Contextual Layer |
Principles of the Business View |
The first layer is the Contextual Layer also referred to as the Business View; the model doesn’t begin until the business requirements are defined. This step is critical as it prevents one of the biggest mistakes in security architecture which is to over emphasize technology components that may not be relevant and can often lead to a false sense of security (Kreizman, 2011). As an example, a high-tech manufacturer of network switches may decide to outsource their manufacturing to a new subcontractor based in Asia. This is a major departure from their existing strategy and at the same time introduces many security concerns that will need to be addressed in the architecture. The SABSA model provides a framework to guide the decision maker’s thinking to ensure most of the basis are considered.
|
The focus of this layer is to gain alignment with the business. Tough questions need to be addressed and openly discussed. For example, why are using a new subcontractor? Was their a breach with the previous subcontractor? How will the systems be used? Who will be using the system? In this case, will the employees of the overseas manufacturers be logging into our system? Where will the manufacturing take place? Will this be done in Taiwan where commerce is generally westernized or will this be performed in China with significant data confidentiality concerns can exist with the government? When will the systems be used to conduct business? Once these issues are known, the next step is to develop a conceptual security architecture.
|