Weaving archival threads into SABSA's security fabric

In the intricate loom of enterprise security, where threads of risk, compliance, and resilience intersect, the SABSA (Sherwood Applied Business Security Architecture) framework emerges as the master weaver. However, viewed through the lens of an information archivist, SABSA transcends mere technical constructs. This conference paper unravels the symbiotic relationship between archival principles and SABSA’s top two layers—the warp and weft of our digital existence.

Imagine a grand loom—an architectural framework where threads converge, interlace, and form the very fabric of an organization’s security posture. Each thread represents a critical aspect: risk management, compliance, governance, and resilience. But woven into this fabric are the archival threads—the delicate yet enduring fibres that hold the past, present, and future together. These archival threads carry echoes of organisational memory. They hold ancient policies, faded incident reports, and digital artifacts. Just as a skilled weaver selects threads for their strength and colour, archivists curate resilient information assets. These information assets and their metadata thread and intersect with regulatory warp threads. They weave through policies, audit trails, and legal mandates.

Like warp threads under tension, compliance archivists ensure that security practices align with external requirements. These threads safeguard against unravelling—protecting organisations from legal pitfalls and reputational damage. They consider data lifecycles, evolving threats, and the need for adaptive security.

Archival threads reinforce the organisation’s cyber resilience. When breaches fray the fabric, these threads hold it together. Archivists, like diligent seamstresses, repair vulnerabilities. They document metadata, analyse data structures, and weave resilience into the fabric of organisational recordkeeping. Each stitch tells a story of survival—a breach thwarted; privacy and data restored. As the loom continues, patterns emerge—tapestries that blend archival threads with SABSA’s layers. The compliance mandala harmonises legal requirements, risk appetite, and business context. The resilience quilt endures, patching vulnerabilities and documenting recovery efforts. And the timeless brocade captures corporate narratives, incident response playbooks, and forgotten archival security gems.

In this loom of SABSA, archivists are weavers of legacy security. Their hands move deftly, selecting threads, adjusting tension, and repairing data integrity. They honour the past while securing the present, preparing the loom for future generations. As the fabric unfolds, it reveals not only security but also the essence of resilience, adaptability, and human ingenuity. So, let us continue weaving archival threads into SABSA’s security fabric—a fabric that shields, comforts, and connects. For in this intricate weave lies trust—the warp and weft of our digital existence. By intertwining archival principles with SABSA’s layers, we maintain records of the past while securing the future.

As an information archivist, my decisions ripple through time, impacting legal cases, organisational memory, and stakeholder trust. By embracing SABSA’s layers, I am able to fortify security around key information and data assets and allow my archival practices to assist my cyber colleagues to safeguard the very fabric of our digital security.