Content of Figures
1 Understanding ESA
Like a building, an enterprise IT environment needs an architecture to be most useful and efficient. Thus, the need for IT architecture, or “EA” i ...Login Get full Access
An Enterprise Security Architecture (ESA) should provide a framework that ties security, risk, and audit processes and infrastructure closely to broad ...Login Get full Access
An ESA spans organizational, conceptual, logical, and physical IT layers. It provides a coherent structure for security governance and management, con ...Login Get full Access
3.1 Available Architecture Standards for Security
Multiple types of industry standards shown in Table 1 contain elements of security architecture. Those in the first row could provide an ESA; those in ...Login Get full Access
3.2 Basic ESA: Use NIST CSF for Control Priorization and Alignment
The U.S. NIST CSF Version 1.1 was developed to help organizations relatively quickly assess and improve their security posture. Although initially cre ...Login Get full Access
4 Comprehensive ESA: Distill and Adopt Core Concepts from SABSA
SABSA is a model and methodology for enterprise security architecture and service management. It was developed independently from EA models, but uses ...Login Get full Access
- “Enterprise Security Architecture: A Business-Driven Approach” (aka the “SABSA Blue Book”), John Sherwood, Andrew Clark, David Lynas. CMP Books © 2005.
- NIST Cybersecurity Framework Home Page
- Open Security Architecture Home Page
- “Open Group Guide on Integrating Risk and Security within a TOGAF Enterprise Architecture” (G152). Accessed on June 16, 2017 (free registration and login required).
- TOGAF and SABSA Integration White Paper (W117)