TSI T100 – Modelling SABSA with ArchiMate – Available on Members Pre-release.
This White Paper describes how security architecture concepts can be expressed using ArchiMate 3.0, the latest version of The Open Group’s widely adopted Enterprise Architecture (EA) modelling language. This enables an integrated approach to producing SABSA artefacts created with standard EA notations and tooling.
Visit the Members Resources section to view.
11 thoughts on “Modelling SABSA with ArchiMate”
This is an excellent paper and I’m trying to get my head around it. Archi seems to offer good capability for modelling SABSA but steep learning curve for me. Would be good to get hold of sample files with the model examples in the paper, so we can play along with the story.
Hi David,
I’ve used Archimate 3.0 and earlier iterations often and would be able to take you through some things I’ve done and discuss my experiences. Let me know.
Regards,
Jonathan
Hi David,
I just presented this paper in the form of a Workshop at COSAC for which I shared a small example model.
While it doesn’t cover everything in the paper, it does demonstrate a few of the validations discussed e.g. validating a Control Profile or conducting a Critical Application Audit.
There are plan to set up a ‘Tools & Techniques’ Group on the TSI site but in the meantime, if you’d like to connect privately with your email or LinkedIn details, I’d be happy to share this model out of band.
Regards
Hi Steve,
I’m probably late to the party, but I’d like to connect to discuss the ArchiMate tool (Arch v5.1). In particular, using the tool to map out SABSA’s six layer approach. Thanks
Hi,
I’m probably missing something, but how do I use the xsd files in Archi? If I import via the Open Exchange File option I get an error “Cannot find the declaration of element ‘xs:schema’. What am I doing wrong?
Hi Sander,
The quick answer is that the .xsd files are not intended to be used directly within Archi.
They are means to provide a more formal definition (as an XML Schema) for the ArchiMate concepts & attribute profiles that are used in the Security Overlay. They are also the basis for the HTML documentation generated using XMLSpy.
Having said that, the other reason that they are posted on the SABSA site is that, as part of the ‘Modelling SABSA with EA Tools’ course, we use a jArchi script to read the .xsd files and then open a Dialog box for context-sensitive attribute-profile data entry.
Hi Steven,
Thank you for your quick response. I thought I could use the Security Overlay to add the different Security related properties to the different Archimate Elements. If I understand you correct, I have to do this via jArchi via a Dialog box?
Best regards,
Sander
Hi Sander,
That’s correct – the Security Overlay proposes a ‘standard’ for a security attribute profile covering existing ArchiMate concepts and the new ones added for the Conceptual view. The Schema presents this definition in a more formal, machine-readable form.
When you start working heavily with attribute profiles, you soon find that it can be quite burdensome to remember and manually input all the properties required for a given element: whether they are optional or mandatory, their type, value range, default values etc. – especially as in-built tool support for profiles varies. So this is where having a script to help automate the completeness and correctness is not essential, but is a very strong benefit.
Not only for productivity, but as these profiles are subsequently used for model validation & security analytics, the schema helps ensure date consistency, completeness and avoidance of typing errors.
data consistency 🙂
Hi Steven,
Great, thank you very much. That makes sense. I’ll start looking at that.
Best regards,
Sander
BTW: The course is running next month (2 afternoons & evenings to cover North American time zones).
Next one in EMEA daytime is 22-23 October.