Should you have a question about SABSA which is not answered in these FAQs please contact us and we will be pleased to assist you in any way possible.
Is SABSA® in the Public Domain?
It depends upon what you mean by 'public domain'. According to Merriam-Webster's Dictionary of Law ©1996, public domain means:
"the realm or status of property rights that belong to the community at large, are unprotected by copyright or patent, and are subject to appropriation by anyone"
SABSA® is a registered trademark of SABSA Limited which governs and co-ordinates the world-wide development of the SABSA® Method. SABSA is protected by copyright and by definition is therefore NOT public domain.
However, SABSA intellectual property, including SABSA publications and the content of official SABSA training courses, is available to the public. These published copyright materials include the key components of the methodology. Additional components of the SABSA body of work are published exclusively to members of the SABSA Institute.
[Top of page]
Is My Organisation Entitled to Use SABSA?
Yes, any organisation, in its drive to improve its Security Architecture or Security Service Management processes and practices, may use the framework described in these publicly available resources, on condition that proper credit is listed and trademarks are reproduced.
[Top of page]
Can I Reproduce SABSA Property for My Own Purposes?
As with other leading frameworks considered to be publicly available (such as ITIL®) it is NOT true that the contents of official training courses or publications can be appropriated by anyone and everyone for reuse, reproduction or republication without the express permission of SABSA Limited and its publisher CMPBooks. SABSA Limited owns SABSA, and the SABSA materials are protected by copyright law.
If you wish to reuse, reproduce or republish any part of a SABSA publication, please contact us. Permission to reproduce SABSA property is not normally withheld.
All organizations should be aware that SABSA materials and methods obtained without permission, or from any source other than those listed on this web site as authorised and accredited, are unauthorised and in breach of copyright law.
[Top of page]
Is SABSA Compatible with Other Methods, Models & Standards?
SABSA contains numerous references to other methods, models and standards but does not conflict or compete with them in any way. The SABSA approach provides the overarching framework that binds them all together into a single holistic view of how to design and manage enterprise security. SABSA is the 'umbrella' approach that enables an architect to demonstrate and manage compliance with the unique set of standards and drivers that are most suited to the specific needs of the enterprise.
[Top of page]
As an Employer or User Organisation, How Do I Know That My Service Provider Has The Appropriate Skills?
This has become a major issue as the use of SABSA has grown world-wide since 1995. Consulting and Professional Services organisations, as well as individual professionals, make claims regarding their experience and competency as SABSA Enterprise Security Architects. SABSA Limited and the SABSA Institute provide user organisations and employers with a free service to validate the credentials of their suppliers or individual professionals.
The SABSA Certification framework is a comprehensive, competencies-based testing programme that provides employers with confidence and assurance that employees, job candidates, and contractors have the professional capability to meet the needs of their particular business. If the individual does not hold a current SABSA Certificate then their assertion of competency cannot be verified.
Professional Services and Consulting Organisations can be accredited as Authorised SABSA Providers. Accredited origanisations are issued with a SABSA 'kite mark' after meeting stringent requirements for training and certification of their staff, and must deploy SABSA Certified professionals on their engagements.
[Top of page]
What is the Role of the SABSA Institute?
The Institute is the professional member and certification body for Enterpise Security Architects of all specialisms and at all career levels. The SABSA Institute is the division of SABSA Limited tasked with providing services to member users and assurance to employers and user organisations through the on-going development and management of the SABSA Certification and Education programmes world-wide.
[Top of page]
Why Should I Join the SABSA Institute?
Institute membership is low cost. The SABSA Institute exists to provide user organisations and professional peers with confidence and assurance that the architects and security professionals employed or contracted to design, deliver, and manage business security architectures fully understand 'best practice' Enterprise Security Architecture as delivered by the SABSA Method and are proficient in using it to an acceptable standard.
[Top of page]
Why is SABSA Certification Different From the Many Other Security Certifications in an Already Confused Market?
The SABSA Certification framework is a comprehensive, competencies-based testing programme that provides employers with confidence and assurance that employees, job candidates, and contractors have the professional capability to meet the needs of your particular business. The framework, and its associated training programme, go much further than other certification efforts which are largely knowledge-based. The SABSA programme is designed to develop and enhance professional capabilities in a measurable way.
[Top of page]
As a Professional, Why Should I Obtain SABSA Certification?
Your SABSA Certificate will elevate the recognition of your status, trust, and professionalism. It will provide far greater assurance to employers and clients about your professional capabilities. SABSA certification will also enable you to create a specific career roadmap to plan the advancement of your career in the architecture-related specialisms most suited to your needs, and to demonstrate your increasing competency thus enabling you to differentiate yourself from non-SABSA-Certified professionals.
[Top of page]
May I Use SABSA Materials in My Training Courses?
It depends on whether you wish to provide official SABSA training leading to SABSA certification or to simply reference SABSA as a component of other training initiatives and programmes.
As with ITIL, use of SABSA materials for commercial training purposes requires individual Master level certification of the trainer. Authorised SABSA Education Providers meet stringent requirements for quality of personnel and training delivery.
If you wish to reference, reproduce or republish, or incorporate any part of a SABSA publication as a component of your own training initiative or programme, please contact us.
All organisations should be aware that SABSA training materials and methods reproduced without permission, or from any source other than those listed on this web site as authorised and accredited, are unauthorised and in breach of copyright law.
[Top of page]
As a Service Provider, Why Should My Organisation Obtain SABSA Accreditation?
