
For PlantUML tool usage, check my Udemy course "Learning and Practicing PlantUML (UML Modeling Language) with Live Demo" for detail
Figure 16: Principles in the ArchiMate Motivation Hierarchy
Highlighting the Control Hierarchy Mismatch (i)
Highlighting the Control Hierarchy Mismatch (ii)
Figure 19: Achieving the Desired Hierarchy
Figure33: Avoid RACI Entanglement
a) A Pattern Repeated in Multiple Views
b) ... Caused Entanglement in the Underlying Model
Figure 34: Recommended RACI Patterns
a) Solved by a Tertiary Relationship
b) Solved by Specialization of an Abstract Base Role
Figure 35: Possibilities for Modeling Threat Actors
a) Something you are? (a throughly bad person)
b) Opportunist Exploit? (a trusted employee falls to temptation)
c) Something you do? (a wrong action)
Figure 36: Sensitivity in the Representation of Threats
a) Avoid unnecessary offence
b) Acknowledge the risk without personalizing it
c) Avoid assigning motive
Table 28: SABSA Contceptual Architecture, documented in Protege Ontology editing tool
Figure 37: Developing the SABSA Conceptual Security Architecture
Figure 42; Business Risk Analysis Process
Figure 43: Compliance Metamodel, built in Archi's sketch view
Figure 44: An Example Compliance Model
Figure 45: Control Consolidation
Figure 46: Possible Duplicate Objectives, Coupled Through Attribute Profile
Figure 48: What the Security Overlay Would Like to Express
Figure 49: What the ArchiMate Specification Supports
Table 29: Elements used in Logical Access Management
Figure 50: Modeling Identity and Role Concepts
Figure 51: Common Examples of Signals Crossing Domain Boundaries
Figure 52: Simply Trust Relationships using Flow
Figure 53: Trust Attributes Associated with Inter-Domain Signals
Table 30: Elements and Relationships used in Trust Modeling
Figure 55: A better solution using Architectural Models to identify Critical Applications
Table 34: Application Component Properties
Table 35: Data Object Properties Schema, including «Defect», «Security Configuration», «Malware», and Data Object
Table 36: Application Behavior Availability Properties
Figure 62: Modeling Authentication in the Primary Architecture
Figure 63: Example of Registration and Provisioning in Secondary Architecture
Table 37: Security Properties of Elements used in the Logical Layer
Figure 65: Stereotype of Artifact
Figure 66: Configuration Files
Schema documented via JSON on:
Technology Service
Technology Process / Technology Function
System Software
Technology Interface
Schema documented via JSON on:
«Executable»
«Data»
«Defect»
SABSA® (Sherwood Applied Business Security Architecture) is a methodology for developing risk-driven enterprise information security and information assurance architectures and for delivering security infrastructure solutions that support critical business initiatives. It is an open standard, comprising a number of frameworks, models, methods and processes, free for use by all, with no licensing required for end-user organizations who make use of the standard in developing and implementing architectures and solutions. (Source: W100 - SABSA® White Paper)
Are you a security architect looking to make the SABSA framework more tangible? Or an enterprise architect needing to integrate a robust security overlay into your ArchiMate models? This course transforms the theoretical "Sherwood Applied Business Security Architecture" (SABSA) into a visual, actionable practice using the industry-standard ArchiMate language and the open-source Archi tool.
Why this course? SABSA is renowned for its business-driven logic, but creating its numerous artifacts at scale can be challenging. By leveraging ArchiMate’s extensibility, you will learn to build a "Security Overlay" that ensures traceability from business goals down to physical controls.
What You Will Learn:
The Rationale for Alignment: Why combining SABSA and ArchiMate is the "gold standard" for modern secure EA.
The Motivation Aspect: Modeling business drivers and security attributes using ArchiMate’s Motivation extension.
Layer-by-Layer Modeling: A step-by-step journey through Contextual, Conceptual, Logical, and Physical security architectures.
Tooling Excellence: How to use Archi (and advanced tools like jArchi scripts, PlantUML, and JSON) to automate and validate your models.
Practical Case Studies: Hands-on practice following patterns from the official "Guide to Modeling SABSA with the ArchiMate Specification."
Who is this for?
Security Architects wanting to move beyond spreadsheets and into model-based engineering.
Enterprise Architects (TOGAF/ArchiMate certified) looking to specialize in security.
Consultants who need to demonstrate compliance and risk management visually to stakeholders.
Through learning the Security Overlay modeling, you'll get chance to practice Archi, JSON, Protege, as well as FreePlane, enjoy!