SABSA is an Enterprise Security Architecture framework that aligns security with business objectives through a layered, risk-based approach.
It allows large enterprises to identify and address risks while prioritising business goals.
The use of a structured, holistic framework empowers your enterprise with strategic insights and practical solutions, transforming cybersecurity from a siloed function into a unified strategic asset.
Businesses looking to implement SABSA into their enterprise will find a strong strategic partner in David Lynas Consulting.
In 1995 David Lynas, and his associates John Sherwood and Andy Clark, devised a unique methodology to address cybersecurity issues for organisations. They called it SABSA (Sherwood Applied Business Security Architecture). They saw a better, more positive way to look at security – holistically embedded in innovation.
David, John and Andy authored the ‘blue book’ Enterprise Security Architecture: A Business-Driven Approach in 2005 and the field of Enterprise Security Architecture was born.
OUR expertise
in applying
the SABSA®
Methodology
assures
solutions
that deliver
DLC is proud to have built a team of unrivalled depth with decades of experience defining and leading enterprise programmes or reporting directly to Corporate CEOs and Government Ministers.
Each member of our team has a history of demonstrable success, can articulate the bigger picture, transform the enterprise conversation, engage stakeholders at every level, and deliver insightful, actionable, practical advice with value-add, and skills transfer.
DLC provides unrivalled assurance of capabilities. All of our team members are SABSA® authors, certified SABSA® Masters, or multi-Practitioner level with Masters in progress.
SABSA speaks the language of business, not just IT or security, helping security teams justify investments and secure executive buy-in.
By starting with business objectives and translating them into security requirements, it helps architects explain security measures in terms of business value rather than technical terms.
Utilisation of a structured, holistic framework empowers your enterprise with strategic insights and practical solutions, transforming cybersecurity from a siloed function into a unified, strategic asset.
Deliver End-to-End & Through-life
Deliver cybersecurity capability end-to-end and through-life
Create Certainty & Clarity
Create and sustain clarity of policy, governance, and risk ownership
Establish Common Culture & Language
Establish a common culture and language, enabling the enterprise to collaborate, integrate, adopt, consume & implement
Capitalise Change & Agility
Support business ambition to transform, transition and change
WHAT SABSA LOOKS LIKE IN PRACTICE
Once established, SABSA becomes a decision-making framework that can be applied to all IT and security activities.
When a stakeholder proposes a new cloud service or application, questions that would be factored in under a SABSA approach would likely include: “What business objective does this support? What are the risks? What security services are needed?”
Security architects can perform a mapping against the existing architecture to identify which controls already exist and which gaps need filling.
SABSA's Unique Value Proposition
Strategic Security Alignment
Design security architectures that are closely aligned with business objectives, transforming security from a siloed function into a strategic asset that supports growth and innovation.
Consistency and Scalability
Develop reusable security architecture patterns and cohesive frameworks that ensure consistent, scalable, and efficient security implementations across the enterprise.
Proactive Risk Mitigation
Enhance the organization’s security posture by proactively addressing vulnerabilities and risks through strategic planning and design, reducing reliance on reactive measures.
Optimised Resource Utilisation
Provide implementation roadmaps and management processes that enable internal teams to efficiently allocate resources, focusing on critical security areas for maximum impact.
WHO IS SABSA FOR
The SABSA framework is suited to organisations where security directly impacts business value. This can include sectors with significant regulatory requirements.
It has been designed to scale for large complex enterprises with multiple business units and diverse technology environments.
Typically, architecture is built and maintained by enterprise and security architects, and its holistic nature means that security leaders, risk teams, IT, and senior management teams all contribute to the overall framework.
To be effective, the deployment of AI in enterprises needs to be carried out in a responsible manner, ensuring safety for users and the business, and security of the models and datasets. An AI Reference Architecture can identify and categorise the services required for a safe and secure environment for AI.
An explanation of SABSA®’s Principles for Enterprise Security Architecture, revealing the most common client mistakes we encounter, and demonstrating how we at David Lynas Consulting use ESA Principles.
SABSA can work within or alongside TOGAF, with TOGAF covering business, data, application, and technology architecture across an organisation, while SABSA zooms in on security architecture specifically, producing security domain models, risk assessments, and control frameworks.
What are the 6 layers of the SABSA model?
SABSA uses six layers that answer specific questions:
Contextual (What) – Business view
Conceptual (Why) – Architect’s view
Logical (How) – Designer’s view
Physical (With what) – Builder’s view
Component (Where) – Tradesman’s view
Operational (When) – Facilities manager’s view
This allows security frameworks to align with business needs and ensures that risk assessment and proposed risk management activities are not handled within a silo, but rather as a collaborative, holistic process.
What are the basics of SABSA?
The basics of SABSA include the six-layer model, the SABSA Matrix, and a focus on traceability and risk management.
To fully understand the basics, we recommend our SABSA Foundation course.
Implement &
Adopt ESA
with SABSA
Learn how developing and implementing an Enterprise Security Architecture based in SABSA can transform your cybersecurity initiatives.
Our SABSA Training programme is led by David Lynas: co-author of SABSA, CEO of the SABSA Institute, and principal author of the SABSA Institute intellectual property. Quite simply there is no better source of SABSA Education!
