BRSE helps cybersecurity leaders to establish a highly-effective cybersecurity function.
MDR providers can stand out in the crowded market by claiming that their service offering is BRSE-based.
You cannot solve a problem if the words you use to describe it weren't well defined, can you?
AI will not be able to help either.
BRSE provides a new set of clearly defined terms using plain English. (Except the grammar, because English is not a BRSE creator's first language).
You cannot solve an undefined problem, can you?
Again, AI is powerless in such scenario as well.
BRSE provides a rationally linked hierarchy of objectives using its own well defined terms.
You cannot report on your work if your performance indicators aren't linked to the objectives, can you?
BRSE provides a new set of performance indicators logically linked to the objectives.
One team does it all (ensures team cohesiveness during the crisis aka cyberbreach).
Roles are virtual and separate from employees.
Roles are assigned and rotated through the team.
A team, ideally, is double-headed: a director (who is running it) and a manager (who is responsible mostly for staff development). They don't rotate.
Cyberdefense| breach response: prepare everything for manual breach disruption. Measured by readiness.
Cyber protection| security engineering: strive to make response for as much as 80% of relevant TTPs automatic. Measured by coverage.
Functional maturity is measured by the "SOC pyramid" ratio which measures the split between the manual and automatic response readiness.
A new cybersecurity function: (RAP or CPM): to provide relevant TTPs and IT Estate context including vulnerabilities scans and hardening suggestions. RAP ideally is two people and will rotate with analysts for on-shift response duty. RAP engineers are re-enforcement (rather than escalation) during crisis.
Cyber defense and protection aren't equal: defense prioritizes TTPs (provided by RAP) to be worked on by protection team.
Fixed scope for the team: one chunk of IT estate. Ideally, the IT estate in scope covers multiple technology domains in order to cover an entire breach path.
If company is large: break down its IT Estate and create teams responsible for those chunks. The ideal IT Environment breakdown should translate into one team dealing with entire breach: its blast radius does not spill over to the IT Environment area owned by another cybersecurity team.
The use of ACCEPT approach instead of traditional People Processes Tools (PPT).
The reason for creating BRSE is to 10-100X effectiveness and efficiency increase for cybersecurity teams.
Despite the limited ability to measure the improvement precisely, we believe that gains in effectiveness are at that level.
All rights to the BRSE content belongs to Ivan Fedorets.
This website www.brse.info is the only authentic source of BRSE. Any modified versions of BRSE should have those modifications identified. For now the only authorized contributor to BRSE is Ivan Fedorets.
Ivan writes on the topic of cybersecurity including BRSE in his blog here: https://blog.ivancyber.com/
For now, the content shared here is free to use with the reference to Ivan Fedorets.
Nothing on this website is a legal (or any other) advice. This is a thought provoking content.
You are the only one responsible for the outcome of your actions.