SABSA accreditation provides your clients or business partners with high levels of confidence and assurance that the professionals you deploy on engagements to design, deliver, and manage business security architectures fully understand 'best practice' Enterprise Security Architecture as delivered by the SABSA Method and are proficient in using it to an acceptable standard. The recognition and elevated professional status and trust afforded by SABSA accreditation provides you with competitive advantage in commercial bids and contracts.
Accredited organisations are issued with a SABSA 'kite mark' after meeting stringent requirements for training and certification of their staff, and must deploy SABSA Certified professionals in positions appropriate to their engagements.
[Top of page]
Who Uses SABSA?
SABSA has been deployed and progressively improved in many client organisations around the world since its original development in 1995.
The industry sectors of those clients include banking, insurance & financial services, government administration, defence, chemicals, pharmaceuticals, civil aerospace, media & entertainment and telecommunications. The geographical spread of these clients covers many countries across several continents, including North America, Europe and Australasia.
SABSA is the standard approach and method of choice in many national and global scale organisations including Government Departments. Announcements are pending regarding further large-scale adoption on a Whole-of-Government basis and by global service provider organisations.
As SABSA is a published work, there are very many organisations using the method which (prior to the release of the certification programme) did not have reason to report their work to the SABSA Institute. There are frequent and many examples of such work although the Institute becomes aware of their use only through second hand reports or publications.
The SABSA Directors also maintain a list of organisations with which they have personal experience or first-hand knowledge in using the method. A cross-section of organisations that have benefited from SABSA in this way include those listed in the case studies below.
[Top of page]
RISK MANAGEMENT IN ELECTORAL SYSTEMS & INTERNET VOTING
The user is a national Electoral Commission. As part of a feasibility study into the possible introduction of electronic voting to the federal electoral system, the Electoral Policy unit commissioned an independent risk assessment from a reputable technology supplier. The results were technically focused and expressed, relating only to ‘assets’ such as the application, the network, and the computer devices. The commission deployed business-driven SABSA methods including development of a Contextual Architecture, SABSA Attributes Profile, and Risk Profile. The process was initiated using a Fast-Track™ over a single weekend and resulted in immediate executive endorsement.
The commission subsequently developed world-leading real-time risk manager system which is now in use on a daily basis
LARGE MULTINATIONAL BANKING GROUP
The Bank used SABSA for a single application development project in the area of high-value internet transactions. Like many organisations of this type, very significant IT investment had been made over a period of more than twenty years. However the investment had been made on a piecemeal tactical basis resulting in a very diverse operating environment.
The Bank was faced with a very high-risk development with considerable integration and inter-operability challenges, particularly in utilising batch processed account information in a real-time decision system.
SABSA was chosen to ensure strategic development could be achieved that would be both legacy sensitive and would take the Bank ‘off-risk’ as required by the auditors and board.
On successful completion SABSA was adopted on a group-wide basis by the Architecture team.
HEATH CARE FINANCING ADMINISTRATION
HCFA is the US Federal Health Care Financing Administration now known as the Centre for Medicare Services (CMS). They are also the authors and governing party of HIPAA (the Health Information Portability and Accountability Act). To comply with US federal regulation in the Clinger-Cohen Act, HCFA was required to design and deploy Enterprise Architecture.
Lockheed Martin was engaged to deliver according to the Zachman architecture model but the model did not provide security architecture or a method for integrating security with the business architecture.
SABSA® was chosen after an exhaustive two and a half year search for a method that was sufficiently flexible as to cope with their complex business environment and meet their unique set of requirements.
GLOBAL FINANCIAL TELECOMMUNICATIONS
The world’s largest financial telecommunications provider processes financial messages to a value of many hundreds of billions of US$ per day with each message carrying substantial liability. They were the world’s first user of the SABSA method in the mid 1990s.
One of the world’s leading manufacturers of aircraft has assets and systems spread across a number of countries.
When a client purchases an aircraft it is said that the weight of the supporting documentation is greater than the weight of the aircraft. The drivers for Architecture at this company involved development and adoption of new enabling technologies to move the support function to an electronic platform and provide on-line hugely complex engineering information to assist the sales and support functions. Integrity, confidentiality, and availability of on-line support information directly affected customer-purchasing decisions and became the key driver for Security Architecture.
Interviews were conducted across all group-owning companies and on deployment of the resulting architecture the company achieved its business targets.
NATIONAL BENEFITS AGENCY
A large national social security benefits agency and the hub of Whole-of-Government technology services to the public, adopted SABSA in 2003.
The agency had a need to create new IT Infrastructure and management processes capable of supporting a new business model that involved delivering electronically an extensive set of government services to the population of the nation. The program had chosen the Zachman framework as the basis for their approach but quickly concluded that whilst this was an excellent academic model it provided no real method for achieving real-world results in the area of Security. The agency commissioned SABSA® as the working method for both security and deployment of the Zachman architecture initiative.
A full and very successful Fast Track™ was conducted involving many members of the Executive Board, IT Management, and the Security team.
GLOBAL CHEMICALS CONGLOMERATE
A global, complex and highly distributed business consisted of hundreds of subsidiary companies and a dynamic approach to aquiistin, divestiture and mergers. At the time of the original SABSA project all management was distributed to the local businesses except for a small number of ‘reserved powers'.
The primary drivers for Architecture were to build world-wide technical infrastructure to enable new technologies, create a standard desktop operating environment world-wide to reduce support costs, and to enforce a baseline of standard security services that could be scaled and adapted to local business needs. Flexibility was vital as during the project the company divested or acquired more than fifty businesses. The standard environment was subsequently outsourced.
The SABSA approach was chosen to ensure appropriate input and buy-in from the unit executives world-wide.