Abstract
ABSTRACT Information security is an imperative factor in organizational success, driven by the need to protect information assets. The continuous evolution of external and internal threats and the associated need to protect and secure information from exploitation of vulnerabilities has become a struggle for many organizations in both the public and private sectors. This struggle is the direct result of the narrow focus on operational security. Just as the lines between business and information technology have disappeared, so have the lines between business and information security. Some organizations simply “check the box” by performing the minimum actions required to pass or meet mandated compliance standards. Without practicing due diligence and by only meeting the minimum requirements, leads to the reactive response of exploited vulnerabilities in addition to the increase of after the fact incident investigations. Organizations need to take a proactive approach using established methodologies known to incorporate security into information technologies and systems. The Sherwood Applied Business Security Architecture (SABSA) is a solution oriented methodology for any business enterprise that seeks to enable its information infrastructure by applying security solutions within every layer of the organization. This article describes how SABSA can be integrated into organizations' existing architectures utilizing organizational business drivers.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Information Security Journal: A Global Perspective
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.