Here I attached an assignment for the Component Security Layer which again was useful in my career because it demonstrated the flow of requirements from business drivers down through actual security components. The Component Security Architecture layer of the SABSA® model takes the physical deliverables and chooses which components (from a selection of products) to meet the physical needs. Thus, the deliverables from this phase include (Sherwood, Clark, & Lynas, 2005, pp 124):
References
- An updated data dictionary, defining the syntax rules of all the data structures required by the security architecture
- A framework for security standards and a list for all the security standards that are required-although the detailed content of the individual standards will probably not be developed here.
- A list with descriptions and specifications of all strategic technologies, products, and tools which have been selected, with guidance for project teams as to how, why, where, and when they should be used.
- A naming scheme and a framework for defining roles, identities, access privilege profiles, etc.
- Detailed design of the security specific infrastructure
- Detailed specification of procedural step timings and sequences needed to implement the control structure execution model from the layer above.
References
- Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture - A Business-Driven Approach. Boca Raton: CRC Press.