What we offer

Bento Cyber Security Framework enables small companies to protect business processes and key information technology assets.  Frameworks – by design – provide the skeleton structure and generic requirements. BCSF goes into explicit detail on how to implement safeguards enabling companies to learn, understand, and manage information security risks.  Paid subscriptions enable access to premium content and features including fully managed collaboration workspaces.


Access the core content including explanations, policies, checklists, and guides.

Support (Premium)

Multiple tiers of support including community, e-mail, and video-conference.

Security Awareness
Training (Premium)

Vignette-based training modules for nurturing a security-centric culture.

Management (Premium)

Managed vendor database for assessing supply-chain risk of mission critical suppliers.

Workspace (Premium)

Secure & isolated collaboration workspaces to manage your bespoke security program.

Attestation &
Certification (Premium)

Third-party audit of your bespoke cyber security program with rights to display our attestation seal.

CISO in a box

The framework is a virtual Chief Information Security Officer complete with policy, implementation, and control guidance.  Industry first open access to curated guidance, support from experts, and technology assets all designed for small companies.  Affordable, adoptable, and actionable.

  • Developed on a decade of operational excellence and practical experience serving small companies.

  • Supported by information technology and security veterans with track record in system operations, incident management, and strategic guidance.

Principles out of Practice

We took a practical approach to IT governance and used real-world experience to create BCSF. The framework is based on thousands of previously billable hours solving problems big and small.

  • Developed by executives, system architects, and engineers.  The framework replaces theory with applied practices.

  • Harvested a decade’s worth of IT/IS services work and bundled it into one open package.

Services as a Software

Multi-tenant and dedicated collaboration workspaces enable organizations to edit, contribute, and store their information technology governance in one secure location.

  • Premium customers benefit from encrypted and logically isolated documentation workspaces hosted by our team.

  • Foundation content is automatically refreshed while your customizations and proprietary data remain accessible only to your organization.

Supply Chain Risk Management

We simplified vendor risk management by focusing on all the vendors serving our clients. 

  • Each vendor was assessed for material significance, capability, and criticality.

  • Our team gained insights into company culture, security practices, and posture to assess risk in a way that is meaningful to small business.

Support along the way

Premium clients have access to our team of professional system engineers, managers, and architects that wrote the book on Bento Security. 

  • Help with policy design, planning, and strategy.

  • Guidance and technical support for implementation and administration of controls.

You should know…

Bento Cyber Security Framework makes it possible for small companies to develop sound technology practices.  While majority of the framework is written for a wide audience, we cannot always escape jargon. For instance, some readers may care that BCSF v1.0 aligns the CIS, SOC2 Type II & ISO standards with practical and actionable processes for small companies.  Others may take comfort in knowing that we utilize a common policy/control/evidence structure as the primary method for attesting the framework.

Get Docs
How it works

Get started with BCSF

    Looking for help? Get in touch with us