’, ‘Design’, ‘Implement’ and ongoing ‘Manage and Measure’ to ensure preservation of the business mandate. Framework tools created from practical experience, including the SABSA Matrix and the SABSA Business Attributes Profile, further support the whole method.

Download the SABSA Whitepaper for a quick summary of the SABSA Framework.

TOGAF 9.2

Integrating Risk & Security with TOGAF ADMIn TOGAF 9.2 the Security material was removed from the foundation document. The material was replaced with a TOGAF Series Guide. Guides allow a better treatment of how best-practice technique specializes the essential scaffolding.

The strategic transformation of TOGAF was to pull guidance out of TOGAF, allowing more dynamic and context specific use of the core concepts of the framework. in 2010, the TOGAF and SABSA Integration Paper started the journey.

TOGAF 9.2 moved guidance into specialized documents support focus. TOGAF Series Guide - Integrating Risk & Security within Enterprise Architecture provides the core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.

Download Integrating Risk & Security within Enterprise Architecture for core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.

Integrating Risk & Security within Enterprise Architecture was jointly developed by the Open Group and the SABSA Institute.

TOGAF vs. SABSA - Put them together

In 2010, the SABSA Institute and the Open Group's Architecture Forum published the TOGAF and SABSA Integration Paper. Enhancing the TOGAF enterprise architecture methodology with the SABSA security architecture approach.

The paper started the journey of liberating TOGAF. In terms of standards development, it was a turning point. Core elements of the standard were being developed by domain specialists in the Open Group's Security Forum and the SABSA Institute.

I highlight the following aspects:

  • Why you should bolster TOGAF with best practice security architecture from SABSA.
  • Operational risk and its relevance to enterprise architecture—why incorporating the concept of operational risk is essential to modern enterprise architecture design.
  • Dramatic improvement to enterprise architecture requirements management using SABSA Business Attribute Profiling.
  • Creating an enterprise architecture with integrated security—how to align SABSA concepts to the TOGAF ADM.

SABSA General Business Attributes Profile

SABSA General Business Attributes Profile

SABSA Business Attributes Profile is at the heart of the SABSA method. It is this ‘requirements engineering’ technique that makes SABSA truly unique and provides the linkage between business requirements and technology / process design.

Developing the Business Attributes Profile, developing operational risk management objectives through risk assessment, service delivery planning, defining service management roles, responsibilities, liabilities and cultural values, service portfolio management, planning and maintaining the service catalogue and managing service performance criteria and targets (service level definition).

SABSA ICT Business Attributes Profile

SABSA ICT Business Attribute ProfileSABSA's Business Attributes come from extensive experience across many organisations in many countries and various industry sectors. It became apparent that although every business is unique, there are commonly recurring themes.

The original SABSA Business Attributes Taxonomy focused specifically on ICT systems and their environment.

Each SABSA Business Attribute is an abstraction of a real business requirement previously encountered in several organisations. Each SABSA Business Attribute has a detailed definition

We should see both the General Business and ICT taxonomies as examples only. They are not comprehensive or definitive. SABSA intends both taxonomies to be customised to describe a unique organisation with a unique set of business requirements.

TOGAF vs. SABSA merging the techniques

If you take nothing else away, Business Attributes Profiling are the most powerful tool for creating translated, standardised and ‘normalised’ set of business requirements.

Like other excellent reference tools, the taxonomy provides a checklist of possibility. Instead of brainstorming from a blank piece of paper, you can start with a standard list. Spend your time on analysis. Decide whether a given attribute should be included. Once included, identify the metrics that that explain performance targets.

TOGAF vs. SABSA Next Steps

Start with the SABSA whitepaper. It will provide a solid introduction to SABSA. Once you are comfortable with SABSA, look at Integrating Risk & Security within Enterprise ArchitectureIntegrating Risk & Security provides the core guidance of tying a SABSA-based approach for Security Architecture with best-practice Enterprise Architecture.

TOGAF considers security architecture is a cross-cutting domain. Every domain has risk and security aspects.

TOGAF, SABSA & Navigate

We integrated SABSA's risk model and the Business Attributes Profile techniques into Conexiam Navigate.

Enterprise Architect's Guide

Download the Enterprise Architect's Guide a TOGAF Series Guide on developing useful enterprise architecture. test

SABSA Institute

The SABSA Institute develops and publishes SABSA.

SABSA is the framework and methodology of choice for enterprise security architecture and risk management.

Conexiam consulting requires all of our consultants to earn SABSA certification.

Join the Personal Enterprise Architecture Kickstart

Free 12-week program to be a better enterprise architect

Scroll to Top