Bento Security: Cybersecurity Trust

We are fanatical about cyber security management. Bento Cyber Security Framework is comprehensive guidance from policy to attestation. Developed for small companies.

Take ownership of information security

We are so excited and proud of our product. It's really easy to create a landing page for your awesome product.

Policy Templates

Use our template library to get your program started, or engage our team and do it with our support.

Implementation Checklists

We develop checklists for big-picture and specific objectives. They help you stay focused.

Detailed Procedures

Procedures for control implementation include specific instructions for materially significant systems and ops.

Incident Mitigation

Demonstrate to your cyber security insurance carrier company competence.

Controls Development Support

Cybersecurity and engineering services are available to help you plan and do the work.

Certification & Attestation

We help small companies develop functional programs and then validate through certification.

Develop an Information Security Program

Cyber security is about doing - at least - the bare minimum to reduce the likelihood you or your customers will have a bad day due to a mistake or intentionally harmful act. No two companies have the same needs and this is why each organization must develop their own approach to cyber security. However, the process is standardized and shared; BCSF makes them work for small companies.

Inventory Your Assets

Risk assessment and information technology asset inventory go hand in hand. This is less about documenting every piece of hardware and software and more about recognizing what pieces really matter to your organization and how vulnerable they are.

Develop Policies

Policy development involves looking at what you are willing to do that is a reasonable balance of convenience and control. At this stage your management (and owners) need to think through what they deem acceptable for standards of security and write up simple policies that get you there. BENTO:GUIDES offers policy templates with guidance in them cutting out most of the work. It is possible to read them, make minor edits, and adopt them as written.

Design & Implement Controls

Controls development is two parts: deciding how to become more secure and selecting the tools and technology to get you there. Odds are your business is already half-way there and an experienced solution consultant can work with what you have. The main objective here is to avoid buying tools that make impossible promises and instead take measurable steps towards risk mitigation.

Verify and Optimize

Once your systems are configured and running, a mindful audit process what it will take to ensure they do their job as designed. This is also the part of the process where you can change things that can work better.

Frequently Asked Questions

Got a question? We've got answers. If you have some other questions, contact us using email.

Why not just insure against cyber security incidents?

The cyber security landscape is changing, and doing nothing means denial of claims. Your insurance carrier expects you to do the bare minimum.

What is a Bento Cyber Security Framework?

BCSF is a series of cyber security publications in three major categories: policy, implementation, and oversight. Collectively, it enables business owners to build and deploy an information security and compliance program.

What is BENTO:GUIDES?

BENTO:GUIDES is a software solution for accessing and working with the Bento Cyber Security Framework. While all BCSF core publications are accessible to anyone who registers with their company e-mail address, we offer premium subscriptions to enable companies to easily manage BCSF implementations.

What is offered in premium subscriptions?

All BCSF core publications are available without a subscription – they enable any small company to develop a comprehensive cyber security strategy. Entry paid subscriptions enable access to security awareness training while premium tiers give each organization a dedicated instance of GUIDES with content that can be edited. This enables companies to develop their own security management programs, track key information, and share that data with our experts.

What kind of support is available?

We provide comprehensive advisory and implementation services. Customers with paid plans have access to our solution architects, informations security managers, system engineers, and support staff. Our team is your virtual CISO, IT department, IS department, and professional services team. We can help you determine what to do, how to do it, and then get you there. We provide end:end support for BCSF implementation.

What is attestation and certification?

Increasingly companies are asked to prove their cyber security readiness to vendors, prospects, and customers alike. For instance, your insurance company may demand proof that you are managing cyber security risks. Equally, a prospect may be concerned over your resiliency before signing a contract. Or – perhaps – a customer may suddenly becomes concerned over your risk in their supply-chain. Premium tier customers may elect to have their policies and controls audited for effectiveness by our team. The audit includes a report you may share with others and a certification seal valid for as long as you remain a subscriber (renewable every 18 months).

How does this work?

Sign-up to get access to BENTO:GUIDES and start reading the various materials and publications. BCSF is designed to be modular, thus you may begin by reading introductory materials or dive right into checklists. The initial objective is to make you familiar with all areas of information technology security and show you practical ways of designing policies and controls. Upgrading your subscription unlocks access to security awareness training, a key component of cyber security strategy. The training is easily accessible and shared with your employees. Premium tiers unlock a dedicated instance of BENTO:GUIDES accessible only to your organization and expand our professional services. This enables you to edit, create, and modify content. You may choose to modify generic policies, add custom procedures, or remove irrelevant content. This process may take you many weeks to months, but enables your company to increase control while balancing convenience. For example, you may review policies surrounding departing employees, and decide that your organization “will off-board all terminated staff within 48 hours.” BENTO:GUIDES contains enough information for you to properly assemble checklists and procedures for handling a departure successfully. You will find that we cover a variety of scenarios including temporary staff, friendly departures, sudden terminations, and disgruntled employees to help you design a process. We also document common procedures such as properly disabling Office 365 accounts, forwarding e-mail, and preserving data. In other words, we have the policy and the implementation pieces covered. Beyond all that, BCSF also covers the auditing and compliance side of managing off-boarding.

What are the differences between cyber security experts, solution consultants, and security engineers?

There are three major skillsets required to implement cyber security. Segregation of duties and experience both force your organization to leverage multiple individuals/teams in program development. Cyber Security Experts: Help you develop policy and information programs. Solution Consultants: Help you manage vendor requirements and design solutions that align your program with technical specifications. Security Engineers: do the work required to implement technical solutions.