Podcast
Questions and Answers
What is the primary focus of the facilitated workshop approach to SABSA start-up?
What is the primary focus of the facilitated workshop approach to SABSA start-up?
- Validating the security architecture with Executive Management
- Foreseeing difficulties and managing expectations
- Identifying key allies and opponents in the organization
- Creating deliverables for all SABSA Architecture Layers (correct)
Which of the following is NOT a characteristic of the Fast-Track facilitated workshop approach?
Which of the following is NOT a characteristic of the Fast-Track facilitated workshop approach?
- Creates deliverables for multiple SABSA Architecture Layers
- Requires week-long access to Executive Management (correct)
- Involves pre-selling of ideas
- Focuses on politics and diplomacy
What is the primary benefit of using the Fast-Track facilitated workshop approach?
What is the primary benefit of using the Fast-Track facilitated workshop approach?
- It saves time and resources (correct)
- It ensures Executive Management buy-in
- It identifies key security concerns
- It creates a detailed security architecture
What is the purpose of understanding the 'buttons' of stakeholders in the organization?
What is the purpose of understanding the 'buttons' of stakeholders in the organization?
Why is it important to identify key allies and opponents in the organization?
Why is it important to identify key allies and opponents in the organization?
What is the purpose of the sample interview scripts provided in the appendices?
What is the purpose of the sample interview scripts provided in the appendices?
What is the time limit for answering the competency domain questions?
What is the time limit for answering the competency domain questions?
What is the purpose of the recap and capture step in the facilitated workshop approach?
What is the purpose of the recap and capture step in the facilitated workshop approach?
What is the primary purpose of information in the SABSA framework?
What is the primary purpose of information in the SABSA framework?
Which layer of the SABSA Matrix is concerned with the Information Assets?
Which layer of the SABSA Matrix is concerned with the Information Assets?
What are the three types of assets in the SABSA framework?
What are the three types of assets in the SABSA framework?
What is the role of SABSA techniques in Release and Knowledge Management?
What is the role of SABSA techniques in Release and Knowledge Management?
What are the characteristics of Data Assets?
What are the characteristics of Data Assets?
What is the relationship between the Conceptual Attributes and the asset properties?
What is the relationship between the Conceptual Attributes and the asset properties?
What is the purpose of the SABSA Architecture Design Phase layers?
What is the purpose of the SABSA Architecture Design Phase layers?
What is the primary value of information in the SABSA framework?
What is the primary value of information in the SABSA framework?
What is the primary purpose of the SABSA Assurance Framework?
What is the primary purpose of the SABSA Assurance Framework?
What is the role of a Domain Policy Authority in the SABSA architecture?
What is the role of a Domain Policy Authority in the SABSA architecture?
What is the relationship between risk levels and policy levels in the SABSA architecture?
What is the relationship between risk levels and policy levels in the SABSA architecture?
What is the purpose of risk metadata management in the SABSA architecture?
What is the purpose of risk metadata management in the SABSA architecture?
What is the relationship between business risks and opportunities in the SABSA architecture?
What is the relationship between business risks and opportunities in the SABSA architecture?
What is the role of actuarial data in the SABSA architecture?
What is the role of actuarial data in the SABSA architecture?
What is the purpose of risk analysis tools in the SABSA architecture?
What is the purpose of risk analysis tools in the SABSA architecture?
What is the role of dynamic thresholds in the SABSA architecture?
What is the role of dynamic thresholds in the SABSA architecture?
What is the purpose of automatic equipment identification?
What is the purpose of automatic equipment identification?
What is the focus of the risk and policy management architecture?
What is the focus of the risk and policy management architecture?
What is the primary concern in the FIFE business context?
What is the primary concern in the FIFE business context?
What is the purpose of the logical services in the architecture controls and enablers?
What is the purpose of the logical services in the architecture controls and enablers?
What is the purpose of the ORM architecture inheritance and re-use?
What is the purpose of the ORM architecture inheritance and re-use?
What is the purpose of the SABSA risk assessment?
What is the purpose of the SABSA risk assessment?
What is the purpose of the integrated controls and enablers library?
What is the purpose of the integrated controls and enablers library?
What is the focus of the business attributes in the FIFE business context?
What is the focus of the business attributes in the FIFE business context?
What is the primary purpose of modeling controls to achieve performance targets?
What is the primary purpose of modeling controls to achieve performance targets?
What is the benefit of reusing 'standard' solutions in the ORM architecture?
What is the benefit of reusing 'standard' solutions in the ORM architecture?
What is the purpose of the Integrated Controls & Enablers Library?
What is the purpose of the Integrated Controls & Enablers Library?
What is the relationship between the attributes and performance thresholds in the ORM architecture?
What is the relationship between the attributes and performance thresholds in the ORM architecture?
What is the purpose of identifying the attributes required by project #2?
What is the purpose of identifying the attributes required by project #2?
What is the benefit of using the MTCS modelled approach?
What is the benefit of using the MTCS modelled approach?
What is the purpose of the ORM architecture inheritance and re-use?
What is the purpose of the ORM architecture inheritance and re-use?
What is the relationship between the risk assessment and the performance targets?
What is the relationship between the risk assessment and the performance targets?
