SABSA
Risk-driven security architecture from business drivers to controls.
SABSA for Risk-Driven Security Architecture
Sherwood Applied Business Security Architecture (SABSA) links business drivers to security services, policies, and controls through a layered model. It is strongest when security architecture must justify investments to risk committees—not only when checklists must be mapped.
Use SABSA to structure security architecture deliverables: business attributes, security concept, logical architecture, physical implementation, and component design. Integrate outputs with enterprise architecture roadmaps so zero trust, identity, and data protection programs share a common narrative with application and infrastructure change.
SABSA complements NIST CSF and ISO 27001 mapping. Larkinized security architecture work products connect control frameworks to reference architectures and paved-road platform patterns delivery teams can adopt.
What is TOGAF?
TOGAF (The Open Group Architecture Framework) is a widely adopted standard for developing and governing Enterprise Architecture. It provides methods, tools, and vocabulary—most notably the Architecture Development Method (ADM)—to help organizations design, plan, implement, and sustain architecture at enterprise scale.
Security Architecture in the Enterprise
Security architecture embeds controls into design, data flows, and platforms—not bolt-on reviews at go-live. Align with zero trust, DevSecOps, and regulatory frameworks.