Why not just insure against cyber security incidents?
The cyber security landscape is changing, and doing nothing means denial of claims. Your insurance carrier expects you to do the bare minimum.
What is a Bento Cyber Security Framework?
BCSF is a series of cyber security publications in three major categories: policy, implementation, and oversight. Collectively, it enables business owners to build and deploy an information security and compliance program.
What is BENTO:GUIDES?
BENTO:GUIDES is a software solution for accessing and working with the Bento Cyber Security Framework. While all BCSF core publications are accessible to anyone who registers with their company e-mail address, we offer premium subscriptions to enable companies to easily manage BCSF implementations.
What is offered in premium subscriptions?
All BCSF core publications are available without a subscription – they enable any small company to develop a comprehensive cyber security strategy. Entry paid subscriptions enable access to security awareness training while premium tiers give each organization a dedicated instance of GUIDES with content that can be edited. This enables companies to develop their own security management programs, track key information, and share that data with our experts.
What kind of support is available?
We provide comprehensive advisory and implementation services. Customers with paid plans have access to our solution architects, informations security managers, system engineers, and support staff. Our team is your virtual CISO, IT department, IS department, and professional services team. We can help you determine what to do, how to do it, and then get you there. We provide end:end support for BCSF implementation.
What is attestation and certification?
Increasingly companies are asked to prove their cyber security readiness to vendors, prospects, and customers alike. For instance, your insurance company may demand proof that you are managing cyber security risks. Equally, a prospect may be concerned over your resiliency before signing a contract. Or – perhaps – a customer may suddenly becomes concerned over your risk in their supply-chain. Premium tier customers may elect to have their policies and controls audited for effectiveness by our team. The audit includes a report you may share with others and a certification seal valid for as long as you remain a subscriber (renewable every 18 months).
How does this work?
Sign-up to get access to BENTO:GUIDES and start reading the various materials and publications. BCSF is designed to be modular, thus you may begin by reading introductory materials or dive right into checklists. The initial objective is to make you familiar with all areas of information technology security and show you practical ways of designing policies and controls. Upgrading your subscription unlocks access to security awareness training, a key component of cyber security strategy. The training is easily accessible and shared with your employees.
Premium tiers unlock a dedicated instance of BENTO:GUIDES accessible only to your organization and expand our professional services. This enables you to edit, create, and modify content. You may choose to modify generic policies, add custom procedures, or remove irrelevant content. This process may take you many weeks to months, but enables your company to increase control while balancing convenience.
For example, you may review policies surrounding departing employees, and decide that your organization “will off-board all terminated staff within 48 hours.” BENTO:GUIDES contains enough information for you to properly assemble checklists and procedures for handling a departure successfully. You will find that we cover a variety of scenarios including temporary staff, friendly departures, sudden terminations, and disgruntled employees to help you design a process. We also document common procedures such as properly disabling Office 365 accounts, forwarding e-mail, and preserving data. In other words, we have the policy and the implementation pieces covered. Beyond all that, BCSF also covers the auditing and compliance side of managing off-boarding.
What are the differences between cyber security experts, solution consultants, and security engineers?
There are three major skillsets required to implement cyber security. Segregation of duties and experience both force your organization to leverage multiple individuals/teams in program development.
Cyber Security Experts: Help you develop policy and information programs.
Solution Consultants: Help you manage vendor requirements and design solutions that align your program with technical specifications.
Security Engineers: do the work required to implement technical solutions.