SABSA provides the means by which we integrate different solutions and approaches to differing and complex needs, and provides a mechanism to manage such complexity. This security architecture defines a conceptual layered model which enables the provision of a holistic, strategic and architectural approach as opposed to the more typically seen application of technology and process stand-alone solutions to tactical security objectives. The security architecture is effectively “business-driven” and “business-led”, and aims to architect on both Control objectives (protecting your passwords or web servers with hardening) but also Enablement objectives (how security can help the organisation be perceived as competent and having an appropriate time to market).
SABSA ensures that different views of security are taken in consideration through its layered model, as different stakeholders need to be differently informed about what it means to them, whilst still allowing for traceability across the stack. These related and layered requirements are then mapped through the chain to ensure architectural traceability and justification for the elements of the architecture.