On May 16, 2019, the inaugural SABSA World Toronto was held with 30 security architects at the Deloitte Toronto main office. This was the first SABSA World held in Canada to get the local group of SABSA security architects to discuss common issues and learn more from each other.
The group was welcomed to the SABSA World event with an overview of the SABSA World objectives and a quick overview of progress that the SABSA Institute has made over the past while presented by John Czaplewski (@jczaplewski). The event benefitted from recent and current SABSA training events provided in Toronto.
The first session of the evening was presented by Chul Choi, a Director at Deloitte, on SABSA and Archimate. Chul provided an insightful overview and demonstration on how the Open Group Archimate enterprise architecture modelling tool can be applied to support a SABSA security architecture. He demonstrated the value and power that the tool can bring to defining and maintain the various relationships and manage the complexities of an architecture.
The second session of the evening was presented by myself, also a director at Deloitte, on the SABSA Enhanced NIST Cybersecurity Framework (SENC) project. This SABSA Institute sponsored project to propose enhancements to the NIST Cybersecurity Framework. The project will potentially define and contribute a method to leverage the SABSA business attribute profiling method to provide a solid connection from the business risks to the categories and subcategories of the NIST Cybersecurity Framework to provide a continuous line of sight for measurements and traceability that monitor and manage the effectiveness of the framework in support of the enterprise security program. The SENC project would like to define and provide recommendations to NIST to be included as framework enhancements, an informative reference or additional resources.
The remaining time at SABSA World was spent networking over “refreshments” and a selection of hot and cold appetizers. This was the first of many SABSA World events in Toronto. It was an opportunity to establish and maintain a network of common interest centered around the application of SABSA to effectively manage business risk.