SABSA F1: Ultimate Guide With Verified Solutions
Overall, SABSA is a: Correct Answer - methodology
COTS Correct Answer - commercial off the shelf
Standard ESA programs fail because Correct Answer - too much emphasis
on tech, not business problems
Describe SABSA concept of "Enterprise" Correct Answer - Treatment of an
organization as a single entity and aims to optimize all parts of the
organization in a coherent way that delivers improved performance
Describe the SABSA concept of Security Correct Answer - To support the
business objectives relative to a specific business context and within a specific
risk appetite.
Describe the SABSA concept of Architecture Correct Answer - Architecture
supports business strategy
Describe the role of an architectural Framework Correct Answer - A
consistent set of principles, policies, capabilities, and standards that sets the
direction and vision for the development and operation of the organizations
business information systems so as to ensure alignment with and support for
the business needs
List SABSA drivers &constraints Correct Answer - Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to
security Correct Answer - ensures the holistic, biggest picture is taken into
account and how and why they work together towards common business
goals
,List the 7 primary features & advantages of the SABSA approach to Enterprise
Security Architecture Correct Answer - Feature > Advantage
Business Driven > Value-Assured
Risk-Focused > Prioritized and proportional
Comprehensive > Scalable scope
Modular > Agility
Open-source > Free use, standard
Auditable > Demonstrates compliance
Transparent > Two-way traceability
List the benefits of an Architecture Framework Correct Answer - Managing
Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles Correct Answer - Architecture must not
presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ Correct Answer
- a good framework will answer YES
Architecture must meet _____ business requirements Correct Answer - Your
own unique business reqs
, Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation Correct Answer - Flexibility to
incorporate and pivot in these areas
A layered Framework is: Correct Answer - a framework within which many
people can work harmoniously and all act toward the goal of a SINGLE design
authority (NASCAR)
ESA Scope Correct Answer - Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk
mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: Correct Answer -
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
Architecture needs a ______ approach Correct Answer - Holistic
Information Security Architecture must provide these in its role: Correct
Answer - All the links in the chain
ensure that security is provided through a fully integrated systems approach
ensure that security services are properly managed
ensure that security services are properly delivered and supported
ensure that security meets the needs of the business!
List the 6 views of SABSA Architecture Correct Answer - Business View -
Contextual Arch
Architects View - Conceptual Arch
Designers View - Logical Arch
Builders View - Physical Arch
Tradesman's View - Component Arch
Managers View - Management Arch
Name the 6 layers of the SABSA Architecture Matrix Correct Answer - What
- The assets, goals and objectives to be protected and enhanced
Why - The risk and opportunity motivation
Overall, SABSA is a: Correct Answer - methodology
COTS Correct Answer - commercial off the shelf
Standard ESA programs fail because Correct Answer - too much emphasis
on tech, not business problems
Describe SABSA concept of "Enterprise" Correct Answer - Treatment of an
organization as a single entity and aims to optimize all parts of the
organization in a coherent way that delivers improved performance
Describe the SABSA concept of Security Correct Answer - To support the
business objectives relative to a specific business context and within a specific
risk appetite.
Describe the SABSA concept of Architecture Correct Answer - Architecture
supports business strategy
Describe the role of an architectural Framework Correct Answer - A
consistent set of principles, policies, capabilities, and standards that sets the
direction and vision for the development and operation of the organizations
business information systems so as to ensure alignment with and support for
the business needs
List SABSA drivers &constraints Correct Answer - Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to
security Correct Answer - ensures the holistic, biggest picture is taken into
account and how and why they work together towards common business
goals
,List the 7 primary features & advantages of the SABSA approach to Enterprise
Security Architecture Correct Answer - Feature > Advantage
Business Driven > Value-Assured
Risk-Focused > Prioritized and proportional
Comprehensive > Scalable scope
Modular > Agility
Open-source > Free use, standard
Auditable > Demonstrates compliance
Transparent > Two-way traceability
List the benefits of an Architecture Framework Correct Answer - Managing
Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles Correct Answer - Architecture must not
presuppose any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ Correct Answer
- a good framework will answer YES
Architecture must meet _____ business requirements Correct Answer - Your
own unique business reqs
, Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation Correct Answer - Flexibility to
incorporate and pivot in these areas
A layered Framework is: Correct Answer - a framework within which many
people can work harmoniously and all act toward the goal of a SINGLE design
authority (NASCAR)
ESA Scope Correct Answer - Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk
mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: Correct Answer -
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
Architecture needs a ______ approach Correct Answer - Holistic
Information Security Architecture must provide these in its role: Correct
Answer - All the links in the chain
ensure that security is provided through a fully integrated systems approach
ensure that security services are properly managed
ensure that security services are properly delivered and supported
ensure that security meets the needs of the business!
List the 6 views of SABSA Architecture Correct Answer - Business View -
Contextual Arch
Architects View - Conceptual Arch
Designers View - Logical Arch
Builders View - Physical Arch
Tradesman's View - Component Arch
Managers View - Management Arch
Name the 6 layers of the SABSA Architecture Matrix Correct Answer - What
- The assets, goals and objectives to be protected and enhanced
Why - The risk and opportunity motivation
