In this issue we shall look at BYOD with a view to identifying the major risk factors affecting the design of a technical architecture supporting BYOD as a way of working, suing as always the SABSA way of thinking. The most important thing to consider is the business risk – from both sides of the employer/employee relationship, and from both […]
SSC Project: Call for Participants to develop a Security Services Catalogue
Member-only Content Dear Visitor This content is restricted to members only. Please consider becoming a member of The SABSA Institute to access member-only content. Already a Member? Log-in
The Attributer’s Blog – Patched
In the previous issue of this article we looked at the SABSA Business Attribute ‘Risk Managed’, taking the very highest level ‘helicopter view’. In this issue we shall examine a detailed technical example – looking from the bottom up, rather than from the top down. Software patching is a standard security measure for maintaining the integrity of IT systems, and […]
The Attributer’s Blog – Risk Managed
Ever since the very first version of the SABSA Business Attributes taxonomy developed in early 2000, one of those attributes has been ‘risk managed’. Fourteen years later one might ask the question: “What does that mean? Surely SABSA is all about risk management. One might as well say SABSAised.” Yes, that would be a fair comment, because the evolution of […]
The Attributer’s Blog – Owned
One of the thorniest issues in information security is the matter of ownership. Who is the owner of the data/information? In SABSA this is especially important because the owner will be the person who makes policy about how that data/information should be protected, against which threats, and for exploiting which opportunities. An owner is a domain authority for all data/information […]