Home CISSP 2021 - Frameworks
Post
Cancel

CISSP 2021 - Frameworks

SABSA

A methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.

It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks.

SABSA is comprised of a series of integrated frameworks, models, methods and processes, used independently or as an holistic integrated enterprise solution, including:

  • Business Requirements Engineering Framework (known as Attributes Profiling)
  • Risk and Opportunity Management Framework
  • Policy Architecture Framework
  • Security Services-Oriented Architecture Framework
  • Governance Framework
  • Security Domain Framework
  • Through-life Security Service Management & Performance Management Framework

image tooltip here image tooltip here

TOGAF

Partitioning – a number of techniques and considerations on how to partition the various architectures within an enterprise.

Architecture Repository – a logical information model for an Architecture Repository which can be used as an integrated store for all outputs created by executing the Architecture Development Method (ADM).

Capability Framework – a structured definition of the organization, skills, roles, and responsibilities required to operate an effective enterprise architecture capability. The TOGAF standard also provides guidance on a process that can be followed to identify and establish an appropriate architecture capability.

What Kinds of Architecture does the TOGAF Standard Deal with?

Business Architecture - The business strategy, governance, organization, and key business processes.

Data Architecture - The structure of an organization’s logical and physical data assets and data management resources.

Application Architecture - A blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes of the organization.

Technology Architecture - The logical software and hardware capabilities that are required to support the deployment of business, data, and application services. This includes IT infrastructure, middleware, networks, communications, processing, and standards.

The Zachman Framework

The Framework for Enterprise Architecture (or Zachman Framework) as it applies to Enterprises is simply a logical structure for classifying and organizing the descriptive representations of an Enterprise that are significant to the management of the Enterprise as well as to the development of the Enterprise’s systems, manual systems as well as automated systems.

This post is licensed under CC BY 4.0 by the author.