The SABSA Model
The Sherwood Applied Business Security Architecture (SABSA) model is a six-layer security architecture framework:
- πΊοΈ Contextual Security Architecture (the business's view): a high-level view of the business (goals, objectives, risks, and requirements)
- π Conceptual Security Architecture (the architect's view): define key security domains (networking, data, access control...)
- π» Logical Security Architecture (the designer's view): define the logical components to protect key security domains (firewall, IDS/IPS)
- π Physical Security Architecture (the builder's view): define the physical components of the system (servers, workstations, devices)
- π Component Security Architecture (the tradesman's view): select specific components/products to implement the Logical and Physical Security Architectures
- π Operational Security Architecture (the facilities manager's view): define processes/procedures to operate and maintain the system (incident response, backups, recovery, monitoring, logging).
Each layer is analyzed with 6 questions: What, Why, How, Who, Where, and When, generating a 36-cell table called SABSA Matrix.