The conceptual layer translates business requirements into high-level security principles and strategies. Stakeholders at this level are primarily enterprise and security architects, who ask questions such as: What security services do we need? What control objectives will address our business risks? The output is a conceptual security architecture—a blueprint that defines the overall strategy without yet committing to specific technologies. Using the earlier financial example, the conceptual requirement might be "All customer transactions must be protected by encryption and multi-factor authentication." The conceptual layer of SABSA is often aligned with frameworks like the Zachman Framework, which shares a similar matrix structure for enterprise architecture.
Moving away from implicit perimeter trust to explicit, continuous verification. sabsa security architecture framework pdf 14 patched
and risk-based framework used to align IT security with organizational goals. It is structured into six layers of abstraction: David Lynas Consulting Contextual Architecture: Business requirements and goals (The Business View). Conceptual Architecture: Architecture view and strategy (The Designer's View). Logical Architecture: Information and security services (The Builder's View). Physical Architecture: Data and technology mechanisms (The Tradesman's View). Component Architecture: and risk-based framework used to align IT security