SABSA Flashcards
What are the layers in the SABSA model.
Contextual (Business's) Conceptual (Architect's) Logical (Designer's) Physical (Builder's) Component (Tradesman's) Security Service Management (Service manager's)
What questions are normally asked?
What are you trying to do? Why are you doing this? How are you going to do it? Who is involved? Where are you doing it? When are you doing it?
How does the SABSA model provide x2 way traceability?
Completeness: verifying that every business requirement has been met from the Contextual layer and down.
Business justification: moving from Security Service Management and up, to determine whether every component is justified.
What are the horizontal layers of the SABSA matrix?
These are the SABSA layers: Contextual through to Security Service Management.
What are the vertical slices in the SABSA matrix
These are the x5 W and x1 H questions, which are represented as:
- Assets (What)
- Motivations (Why)
- Process (How)
- People (Who)
- Location (Where)
- Time (When)
What is the SABSA lifecycle?
It is a loop that consists of:
- Strategy and planning
- Design
- Implement
- Manage and measure.
What is the SABSA Business Attributes profile?
This is a way of defining attributes (abstracted requirements) and grouping them. SABSA refers to it as: ‘allowing a unique set of business requirements to be translated, standardised and normalised.’ These include statements such as: ‘Authenticated, Annually Appraised, Educated, Capacity Managed’, etc. SABSA provides some examples of these attributes; however, it is down to the Enterprise as to whether they wish to make their own or not.
What is meant by the ‘duality’ of risk?
The SABSA framework asserts that risk management should also include opportunity management. Therefore, risks and opportunities should be managed together, to maximise the benefit to the organisation.
