Mike The Architect

The Open Group announced last month the release of the TOGAF & SABSA Integration Whitepaper, a new guide developed in collaboration with The SABSA Institute to enable enterprise and security architects to integrate security and risk management approaches into enterprise-level architectures. Endorsed and developed by The Open Group Security and Architecture Forums and The SABSA Institute, the whitepaper aims to help architects align IT security decisions with critical business goals while reducing costs and improving interoperability across the enterprise.

"For too long, security and risk management have been considered a discipline separate from enterprise architecture, which has led to increased costs, reduced interoperability and less productive organizations. This guide empowers enterprise architects to apply a holistic, business-driven approach to IT security decisions," said Jim Hietala, VP of Security for The Open Group. "Like TOGAF, the SABSA methodology provides guidance for aligning architecture with business value, in addition to addressing a critical need for greater integration between security and enterprise architectures within organizations."

Intended as a practical guide, the whitepaper views security architecture as an integral part of how enterprise architecture should be approached, a critical shift that is often overlooked in enterprise architecture frameworks but that encourages enterprise architects to focus attention on business processes rather than just technology solutions. To address security and risk management more effectively within enterprise architecture frameworks, the whitepaper also describes ways that TOGAF and SABSA can be seamlessly integrated for optimum security and business productivity. This includes detailed guidance on how to produce business and risk management-based security architectures, along with practical approaches to improve the integration of information security across the enterprise. Within this context, a main objective of the paper is to spark debate in the enterprise architecture community about the evolving role of enterprise architects in enabling the business to manage operational risk.

"In the past, security and enterprise architectures have been designed and acquired in silos, without common architecture languages that help tie both to broader business objectives," said John Sherwood, Head of the SABSA Academy, a division of The SABSA Institute. "We're proud to integrate SABSA with TOGAF finally to provide structure for the relationship between enterprise and security architectures, and help create more efficient, cost effective and productive enterprises. Our hope is that the paper will fundamentally change the way enterprise architects think about enterprise architecture."

The SABSA methodology was chosen for integration with TOGAF based on its objective of developing security architectures that facilitate the business, much like TOGAF's business driven approach and open methodology. Utilizing the SABSA Business Attributes Profiling method, the integrated methodology enables the creation of better architectures that drive tighter alignment between business and IT within enterprises. The whitepaper is the culmination of the TOGAF-SABSA Integration Project that began in May 2010 as a joint initiative of The Open Group Architecture Forum, Security Forum and The SABSA Institute.

The TOGAF SABSA Integration Whitepaper is available here: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12449