Enterprise Security Architecture

The complexities of today’s cybersecurity challenges require an architected approach to delivering effective and efficient security solutions. Properly architected security solutions align with organisational business goals and objectives. DLC’s enterprise security architecture (ESA) services are client-centred and outcome-focused to guide each client along their unique journey to business-enabling security.

A one-size-fits-all ESA doesn’t work any more than would a single architectural plan for all buildings. Even though organisations face similar challenges in managing risk, in the end, they pursue their own goals and objectives. They face different sets of specific threats with their strengths and weaknesses that require relevant security solutions architected to meet their unique set of requirements. A cookie-cutter approach to enterprise security architecture will deliver costly and ineffectual security. The enterprise security architecture journey has as many starting points as there are organisations, and each begins the journey from its unique starting point, following its unique path to a unique ESA suited to its unique set of business requirements.

DLC uses the SABSA ESA Framework and Methodology to deliver strategy, design, implementation, and management of business-enabling security architectures. The DLC team of senior consultants brings a wide range of enterprise security architecture, security, and sector experience to each engagement. Contact DLC to learn how our business-driven approach can benefit your organisation.

Our Method - SABSA®

DLC work with some of the most experienced SABSA Masters and Practitioners in the world. We leverage The SABSA Framework for Enterprise Security Architecture, using the Architecture Matrix to structure our approach.

ASSETS
(What)
MOTIVATION
(Why)
PROCESS
(How)
PEOPLE
(Who)
LOCATION
(Where)
TIME
(When)
CONTEXTUALEnterprise VisionEnterprise RiskEnterprise Value ChainEnterprise GovernanceEnterprise GeographyEnterprise Time Dependence
CONCEPTUALAttributes FrameworkRisk & Policy FrameworkProcess FrameworkGovernance & Trust FrameworkDomain FrameworkTime Framework
LOGICALInformationPolicyInformation Flows & ServicesTrust ModelLogical DomainsTime & Sequence Model
PHYSICALDataPractices & ProceduresData Processing & MechanismsData & System GovernanceInfrastructure DomainsProcessing Schedule
COMPONENTProducts & ToolsRisk StandardsProtocol StandardsI&AM StandardsLocation StandardsTime Standards
MANAGEMENTDelivery & ContinuityRisk ManagementProcess ManagementGovernance ManagementEnvironment ManagementTime Management

Goals, Targets, Value & Assets

Opportunities & Threats

Value Chain , Core Processes, & Capabilities

Culture, Org. Structure & Relationships

Territories, Jurisdictions, Sites

Time & Sequence Dependencies

The structures that support our work, simplify complexity, and enable us to make informed decisions regarding requirements using SABSA’s normalised, measurable, in-context definition of what is important.

The structures that support our work, simplify complexity, and inform information risk and policy decisions by understanding the positive or negative effect of uncertain events on Attributes

The structures that support our work, simplify complexity, and make informed decisions regarding value chain, capability and process

The structures that support our work, simplify complexity, and make informed decisions regarding roles and responsibilities, and trust dependencies

The structures that support our work, simplify complexity, and enable us to make informed decisions regarding risk ownership, governance and policy

The structures that support our work, simplify complexity, and enable us to make informed decisions time dependencies & sequences

The nature, organisation, categorisation & labelling of information assets such that people (author and user domains), process (information flow between domains) and capability (information transformation domains) can quickly and easily locate, deliver and re-use it

The statement of risk & performance requirements by a logical Domain Authority informing the services required to protect and enable the domain, its interactions & dependencies

The process-based exchange of information between domains

The assigned authority roles (accountability & responsibility) for a domain and for interactions and dependencies between domains

The model that defines the type and scope of dominion of authority, risk ownership & governance of logical domains

Time factors & sequence dependencies of information & services

The nature, organisation, categorisation & labelling of data assets such that process (data flow between domains) and capability (data transformation domains) can quickly and easily locate, deliver and re-use it

The statement of risk & performance requirements by a physical Domain Authority informing the mechanisms required to protect and enable the domain, its interactions & dependencies

The process-based exchange of data between physical domains

The assigned authority roles (accountability & responsibility) for a physical domain and for interactions and dependencies between domains

The type and scope of dominion of authority, risk ownership & governance of physical domains

Time factors & sequence dependencies of data & mechanisms

The material structure and configurations of data processors & repository products, tools & standards

The material structure and configurations of risk treatment products, tools & standards

The material structure and configurations of protocols & communications products, tools & standards

The material structure and configurations of identity & access  products, tools & standards

The material structure and configurations of location & address products, tools & standards

The material structure and configurations of time & interupt products, tools & standards

The activities required to manage operational excellence, resilience & continuity through-life

The activities required to manage Risk through-life

The activities required to manage Value Chain, Processes & Capabilities through-life

The activities required to manage Governance & Trust through-life

The activities required to manage Environment & Infrastructure through-life

The activities required to manage Time & Sequence Dependencies through-life

Focussed on Delivering Value

DLC delivers value by identifying and understanding our clients’ business needs and using those needs to drive every aspect of our Enterprise Security Architecture services. DLC’s deep expertise in applying the SABSA® Framework and Methodology assures development of ESA solutions that deliver:

  • Security that demonstrably enables the business
  • Prioritised and proportional responses to risk
  • Client and outcome centred engagement
  • Knowledge transfer