Is TOGAF Bringing the “S” to BAIT with SABSA?

In my last post I wrote about the Open Group TOGAF and SABSA integration announcement. This shows both a real sense of partnership with leading industry bodies and it seems like a step in the right direction to advance the TOGAF method, models and tools with security and risk management content.

But does this published whitepaper on the integration of SABSA’s Risk and Security Management practices really add Security and Risk Management to TOGAF? On the surface,  there are quite a few gaps SABSA is filling in maturing and frankly, documenting and applying guidance to address big gapping holes in the existing TOGAF specification.

When I say “on the surface”, it means that this material is in the form of guidance only. It is not as an official part of the TOGAF specification. Treated as an extension or an overlay at this point shows extensibility of TOGAF but it can also present unneeded complexity in the framework. 

So, this brings us to the to the question, Is TOGAF Brining the “S” to BAIT with SABSA? Yes and no. It really depends on how you look at it. Technically, no. The BAIT architecture domain model hasn’t been revised with TOGAF 9.1 and there are no press releases or announcements to state a modification to the core architecture domains that TOGAF addresses. 

However, I believe this is a net positive add to TOGAF. In the form of delivery guidance is one step in the right direction and provides some other benefits such as:

1. Rationalized - For existing SABSA practitioners it shows how to apply TOGAF and vice versa.

2. Applied – Since this is in the form of delivery guidance it shows how to apply it and not just what it is within a specification. There is a challenge with no having enough in the specification, but there is a practical need to fill this gap and this is better than nothing.

3. Intent – This shows real intent by The Open Group forum members to not let TOGAF get too stale with the additions linking of other practices.

4. Unification - Instead of reinventing yet another standard, clear industry leadership is demonstrated by The Open Group to reduce complexity in the Enterprise Architecture space.

5. Best of Breed –  Along with not reinventing a standard a best of breed addition was selected that has similar guiding principles and approaches that make this integration compatible.

Technorati Tags: Enterprise Architecture,Risk Management,Information Security,TOGAF,SABSA,The Open Group