SABSA Matrix

For detailed analysis of each of the six layers, the SABSA Matrix also uses the same six questions that are used in the Zachman Framework and which were so eloquently articulated by Rudyard Kipling in his poem ‘I Keep Six Honest Serving Men’: What, Why and When, How, Where and Who?  For each horizontal layer there is a vertical analysis as follows:

• What are you trying to do at this layer? – The assets to be protected by your security architecture.
• Why are you doing it? – The motivation for wanting to apply security, expressed in the terms of this layer.
• How are you trying to do it? – The functions needed to achieve security at this layer.
• Who is involved? – The people and organisational aspects of security at this layer.
• Where are you doing it? – The locations where you apply your security, relevant to this layer.
• When are you doing it? – The time-related aspects of security relevant to this layer.

These six vertical architectural elements are now summarised for all six horizontal layers.  This gives a 6 x 6 matrix of cells, which represents the whole model for the enterprise security architecture.  It is called the SABSA Matrix (see below).  If you can address the issues raised by each and every one of these cells, then you will have covered the entire range of questions to be answered, and you can have a high level of confidence that your security architecture is complete.  The process of developing an enterprise security architecture is a process of populating all of these thirty-six cells.

The SABSA Matrix for Security Architecture Development