SABSA® is both a framework and methodology for ensuring that the right physical and information security controls required to execute an organization’s strategy are applied in the right places at the right time with appropriate levels of cost. It was initially developed by John Sherwood in 1995 to demonstrate it was possible to create a physical and technology architecture that could meet the SWIFT interbank transfer system’s goal of providing $1 billion guarantees every transfer would be securely executed.
Since 2007, SABSA is owned and managed by the SABSA Institute, a registered non-profit organization in the United Kingdom. The SABSA Institute is responsible for certifying and accrediting individuals and organizations who use SABSA internally or provide SABSA services.
Organizations Using SABSA
SABSA is used by a number of public and private sector organizations around the world, including being adopted as the official UK Ministry of Defense Information Assurance Standard, used widely in the global banking and telecommunications industry and a number of electronics manufacturers.
Some of the specific organizations who use SABSA include:
- New Zealand Telecom
- The Electoral Commission of New Zealand
- Bank of Ireland
- Allied Irish Bank
- Standard Bank
- The Government of Canada
- Cloud Security Alliance
SABSA is a methodology for developing enterprise-wide security architectures across the full range of business activities, including information security, business continuity and physical and environmental security.
In its broadest application, SABSA security architectures address all the requirements of operational risk management. However, most of the existing SABSA literature and materials – including the 2009 white paper –are geared mainly towards the security, risk management and assurance of business information systems as significant part of the overall enterprise-wide security and risk management scope.
The most important aspect of the SABSA methodology is to provide two-way traceability between business objectives to be achieved and physical and software implementations of the security controls deployed to manage their associated risks. This feature means that security investments are driven by business requirements and therefore can be part of an overall ROI calculation instead of investments based on immediate, tactical needs.
Archistry offers the full range of Official SABSA certification courses and seminars in association with our partners SABSAcourses.com and ALC Group. For more information or to book a seat in an upcoming course, have a look at the following pages:
To read more about SABSA and our use of it, check out our latest SABSA posts.