# Sherwood Applied Business Security Architecture (SABSA)

Secure Architecture and Design Standards

# Acronyms, Abbreviations, and Initialisms

Short Form	Full Form
BOSS	Business Operation Support Services
CSA	Cloud Security Alliance
EA	Enterprise Architecture
SABSA	Sherwood Applied Business Security Architecture

# Overview

SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.

It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks.

SABSA is part of the Business Operation Support Services (BOSS) domain of the Cloud Security Alliance (CSA) Enterprise Architecture (EA).

# Components

SABSA is comprised of a series of integrated frameworks, models, methods and processes, used independently or as an holistic integrated enterprise solution, including:

Business Requirements Engineering Framework (known as Attributes Profiling)
Risk and Opportunity Management Framework
Policy Architecture Framework
Security Services-Oriented Architecture Framework
Governance Framework
Security Domain Framework
Through-life Security Service Management & Performance Management Framework

# Noteworthy

SABSA is a means of developing security capabilities that align with business objectives.

# Sources

https://sabsa.org/sabsa-executive-summary