ฝัง
- เผยแพร่เมื่อ 20 ส.ค. 2024
- This is an excerpt from the Supercharge Your Security Architecture Program where I cover the 2 of the 3 core concepts of SABSA, along with the architecture layers and the activities of the SABSA Lifecycle. However, what I don't cover in this video is the fundamentals of the critical 3rd element, which is the governance model. The governance model is covered at the core of Day 2 of the program, which you can access in full using this link: suprchg.me/pro....
To find out about future programs, make sure you're signed up for my DAILY emails at agilesecuritys...
keren
straight to the point. Seeing things in a multidimensional way is the correct strategy to implement any security framework.
Thank you and well done!
Thanks for the feedback. There's really no other way to try and understand complex systems other than as n-dimensional interactions beyond simple cause and effect. The basic two-way traceability taught in Foundation is a great place to start, but once you're applying the 3 core concepts to map out the value delivery network of your organization, you can't help working in multiple dimensions.
Very interesting and informative. Thanks
Thanks! Glad it was useful. Remember, if you'd like to go deeper in putting SABSA to work, please feel free to reach out. It's not nearly as hard as a lot of people think. And once you get started, the value increases exponentially with linear amounts of effort. Sometimes, even without any effort at all!
very well explained, and this is how it work but mostly in large big corporations only.
Hi @iMentorCloud. Thanks for the feedback.
Actually, I've worked with organizations of various sizes to implement this approach. Sure, it's often easier to get the support for doing things with security in larger organizations because they're big enough to have plenty of problems around actually getting the right things in place.
However, as I talk about in the video and in the book (agilesecuritysystem.com/start), if you focus on the 3 core concepts of SABSA, and you take a systems thinking approach, it turns out applying the Principles, Practices and Perspectives of The Agile Security System can be done at any scope-from a 20-year strategic plan to a 20-minute phone call.
Feel free to reach out if you'd like to talk about it in more detail.
Bullseye strike .. I cannot agree more and think that the massage applies to everything Enterprise and Solution Architects do
Thanks for the feedback. And you're exactly right. Once you understand what SABSA is really about, it's pretty clear that it will apply for any kind of architecture-especially for enterprise architecture. In fact, I've worked with organizations who've started with SABSA for security and then filled a void for EA with it once the rest of IT saw what it could really do for them.
Thank you! I am just thinking this out. Sherwood Applied Business Security Architecture (SABSA). So you can’t just worry about the end of the architectural design, you need to address security design on a higher level.
So if you were building a house, the architect wouldn’t come on board just to complete the structure; they come on board at the beginning to address the conceptual design and connect it to the structure design. Is this accurate?
Thanks for the feedback, @adriennecrosby4105! To answer your question, yes. That's correct. I wrote about this in some detail in the Security Sanity™ print newsletter a few times. What you really want is a collaborative and consultative relationship where the customer describes what they want and the architect gives them options on how to realize it. Based on this interaction and refinement, a finished design emerges.
This is how it works with traditional building architects, and it's no different in the technical architecture arena.
Fundamentally, with any kind of technical architecture - including security - it's all down to the quality of the conceptual models you build and communicate with the rest of the team. Another take on this is the 3 conceptual models Don Norman talks about in his book, Design of Everyday Things.