Information security is an imperative factor in organizational success, driven by the need to protect information assets. The continuous evolution of external and internal threats and the associated need to protect and secure information from exploitation of vulnerabilities has become a struggle for many organizations in both the public and private sectors. This struggle is the direct result of the narrow focus on operational security. Just as the lines between business and information technology have disappeared, so have the lines between business and information security. Some organizations simply "check the box" by performing the minimum actions required to pass or meet mandated compliance standards. Without practicing due diligence and by only meeting the minimum requirements, leads to the reactive response of exploited vulnerabilities in addition to the increase of after the fact incident investigations. Organizations need to take a proactive approach using established methodologies known to incorporate security into information technologies and systems. The Sherwood Applied Business Security Architecture (SABSA) is a solution oriented methodology for any business enterprise that seeks to enable its information infrastructure by applying security solutions within every layer of the organization. This article describes how SABSA can be integrated into organizations' existing architectures utilizing organizational business drivers.
