Simplify Security#

Problem#

Cyber security is difficult. Cyber security is a complex field. It requires expertise of many different areas like business sciences and computer sciences. Security risks are difficult to manage and to control. Despite the costs and resources that you invest: major disasters due to security breaches are always possible.

Solution#

Use and practice the simplify security methodology. This means:

  • Use proven open solutions. So use open methods, open management frameworks, policies and proven valuable security principles. And of course FOSS security tools.

  • Use FOSS solutions whenever possible, especially for high risk environments and projects. Using FOSS software means you can more easily comply with the proven cyber principle: ‘Never Trust, Always Verify’

  • Use proven secure coding guidelines when developing software. Mistrust AI generated solutions since these solutions are trained with our mistakes over the last centuries.

  • Use security by design as an approach to involve all stakeholders.

Develop and maintain an open security architecture with all stakeholders involved. Having no architecture for your company or product is no option. A bad design is always better than no design.

Simplification of security measurements, both tools and processes, is challenging but in the end always profitable. Key advantages when simplifying your security:

  • Simple solutions that do work are easier to maintain.

  • Simple solutions are easier to replace.

  • Simple solutions minimize recurring costs.

  • Simple solutions are easier to understand and audit. This means improvements are faster to implement.

  • Maximal reuse of knowledge and existing proven solutions.

  • Lower costs.

  • Resilience for new security hypes. Risks will never be near zero, whatever the promises of a new product, process or methodology are.

  • Easier maintenance.

Important

Lower complexity means less surprises and a more robust security defense.

To ease the process to simplify security and avoid IT complexity use our zero design complexity principles to prevent IT complexity from the start.

Complexity, on technical level and organisation level, leads to serious security risks and high cost for maintenance. Especially for systems where humans, processes, software and new technology play a major role.

Simplify Security Solution roadmap#

simplify security overview

The key to simplify security is to use and reuse good practices that have proven to work. By making use of existing open solutions, recipes, procedures, policies, etc the key advantage is that you do not have to reinvent the wheel.

If needed you can make it better or adjust a solution to your specific situation.

Key ingredients for simplifying security challenges are:

  1. Use the Open Security Reference architecture. Using this reference architecture saves you a lot of time, since it consists of an enormous amount ready to use open access resources that you need in various process steps when solving your specific security problem.

  2. Apply and use Security by Design . Using this simple but complete guide for using and applying Security by design makes your organisation more resilience against cyber threats.

  3. Make use of proven and maintained FOSS cyber security solutions. This Playbook contains an opinionated collection of various open cyber security tools. But remember: A tool is never the solution for solving cyber security challenges and mitigating risks. In the end it’s all about humans since no technology is perfect. Cyber security risks will never be zero.

  4. Make continuous learning on new and old cyber security challenges fun. Go to an in-person security conference, or read our cyber security news and reports.