SF - 3.06.0 - Management Frameworks
There are a few business and management oriented frameworks which I would like to discuss together. First because they are primarily business-oriented frameworks, rather than security oriented frameworks, and secondly because all three of them have a graphical component which makes it easier to discuss when they are visible, or displayed in graphical format.
The first that I would like to mention is the Calder-Moir framework. This is a kind of a two-dimensional breakdown framework, which also appears to have been influenced by the color wheel. There is a radial breakdown of topics, with an outer radial break down some setting and breakdown of the original topics. The inner circle is the conceptual breakdown, most suitable for Board level discussions, while a middle layer breaks down further into management topics, while the outermost layer goes into operational detail, and actually points to a number of other frameworks.
Next is the Balanced Scorecard. The Balanced Scorecard is a kind of a breakdown framework, in that it breaks your business down into four different conceptual areas or categories. For each of these there is a scorecard, given a something of a further breakdown of topic areas within those logic larger topics. The point of the balance scorecard, and it is a very interesting one, is that once you have assessed your business in these four categories, you concentrate your efforts on the area where the scorecard gives you the lowest score. This makes a lot of sense. Once you have found out where you are weakest, shore up that particular area, rather than concentrating your efforts on areas where you do have a more reasonable score already.
Finally, there is the Zachman Framework. This is last on the list, but definitely by no means least. The Zachman Framework is very broadly used and highly regarded in both business and security. Although there is no particular security identification, other than business management, in the Zachman Framework itself, the Zachman Framework has been modified as the Sherwood Applied Business Security Architecture, or SABSA framework.
The Zachman Framework is a a breakdown framework. It forms a two-dimensional grid, where one axis looks at different sizes of business units or contexts within your enterprise, and the other axis generally asks the w5 plus h questions: what, who, why, when, where, and how. The thing is, that when you think about it, and consider it against the phases of system development or project management, with a little re-arrangement you get a very good match. This makes a lot of sense in terms of a breakdown structure, and it is unsurprising that SABSA has been a successful security architecture based upon it. Based upon SABSA, and following the advice of a colleague, I have, myself, use the framework to structure planning tools for both business continuity, and incident response, specifically.
Security frameworks (SF) series:
Introduction and ToC: https://fibrecookery.blogspot.com/2026/06/security-frameworks-sf-0000-intro-and.html
No comments:
Post a Comment