The Notion Digital Forensics 3C model is a framework for organisational cybersecurity that focuses on three key areas: complexity, compliance, and culture.
Compliance
Organisations must choose a suitable structure for their cybersecurity compliance. Common cybersecurity compliance standards include ISO 27001 and NIST CSF. Smaller organisations may need to adapt and reduce these standards, prioritising the highest-risk elements first.
Complexity
It is crucial to minimize the complexity of an organisation’s systems. This can be achieved by:
- Retaining only necessary systems
- Keeping only essential information
- Implementing a system to retire outdated systems
Reducing complexity makes it easier for IT staff to manage systems and reduces the risk of forgetting to update or properly secure them.
Culture
Instilling a culture of cyber safety within the workplace is essential. This means:
- Working together to create a culture of data safety
- Being particularly careful with sensitive third-party data, such as customer lists, financial information, or human resource information
- Considering the added complexity to IT systems when adding new systems
- Prioritising the decommissioning of unused systems to protect sensitive data
By focusing on these three areas – complexity, compliance, and culture – organisations can develop a comprehensive approach to cybersecurity that reduces risk and protects sensitive data.