CISSP-ISSAP · Question #15
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastru
The correct answer is B. Sherwood Applied Business Security Architecture. Sherwood Applied Business Security Architecture (SABSA) is the correct answer because it is specifically designed to develop risk-driven enterprise information security architectures and align security infrastructure with business initiatives - matching both stated objectives of
Question
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?
Options
- AService-oriented architecture
- BSherwood Applied Business Security Architecture
- CService-oriented modeling framework
- DService-oriented modeling and architecture
How the community answered
(31 responses)- B94% (29)
- C3% (1)
- D3% (1)
Explanation
Sherwood Applied Business Security Architecture (SABSA) is the correct answer because it is specifically designed to develop risk-driven enterprise information security architectures and align security infrastructure with business initiatives - matching both stated objectives of the CSO exactly. SABSA uses a layered business-driven approach (similar to TOGAF but security-focused) that traces security controls directly back to business risk and strategy.
The three distractors - Service-Oriented Architecture (A), Service-Oriented Modeling Framework (C), and Service-Oriented Modeling and Architecture (D) - are all software/IT design methodologies concerned with structuring applications as interoperable services. They have nothing to do with enterprise security architecture or risk management, making them easy to eliminate once you recognize the "service-oriented" prefix as an IT design concept, not a security one.
Memory tip: Think SABSA = Security Architecture Backed by Business Strategy. If a question mentions "risk-driven" + "enterprise security architecture" + "business alignment" together, that combination is the SABSA signature - no other common framework checks all three boxes simultaneously.
Topics
Community Discussion
No community discussion yet for this question.