We may not have the course you’re looking for. If you enquire or give us a call on +41 315281584 and speak to our training experts, we may still be able to help with your training requirements.
Training Outcomes Within Your Budget!
We ensure quality, budget-alignment, and timely delivery by our expert instructors.
In the modern digital world, organisations always aim to improve efficiency to maintain a competitive edge over their industry counterparts. To do that, the individual departments in an organisation must understand the logical structure and component relationships. This need has encouraged IT organisations to adopt Enterprise Architecture (EA) Frameworks. The Open Group Architecture Framework (TOGAF) and Sherwood Applied Business Security Architecture (SABSA) are two instances of such EA Frameworks. Due to their prevalence as EA Frameworks, people often look to compare TOGAF vs SABSA.
An EA Framework is a collection of processes, templates and tools that is used by software teams to plan and build large Enterprise Architecture systems. TOGAF and SABSA are two of the most relevant EA Frameworks right now, and they are often compared to each other on different parameters. In this blog, we will analyse TOGAF vs SABSA – their differences and determine if they can be implemented together.
Table of Contents
1) TOGAF and SABSA: A Brief Introduction
2) TOGAF vs SABSA: What are the differences?
a) Enterprise vs Security Architecture
b) Guidance
c) Level of Detail
d) SABSA mapped to the TOGAF Framework
3) Can you implement both - TOGAF and SABSA?
4) Conclusion
TOGAF and SABSA: A Brief Introduction
Before we delve deeper into a detailed comparison of the two, we will briefly introduce SABSA and TOGAF.
TOGAF is an Enterprise Architecture Framework that helps an organisation define its business goals. It also helps align an organisation’s business goals with architecture objectives around enterprise software development. It assists in organising the enterprise software development process systematically and aims to reduce errors, stay within budget, and align IT with business units. It also helps organisations implement software technology in a structured and organised manner, focusing on meeting business goals. In simpler terms, TOGAF helps businesses align their IT goals with business objectives while organising cross-departmental IT efforts.
Sherwood Applied Business Security Architecture (SABSA) is an Enterprise Architecture Framework focusing on Information Security Architecture. It is a methodology that helps develop a risk-driven Enterprise Information Security Architecture to support critical business processes. SABSA enables the development of security infrastructure solutions that support critical business initiatives. Its main feature is that it derives everything from business security requirements, especially the requirements where security has an enabling function through which new business opportunities can be exploited.
TOGAF vs SABSA: What are the differences?
While the frameworks are both Enterprise Architecture Frameworks, they have several differences in what they provide to organisations. This section of the blog will provide a detailed comparison of the two frameworks.
Enterprise vs Security Architecture
The most important difference between the frameworks is what they provide to the organisation that implements them. While TOGAF is an Enterprise Architecture Framework that is modular in design, SABSA is considered a Security Architecture Framework.
Guidance
As mentioned before, SABSA is a specialised Security Architecture method, and SABSA does not have to account for the many Enterprise Architecture use cases. While TOGAF is a framework with a broader scope, SABSA provides you with instructions to do a singular job. SABSA consists of various techniques, approaches and templates considered the global standard in security.
Level of Detail
The contextual layer in SABSA presents the organisation with questions related to its enterprise vision and goals. However, in TOGAF, the Architecture to support strategy answers these questions. SABSA requires decisions to be made within the architecture's scope to support the strategy.
SABSA mapped to the TOGAF Framework
The TOGAF Framework provides the global standard for three central problems in Enterprise Architecture, namely – how to develop Enterprise Architecture, how to document an Enterprise Architecture and how to develop an Enterprise Architecture team.
How to develop Enterprise Architecture?
SABSA offers guidance on how to develop an Enterprise Security Architecture. The TOGAF Series Guide Integrating Risk and Security into the TOGAF Standard helps an organisation to implement the global standard in Enterprise Security Architecture.
How to document an Enterprise Architecture?
SABSA provides an organisation with a set of standard work products, such as matrices, models, and templates, to develop its Enterprise Information Security Architecture. However, it does not provide much insight into how the end-to-end Security Architecture is modelled. This is because the SABSA model is modelled on the Zachman Framework, which does not offer insight into architecture documentation.
On the other hand, the TOGAF Series Guide Integrating Risk and Security into the TOGAF Standard offers insight into where different work products are produced. It must be noted that implementing the TOGAF Content Framework with SABSA work products will improve your Enterprise Architecture.
Can you implement both - TOGAF and SABSA?
While both frameworks differ when implemented separately, it helps improve the organisation's efficiency when both are implemented together. The two architecture frameworks work smoothly when implemented together, as Security Architecture is part of Enterprise Architecture.
While TOGAF is a broader framework covering all architecture domains, SABSA covers only one. While the former is an end-to-end Enterprise Architecture Framework, the latter is a specific method-supporting Enterprise Security Architecture. While both frameworks offer something different to the organisation, they mask each other’s drawbacks when implemented together.
This idea led the SABSA Institute and The Open Group to collaborate on a couple of projects and bring the best of both worlds together. While the two frameworks were first amalgamated with the TOGAF and SABSA Integration Paper, it was followed by the TOGAF Series Guide on Integrating risk and security into TOGAF.
Instead of putting the two frameworks up against each other, an organisation should aim to integrate the two to get the best out of both. TOGAF and SABSA, when implemented together, enhances your Enterprise Architecture with the best Security Architecture approach.
Conclusion
Overall, TOGAF and SABSA are two of the world's most prevalent Enterprise Architecture Frameworks. While TOGAF is an end-to-end Enterprise Architecture Framework that covers all architecture domains, SABSA supports Enterprise Security Architecture.
However, instead of TOGAF vs SABSA, one should talk about TOGAF and SABSA. While the two frameworks have their differences, they can be optimised by implementing them together. Integrating both frameworks can help an organisation improve Enterprise Architecture while strengthening security at the same time.
Frequently Asked Questions
Upcoming Business Improvement Resources Batches & Dates
Date
Mon 16th Dec 2024
Mon 13th Jan 2025
Mon 20th Jan 2025
Mon 27th Jan 2025
Mon 10th Feb 2025
Mon 17th Feb 2025
Mon 24th Feb 2025
Mon 10th Mar 2025
Mon 17th Mar 2025
Mon 24th Mar 2025
Mon 31st Mar 2025
Mon 14th Apr 2025
Tue 22nd Apr 2025
Mon 28th Apr 2025
Tue 6th May 2025
Mon 19th May 2025
Tue 27th May 2025
Mon 9th Jun 2025
Mon 16th Jun 2025
Mon 23rd Jun 2025
Mon 30th Jun 2025
Mon 14th Jul 2025
Mon 21st Jul 2025
Mon 28th Jul 2025
Mon 11th Aug 2025
Mon 18th Aug 2025
Tue 26th Aug 2025
Mon 8th Sep 2025
Mon 15th Sep 2025
Mon 22nd Sep 2025
Mon 29th Sep 2025
Mon 6th Oct 2025
Mon 13th Oct 2025
Mon 20th Oct 2025
Mon 27th Oct 2025
Mon 10th Nov 2025
Mon 17th Nov 2025
Mon 24th Nov 2025
Mon 8th Dec 2025
Mon 15th Dec 2025