Enabling Innovation: Automating Enterprise Security Architecture to Accelerate Business Agility – Sydney & Melbourne March 2026
In-person ESA events in Sydney (2nd March) & Melbourne (5th March). Explore how automating an ESA Framework transforms security from a resource-constrained control function into a scalable, business-enabling capability
To be effective, the deployment of AI in enterprises needs to be carried out in a responsible manner, ensuring safety for users and the business, and security of the models and datasets. An AI Reference Architecture can identify and categorise the services required for a safe and secure environment for AI.
We use cookies to improve your experience on our site and to analyse traffic. By clicking accept all, you consent to our use of cookies.
This website uses cookies
Websites store cookies to enhance functionality and personalise your experience. You can manage your preferences, but blocking some cookies may impact site performance and services.
Essential cookies enable basic functions and are necessary for the proper function of the website.
Name
Description
Duration
Cookie Preferences
This cookie is used to store the user's cookie consent preferences.
30 days
CloudFlare provides web performance and security solutions, enhancing site speed and protecting against threats.
Whether a CAPTCHA or Javascript challenge has been solved.
session
cf_ob_info
The cf_ob_info cookie provides information on: The HTTP Status Code returned by the origin web server. The Ray ID of the original failed request. The data center serving the traffic
session
__cfseq
Sequence rules uses cookies to track the order of requests a user has made and the time between requests and makes them available via Cloudflare Rules. This allows you to write rules that match valid or invalid sequences. The specific cookies used to validate sequences are called sequence cookies.
session
_cfuvid
The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address.
session
__cflb
When enabling session affinity with Cloudflare Load Balancer, Cloudflare sets a __cflb cookie with a unique value on the first response to the requesting client. Cloudflare routes future requests to the same origin, optimizing network resource usage. In the event of a failover, Cloudflare sets a new __cflb cookie to direct future requests to the failover pool.
session
__cf_bm
Cloudflare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.
session
__cfruid
Used by the content network, Cloudflare, to identify trusted web traffic.
session
cf_chl_rc_m
These cookies are for internal use which allows Cloudflare to identify production issues on clients.
session
cf_chl_rc_ni
These cookies are for internal use which allows Cloudflare to identify production issues on clients.
session
cf_chl_rc_i
These cookies are for internal use which allows Cloudflare to identify production issues on clients.
session
__cfwaitingroom
The __cfwaitingroom cookie is only used to track visitors that access a waiting room enabled host and path combination for a zone. Visitors using a browser that does not accept cookies cannot visit the host and path combination while the waiting room is active.
session
cf_use_ob
The cf_use_ob cookie informs Cloudflare to fetch the requested resource from the Always Online cache on the designated port. Applicable values are: 0, 80, and 443. The cf_ob_info and cf_use_ob cookies are persistent cookies that expire after 30 seconds.
session
These cookies are needed for adding comments on this website.
Name
Description
Duration
comment_author_url
Used to track the user across multiple sessions.
Session
comment_author_email
Used to track the user across multiple sessions.
Session
comment_author
Used to track the user across multiple sessions.
Session
Google reCAPTCHA helps protect websites from spam and abuse by verifying user interactions through challenges.
Name
Description
Duration
_GRECAPTCHA
Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
179 days
Google Tag Manager simplifies the management of marketing tags on your website without code changes.
Name
Description
Duration
td
Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
session
cookiePreferences
Registers cookie preferences of a user
2 years
WooCommerce is a customizable eCommerce platform for building online stores using WordPress.
Name
Description
Duration
woocommerce_items_in_cart
Helps WooCommerce determine when cart contents/data changes.
session
woocommerce_cart_hash
Helps WooCommerce determine when cart contents/data changes.
session
woocommerce_dismissed_suggestions__
Count of suggestion dismissals, if enabled.
1 month
woocommerce_snooze_suggestions__
Allows dashboard users to dismiss Marketplace suggestions, if enabled.
2 days
store_notice
Allows customers to dismiss the Store Notice.
session
woocommerce_recently_viewed
Powers the Recent Viewed Products widget
session
wp_woocommerce_session_
Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
2 days
Statistics cookies collect information anonymously. This information helps us understand how visitors use our website.
Google Analytics is a powerful tool that tracks and analyzes website traffic for informed marketing decisions.
Used to monitor number of Google Analytics server requests when using Google Tag Manager
1 minute
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gali
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_ga
ID used to identify users
2 years
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
18 months
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
_gac_
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utma
ID used to identify users and sessions
2 years after last activity
SourceBuster is used by WooCommerce for order attribution based on user source.
Name
Description
Duration
sbjs_migrations
Technical data to help with migrations between different versions of the tracking feature
session
sbjs_current_add
Timestamp, referring URL, and entry page for your visitor’s current visit to your store
session
sbjs_first_add
Timestamp, referring URL, and entry page for your visitor’s first visit to your store (only applicable if the visitor returns before the session expires)
session
sbjs_current
Traffic origin information for the visitor’s current visit to your store
session
sbjs_first
Traffic origin information for the visitor’s first visit to your store (only applicable if the visitor returns before the session expires)
session
sbjs_udata
Information about the visitor’s user agent, such as IP, the browser, and the device type
session
sbjs_session
The number of page views in this session and the current page path
