The Security Architecture View is a cross cutting view of an Enterprise Architecture Framework.
The best openly available example of a Security Architecture Framework is SABSA, which is a proven framework and methodology for Enterprise Security Architecture and Service Management that is based on the Zachman Framework.
SABSA is used for a wide variety of Enterprise Security needs including Risk Management, Information Assurance, Governance, and Continuity Management.
Although copyright protected, SABSA is an open-use methodology, and is not a commercial product.
SABSA is described in the book Enterprise Security Architecture (A Business Driven Approach).
SABSA EA Framework
The SABSA Model comprises six layers based on the different rows in the Zachman Framework. Each layer represents the view of a different player in the process of specifying, designing, constructing and using the business system.
Rows
| Row | Security Deliverable |
|---|---|
| The Business View | Contextual Security Architecture |
| The Architect’s View | Conceptual Security Architecture |
| The Designer’s View | Logical Security Architecture |
| The Builder’s View | Physical Security Architecture |
| The Tradesman’s View | Component Security Architecture |
| The Facilities Manager’s View | Operational Security Architecture |
Questions it answers
| What are you trying to do at this layer? | The assets to be protected by your security architecture |
| Why are you doing it? | The motivation for wanting to apply security, expressed in the terms of this layer |
| How are you trying to do it? | The functions needed to achieve security at this layer |
| Who is involved? | The people and organisational aspects of security at this layer |
| Where are you doing it? | The locations where you apply your security, relevant to this layer |
| When are you doing it? | The time-related aspects of security relevant to this layer |
Security View (based on Zachman Framework)
Security Service Management View (based on Zachman Framework)
Security Attributes
