Misconception(s) of SABSA

Recently, I had a conversation with an Executive, who has so may years of experience in Cybersecurity consulting, the topic of the discussion was that SABSA is alien to people, so it is useless and we should stop using it! From, his point of view, he doesnt understand SABSA hence the dismissal.

It is my personal policy that I dont comment on things that I dont understand. Whilst this is personal policy, I believe should be defacto for many like-minded people. Simply, because you dont understand a concept/technology etc, that means its adoption is not good.

SABSA is not a presciptive standard, with black or white implementation e.g. PCI DSS. SABSA is risk-based, and business focused information security architecture developnent framework. What this means, should be used as a guide, rather than set in stone blueprint to be used to build enterprise security architecture. As soon as Cybersecurity architect and consultants understand this, then SABSA can be useful for organisation, until then it will still be alien framework!

Author: kinyoka

A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS. A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA. Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. . Specialties: ISMS based on ISO/IEC 27001/2 Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC) IT Governance, Risk and Compliance (GRC) Management Cyber Security Penetration Testing Enterprise Security Architecture Technical Security Architecture

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: