Security Architecture

Security Architecture” can be interpreted in many different ways. Some definitions focus on the high level building blocks by which security systems are put together, other definitions apply a security context to Enterprise Architecture, others focus on delivering artifacts such as non-Functional Security Requirements,  ensuring that security is considered throughout a Software or System Development Lifecycle.

My preferred approach is to combine elements of the Sherwood Applied Business Security Architecture (SABSA) and The Open Group Architecture Framework (TOGAF) as described by the TOGAF-SABSA Integration Working Group.

This approach ensures that security is considered at every point in the TOGAF Architecture Development Method and is the basis of the Security Architecture course I developed and delivered as part of EY’s internal IT Advisory Architecture training.

Overview of Security-Related Artifacts in the TOGAF ADM (Copyright © 2011 The Open Group and The SABSA Institute)

I have been TOGAF 9.1 Level 1 and 2 certified since 2013.