Flashcards
Logical Assets
Logical Assets
Information assets and their management, including asset inventory, business models, and knowledge management.
Physical Assets
Physical Assets
Data assets and their management, including data dictionaries, storage devices, change management, and platform management.
Component Assets
Component Assets
Products and tools like data repositories and processors, and related management.
Data Assets
Data Assets
Signup and view all the flashcards
Information Assets
Information Assets
Signup and view all the flashcards
Asset Value (SABSA)
Asset Value (SABSA)
Signup and view all the flashcards
SABSA Matrix Layers
SABSA Matrix Layers
Signup and view all the flashcards
Risk Management Practices
Risk Management Practices
Signup and view all the flashcards
Risk Data Management
Risk Data Management
Signup and view all the flashcards
Policy Management Architecture
Policy Management Architecture
Signup and view all the flashcards
Business Risks
Business Risks
Signup and view all the flashcards
SABSA Enterprise Security Architecture
SABSA Enterprise Security Architecture
Signup and view all the flashcards
Risk Level
Risk Level
Signup and view all the flashcards
Risk Assessment
Risk Assessment
Signup and view all the flashcards
Conceptual Assets
Conceptual Assets
Signup and view all the flashcards
Business Drivers for Security
Business Drivers for Security
Signup and view all the flashcards
Architecture Controls
Architecture Controls
Signup and view all the flashcards
Logical Services
Logical Services
Signup and view all the flashcards
Physical Mechanisms
Physical Mechanisms
Signup and view all the flashcards
Component Activities
Component Activities
Signup and view all the flashcards
Study Notes
Asset Architecture & Asset Management
- Asset Architecture consists of three layers: Logical, Physical, and Component
- The SABSA Matrix is a design phase that has three layers: Logical, Physical, and Component
- Logical Assets include Information Assets and Logical Asset Management, which involves Inventory of Information Assets, Information Model of the Business, and Knowledge Management
- Physical Assets include Data Assets and Physical Asset Management, which involves Data Dictionary & Data Storage Devices Inventory, Change Management, and Platform & Data Storage Management
- Component Assets include Products and Tools, including Data Repositories and Processors, and Component Management, which involves Product & Component Standards Management
Competency Objectives for Section 12
- Describe the characteristics and deliverables of the SABSA Architecture Design Phase layers
- Explain the constructs and characteristics of assets at logical, physical, and component layers
- Identify the role of SABSA techniques for security in Release & Knowledge Management
- List and define possible start-up approaches to SABSA Enterprise Security Architecture
Constructs & Characteristics of Assets
- Data Assets are raw facts, figures, and events collected by observation and recording, and stored in a specific location
- Information Assets are transformed data that is qualitative, and have context and meaning through organization and presentation
- Asset Value in SABSA is achieved if it has certain properties such as Accuracy, Completeness, Timeliness, Availability, and Relevance
Relationship With Conceptual Assets
- Business Drivers for Security are derived from the Conceptual Attributes
- The purpose of information is to contribute to business knowledge for decision-making
- Attributes in the Conceptual Layer include Accuracy, Completeness, Timeliness, and Availability
Risk & Policy Management Architecture
- Policy Management Architecture includes Policy Publication & Compliance Management, Risk Management Practices, and Risk Data Management
- Risk Management Practices include Risk Analysis Tools, Risk Registers, Risk Monitoring & Reporting, and Risk Metadata Management
- Risk Data Management includes Risk Management Components & Standards, and Risk Procedure Management
Competency Objectives for Section 13
- List the requirements for architected controls in Risk & Policy Management Architecture
- Explain the association of architected controls with SABSA Contextual & Conceptual layers
- Describe the structure and objectives of the SABSA Assurance Framework
- Explain the application of the SABSA Assurance Framework and its relationship with Risk Level### Risk and Policy Management Architecture
- Business risks and opportunities are associated with logical domains, physical environment, and infrastructure domains
- Risk level is linked to policy level and control level, which includes activity controls
- Security services are managed at each layer, including security mechanisms and infrastructure and environment management
- Risks and opportunities are managed by standards for tools and products, and security components and configurations
Architectural Control Distribution Case Study
- Business context involves interactions between government departments
- Business drivers for security include information confidentiality and integrity in storage and transit
- Business attributes include confidentiality, integrity, authenticity, and assurance
- Architecture controls and enablers include logical services, physical mechanisms, and component activities
- Logical services include credentials issuance, session authentication, and message origin authentication
- Physical mechanisms include SSL, VPNs, disk encryption, and file hashing
- Component activities include user credential management, certificate management, and key management
ORM Architecture Inheritance and Re-use
- SABSA risk assessment establishes enterprise attributes, control and enablement objectives, and risk register
- The risk assessment creates a traceable layer-map from business requirements to controls
- The layer-map becomes the current-state SABSA enterprise security architecture
- Subsequent SABSA risk assessments can re-use the existing architecture, inheriting controls and enablers from the current-state architecture
- New attributes and performance thresholds required by subsequent projects can be enhanced and added to the existing architecture
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the design phase of asset architecture and management, including scope and temporal factors. It is based on the SABSA Institute's framework for security architecture and risk management.