Darryl Crowe

SABSA Framework

November 2, 2020

CSOL-520

Professor Thomas Plunkett

The system has been hijacked the whole network!! How can this be prevented in the

future? A lot of companies including start up companies have this very same question. Luckily,

there are frameworks out there that can be followed. One of those models is the SABSA

architectural model. The SABSA architectural model has six layers: Contextual, Conceptual,

Logical, Physical, Component and Management. Each of these layers are then broken down by

the 6 W’s: What, Why, How, Who, Where and When. Each of the layers overlap the next layer

with a hierarchy ranging from the top down for one-way communication and back from the

bottom up for two-line communication. The one exceptional layer is the Management

Architecture that overlaps over all the layers which is highly important.

Contextual Architecture is one of the most important layers of the SABSA model as it is

the starting point in how everything gets started. The contextual architecture is where the

stakeholders or business owners decide on what they need to be secured within the business

realm. It is the starting point to implementing the SABSA model. The contextual architecture

follows the 6 W’s by addressing different business asset concerns. The What will establish

business decisions with goals and objectives for the taxonomy of business assets. The Why will

inventory opportunities and threats to those assets. The How goes over the processes of the

business assets and inventory the operations. The Who will inventory the business physically and

the people within the company internal and external. Finally, the When will outline the timeline

of those business assets being secure. This leads into the next layer that makes the business goals

and objectives into IT objects and planning to be executed; it is important to translate the

business owners goals to IT reality objectives on what can and cannot be done.
 Conceptual Architecture is the about translating what the business owners’ goals and

hopes are and place them into actual IT objectives that can be done. This phase is important as it

puts some goals of fantasies into reality on what can be done. If an idea is too farfetched then it

needs to be reexamined and a solution considered that can come close. It is important to know

the 6 W’s for the conceptual as it is different for each of the different layers. What represents the

business attributes which helps to protect the business goals and objectives. Why is the risk

management objectives that help cover over the threats and opportunity inventory or the business

risks. Process Covers over the mapping of the framework and the architectural strategies to

protect the information system architecture. Who is the roles and responsibilities of each

employee’s or the people using the information systems normally built with a RBAC. Where is

related to the security domain framework. This is where the servers and domain controller are

secured within the network. Time is the life cycle in which it will take to complete the security

build for the domain. From contextual architecture leads into Logical Architecture as it goes over

to the engineers that started the processing of the plans from the architect.

Logical Architecture is where the security aspects start to come into play. The “designer”

starts to create the policies that are to be followed for the engineers to implement. They go over

any loopholes that are within the design and give it back to the architecture for review. It is most

important that the designer and architecture are on the same page before the physical

implementation is in process. What resembles the business information that needs to be

protected. This could be on a file share server or even the domain controller. Why is the security

policies that need to be implemented into the system during the physical layer of SABSA. How

is the security services that will be running on the system like monitoring etc. Who is the people

that will have the permissions to view this information as it is normally kept private for security
reasons. Where is the domain definitions for security and where they will be located, separate

server, domain controller etc. When is during the security processing cycle after all the physical

equipment is set into place. This overlaps with the physical layer to be completed.

Physical layer is where the real work gets started! Welcome to the physical

implementation of the security tools and the protection of the network. This is also where the

tools get installed and configured for the later layer of management architecture. What refers to

the business data itself and the components of the network. It will consist of the network,

endpoints, and servers. Why refers to the security rules, practices and procedures being

implemented into the information system domain. How is the security mechanisms that are

implemented following the policies that where developed in the logical layer. Who is all the

applications and users that use the system for daily tasks. It also refers to the security personal

that will be managing the network system. Where is the overall domain or network infrastructure

that has been implemented. When is the execution of the control structure upon physical hard

competition and design.

Component layer goes like the other layers have the 6 W’s. The who goes over the

detailed data structures of the physical layer once they are implemented. The why goes over the

security standards of the system for the company based on the policies and procedures that where

set in the pervious layers. How goes through the security tools for configuration and testing after

they have been installed. It is an overlap within detail of the physical layer and the security

engineer responsibilities. Who is how it effects the identities and functions of the ACL’s

throughout the system. Where is the processes and protocols in which need to be implemented.

When is the security operations scheduled throughout business hours. Component layer relies on
the physical layer to make sure that everything is set properly. It then leads into the final layer of

Operational or the monitoring phase!

Operational is highly important to the success of all the layers. It is the one that layer

overlaps all layers and monitors each layer. The what is the operational continuity and making

sure that the business is kept secure through its daily processes. The why is to make sure that all

aspects of the company are kept in order and secure which deals with the risk management of the

information system. How is the security service and management support that is implemented in

from the other layers. Who is the applications and users along with the managers and anyone that

falls within the business scope. Where is the full site consisting of the networks and platforms

within it. The when is during regular shift scheduling.

Each layer of the SABSA plays an important role to help reduce the changes and odds of

being hacked. Each layer relates to the next layer below it. It is important to build a solid design

of the security standards as it plays a major role to the policies within the system. Each layer is

overlapped by the operational layer as it is the core monitoring to all layers. Best practices is to

follow the architecture in which is designed using the SABSA framework.

Cybersec on the go (2020)[URL] Retrieved from https://www.secureassetsonline.com/security-

architecture.html#:~:text=The%20SABSA%20Model%20is%20built,%2C%20component%2C

%20and%20operational%20layers.

CEPHAS Consulting (2020)[URL] Retrieved from https://enterprisemodelingsolutions.com/ext-

sabsa/