The Attributer’s Blog – Business Context Aligned

The British Computer Society June newsletter featured an article by Neil Cordell. The article opens with the following statement: “When it comes to dealing with cyber security, technologists must focus more on threats and controls and less on risk”. Mr. Cordell is concerned that implementing security controls is entirely in the hands of technologists, who have no real idea of […]

The Attributer’s Blog – Patched

In the previous issue of this article we looked at the SABSA Business Attribute ‘Risk Managed’, taking the very highest level ‘helicopter view’. In this issue we shall examine a detailed technical example – looking from the bottom up, rather than from the top down. Software patching is a standard security measure for maintaining the integrity of IT systems, and […]

The Attributer’s Blog – Risk Managed

Ever since the very first version of the SABSA Business Attributes taxonomy developed in early 2000, one of those attributes has been ‘risk managed’. Fourteen years later one might ask the question: “What does that mean? Surely SABSA is all about risk management. One might as well say SABSAised.” Yes, that would be a fair comment, because the evolution of […]

The Attributer’s Blog – Owned

One of the thorniest issues in information security is the matter of ownership. Who is the owner of the data/information? In SABSA this is especially important because the owner will be the person who makes policy about how that data/information should be protected, against which threats, and for exploiting which opportunities. An owner is a domain authority for all data/information […]

The Attributer’s Blog – Valuable

In this issue we shall look at a SABSA Business Attribute that is especially slippery in its character: the attribute ‘valuable’. Value is measureable, but how reliable are those measurements? That’s the slippery bit. The concept of ‘value’ is closely coupled with risk. The concept of ‘risk appetite’ is also involved. This is best explored through a series of case […]