Notion Digital Forensics 3Cs for organisational cyber defence

The Notion Digital Forensics 3C model is a framework for organisational cybersecurity that focuses on three key areas: complexity, compliance, and culture.


Organisations must choose a suitable structure for their cybersecurity compliance. Common cybersecurity compliance standards include ISO 27001 and NIST CSF. Smaller organisations may need to adapt and reduce these standards, prioritising the highest-risk elements first.


It is crucial to minimize the complexity of an organisation’s systems. This can be achieved by:

  • Retaining only necessary systems
  • Keeping only essential information
  • Implementing a system to retire outdated systems

Reducing complexity makes it easier for IT staff to manage systems and reduces the risk of forgetting to update or properly secure them.


Instilling a culture of cyber safety within the workplace is essential. This means:

  • Working together to create a culture of data safety
  • Being particularly careful with sensitive third-party data, such as customer lists, financial information, or human resource information
  • Considering the added complexity to IT systems when adding new systems
  • Prioritising the decommissioning of unused systems to protect sensitive data

By focusing on these three areas – complexity, compliance, and culture – organisations can develop a comprehensive approach to cybersecurity that reduces risk and protects sensitive data.

Important note on general advice

I am a cyber security specialist, but I may not be YOUR cyber security specialist. 

All cyber-security and digital forensics decisions require careful consideration of your own circumstances and risks. General information is not not tailored to your individual needs. You should seek the advice of a suitably qualified cyber-security or digital forensics specialist.