The complexities of today’s cybersecurity challenges require an architected approach to delivering effective and efficient security solutions. Properly architected security solutions align with organisational business goals and objectives. DLC’s enterprise security architecture (ESA) services are client-centred and outcome-focused to guide each client along their unique journey to business-enabling security.
A one-size-fits-all ESA doesn’t work any more than would a single architectural plan for all buildings. Even though organisations face similar challenges in managing risk, in the end, they pursue their own goals and objectives. They face different sets of specific threats with their strengths and weaknesses that require relevant security solutions architected to meet their unique set of requirements. A cookie-cutter approach to enterprise security architecture will deliver costly and ineffectual security. The enterprise security architecture journey has as many starting points as there are organisations, and each begins the journey from its unique starting point, following its unique path to a unique ESA suited to its unique set of business requirements.
DLC uses the SABSA ESA Framework and Methodology to deliver strategy, design, implementation, and management of business-enabling security architectures. The DLC team of senior consultants brings a wide range of enterprise security architecture, security, and sector experience to each engagement. Contact DLC to learn how our business-driven approach can benefit your organisation.
DLC work with some of the most experienced SABSA Masters and Practitioners in the world. We leverage The SABSA Framework for Enterprise Security Architecture, using the Architecture Matrix to structure our approach.
ASSETS (What) |
MOTIVATION (Why) |
PROCESS (How) |
PEOPLE (Who) |
LOCATION (Where) |
TIME (When) |
|
---|---|---|---|---|---|---|
CONTEXTUAL | Enterprise Vision | Enterprise Risk | Enterprise Value Chain | Enterprise Governance | Enterprise Geography | Enterprise Time Dependence |
CONCEPTUAL | Attributes Framework | Risk & Policy Framework | Process Framework | Governance & Trust Framework | Domain Framework | Time Framework |
LOGICAL | Information | Policy | Information Flows & Services | Trust Model | Logical Domains | Time & Sequence Model |
PHYSICAL | Data | Practices & Procedures | Data Processing & Mechanisms | Data & System Governance | Infrastructure Domains | Processing Schedule |
COMPONENT | Products & Tools | Risk Standards | Protocol Standards | I&AM Standards | Location Standards | Time Standards |
MANAGEMENT | Delivery & Continuity | Risk Management | Process Management | Governance Management | Environment Management | Time Management |
Goals, Targets, Value & Assets
Opportunities & Threats
Value Chain , Core Processes, & Capabilities
Culture, Org. Structure & Relationships
Territories, Jurisdictions, Sites
Time & Sequence Dependencies
The structures that support our work, simplify complexity, and enable us to make informed decisions regarding requirements using SABSA’s normalised, measurable, in-context definition of what is important.
The structures that support our work, simplify complexity, and inform information risk and policy decisions by understanding the positive or negative effect of uncertain events on Attributes
The structures that support our work, simplify complexity, and make informed decisions regarding value chain, capability and process
The structures that support our work, simplify complexity, and make informed decisions regarding roles and responsibilities, and trust dependencies
The structures that support our work, simplify complexity, and enable us to make informed decisions regarding risk ownership, governance and policy
The structures that support our work, simplify complexity, and enable us to make informed decisions time dependencies & sequences
The nature, organisation, categorisation & labelling of information assets such that people (author and user domains), process (information flow between domains) and capability (information transformation domains) can quickly and easily locate, deliver and re-use it
The statement of risk & performance requirements by a logical Domain Authority informing the services required to protect and enable the domain, its interactions & dependencies
The process-based exchange of information between domains
The assigned authority roles (accountability & responsibility) for a domain and for interactions and dependencies between domains
The model that defines the type and scope of dominion of authority, risk ownership & governance of logical domains
Time factors & sequence dependencies of information & services
The nature, organisation, categorisation & labelling of data assets such that process (data flow between domains) and capability (data transformation domains) can quickly and easily locate, deliver and re-use it
The statement of risk & performance requirements by a physical Domain Authority informing the mechanisms required to protect and enable the domain, its interactions & dependencies
The process-based exchange of data between physical domains
The assigned authority roles (accountability & responsibility) for a physical domain and for interactions and dependencies between domains
The type and scope of dominion of authority, risk ownership & governance of physical domains
Time factors & sequence dependencies of data & mechanisms
The material structure and configurations of data processors & repository products, tools & standards
The material structure and configurations of risk treatment products, tools & standards
The material structure and configurations of protocols & communications products, tools & standards
The material structure and configurations of identity & access products, tools & standards
The material structure and configurations of location & address products, tools & standards
The material structure and configurations of time & interupt products, tools & standards
The activities required to manage operational excellence, resilience & continuity through-life
The activities required to manage Risk through-life
The activities required to manage Value Chain, Processes & Capabilities through-life
The activities required to manage Governance & Trust through-life
The activities required to manage Environment & Infrastructure through-life
The activities required to manage Time & Sequence Dependencies through-life
DLC delivers value by identifying and understanding our clients’ business needs and using those needs to drive every aspect of our Enterprise Security Architecture services. DLC’s deep expertise in applying the SABSA® Framework and Methodology assures development of ESA solutions that deliver: