Sabsa Vs Togaf _best_ -

| Phase of TOGAF ADM | How SABSA Adds Value | |--------------------|------------------------| | | SABSA contextual layer helps define security principles, risk appetite, and business drivers. | | Phase A (Architecture Vision) | SABSA conceptual layer translates business risks into security goals and success criteria. | | Phase B (Business Architecture) | SABSA’s business view ensures security requirements are captured as functional / non‑functional requirements. | | Phase C (Data / Application) | SABSA logical & physical layers define security controls (e.g., data classification, encryption, access control). | | Phase D (Technology) | SABSA component layer specifies security infrastructure (firewalls, IDS, IAM). | | Phase E–F (Opportunities & Migration) | SABSA operational layer feeds into security project roadmaps and transitional architectures. | | Phase G (Governance) | SABSA’s assurance and metrics support ongoing security compliance and audit. | Best practice : Use TOGAF ADM as the process engine and SABSA as the security design method embedded inside it. 4. When to Use Which? | Scenario | Recommended | |----------|--------------| | You need a complete enterprise architecture framework (business, data, app, tech, plus governance). | TOGAF | | You are designing or auditing a security architecture from scratch. | SABSA | | Your organization already uses TOGAF and needs to add rigorous security architecture. | SABSA + TOGAF (embed SABSA into ADM) | | You are a security architect in a non‑enterprise‑architecture mature org. | SABSA (lightweight) | | You need a common framework to align multiple teams (business, IT, security, operations). | TOGAF (with security cross‑cutting) | 5. Summary Table | Feature | SABSA | TOGAF | |---------|-------|-------| | Domain | Security architecture | Enterprise architecture (all domains) | | Lifecycle process | Not prescribed | Yes (ADM) | | Core artifact | 6‑layer security matrix | Architecture deliverables (e.g., Architecture Definition Document) | | Risk model | Built‑in (business‑driven) | Referenced (not built‑in) | | Certifications | SABSA Foundation / Practitioner / Master | TOGAF 9 / 10 (Level 1 & 2) | | Industry recognition | High in security architecture | Very high in general enterprise architecture | | Best used as | Security design framework | Overall architecture process framework | Final Takeaway SABSA tells you what a good security architecture looks like and why . TOGAF tells you how to build any architecture (including security) in a structured, repeatable way. Use TOGAF to run the architecture development lifecycle. Use SABSA inside TOGAF’s security‑related tasks to ensure the result is complete, traceable, and risk‑driven.

Together, they form a .