The SABSA Model

Go Back

The Sherwood Applied Business Security Architecture (SABSA) model is a six-layer security architecture framework:

  1. πŸ—ΊοΈ Contextual Security Architecture (the business's view): a high-level view of the business (goals, objectives, risks, and requirements)
  2. πŸ“ƒ Conceptual Security Architecture (the architect's view): define key security domains (networking, data, access control...)
  3. πŸ’» Logical Security Architecture (the designer's view): define the logical components to protect key security domains (firewall, IDS/IPS)
  4. πŸ” Physical Security Architecture (the builder's view): define the physical components of the system (servers, workstations, devices)
  5. πŸ‘› Component Security Architecture (the tradesman's view): select specific components/products to implement the Logical and Physical Security Architectures
  6. πŸ”Ž Operational Security Architecture (the facilities manager's view): define processes/procedures to operate and maintain the system (incident response, backups, recovery, monitoring, logging).

Each layer is analyzed with 6 questions: What, Why, How, Who, Where, and When, generating a 36-cell table called SABSA Matrix.