Once we know why should we simplify Cybersecurity, we need to know what is Simplify Cybersecurity.
IMO, Cybersecurity cannot (and should not) operate like an IT team. It is very likely you will end up with a very complicated Cybersecurity organization if you try to do so. In another words, we shouldn't have engineering team or operation team, just like how normally IT organization does.
Then, what should a Simplify Cybersecurity organization look like?
Cybersecurity, is all about risk management. And based on NIST Cybersecurity Framework, there should be 5 core functions which include: Identify, Protect, Detect, Respond, and Recover.
A simplified Cybersecurity organization can follow the NIST framework here. Here's an example:
- Identify
- Governance, Risk and Compliance team
- Project Management and Consultation team
- Protect
- Network Security team
- Security Architecture and Strategy team
- Identity, Access and Management team
- Detect
- Security Assurance team
- Threat and Vulnerability Management team
- Respond
- Incident Management team
- Recover
- Forensic and Investigation team
- Disaster and Recovery Planning team
Note that, the 5 core functions are merely the virtual triage, and not necessary a real team. Next, we will examine in more details about what Simplify Cybersecurity is.