Building a Structured Security Framework

Drew and Allan were skeptical about SABSA, as it is a model one CISO friend described as being "only good for a graduate student writing a paper!"  Another CISO pointed out that SABSA was designed long before modern engineering practices.

Andrew Townley, a long-term SABSA consultant, on the other hand, gets straight to the practicality of it.  There is indeed an academic and theoretical foundation behind SABSA, but it is most definitely leveraged for one purpose -  to achieve desirable business outcomes.

Drew and Allan ask:

• What is SABSA's purpose?
• Is Andrew's specific practically applied methodology a deviation from the official SABSA cannon?
• How can prove its effectiveness?  What are the practical business outcomes?

Both Allan and Drew walk away with enough curiosity to dig into SABSA more.

Note that Andrew several times also cites the work of Russell Ackoff, another academician who enjoyed a rather brilliant career as a business consultant - grounding his systems theory into meaningful business practicality.

More on Russell Ackoff here:

https://en.wikipedia.org/wiki/Russell_L._Ackoff