BDSLCCI Version 2.0 has been available as an enhanced Cybersecurity Framework for micro, small, and medium businesses (SMB / SME / MSME / Startup companies) since January 2024
January 1, 2024 (update on award news February 10, 2024)
BDSLCCI 2.0 has been available since January 2024 with modified cybersecurity control areas and a more prioritized approach to digital data privacy compliance needs for small and medium enterprises.
Cybersecurity is right for every business, regardless of its size, location, or revenue!"
by Dr. Shekhar Ashok Pawar
Visit www.BDSLCCI.com today to know more features and benefits!
Latest BDSLCCI framework 2.0 has modified Defense in Depth (DiD) as well as Mission Critical Asset (MCA). Below table shows coverage of Defense in Depth according to modified framework.
BDSLCCI
Priority
Sequence |
BDSLCCI
Defense in Depth (DiD)
Layer Title |
List of Control
Areas BDSLCCI 2.0
Helps Organization |
| BDSLCCI DiD Level-1 |
Host/Endpoint Security Layer
|
1.1 - Host/Endpoint - Less Permission to Use
1.2 - Host/Endpoint - Endpoint Protection - Anti-Virus
1.3 - Host/Endpoint - Licensed Operating System (OS)
1.4 - Host/Endpoint - Block File Transfers
|
| Data Security Layer |
1.5 - Data - Encryption
1.6 - Data - Access control
1.7 - Data - Backup
1.8 - Data - Data Loss Prevention
1.9 - Data - Secure Deletion
|
| Human Security Layer |
1.10 - Human - Cybersecurity Awareness Training
1.11 - Human - Separation of Duties
1.12 - Human - Service Level Agreement (SLA)
1.13 - Human - Employee Background Check
1.14 - Human - Review Access Rights
1.15 - Human - Cyber Threat Alert Notifications
1.16 - Human - Cybersecurity Banners / Posters
1.17 - Human - Non Disclosure Agreement (NDA)
|
| BDSLCCI DiD Level-2 |
Network Security Layer |
2.1 - Network - Network Firewall
2.2 - Network - Network Access Control
2.3 - Network - Remote Access VPN
2.4 - Network - Instruction Detection & Prevention Systems (IDPS)
|
| Application Security Layer |
2.5 - Application - OWASP Coding Practices
2.6 - Application - Application Hardening
|
| BDSLCCI DiD Level-3 |
Physical Perimeter Security Layer |
3.1 - Physical Perimeter - Locked and Dead-Bolted Steel Doors
3.2 - Physical Perimeter - Closed-Circuit Surveillance Cameras (CCTV)
3.3 - Physical Perimeter - Picture IDs
3.4 - Physical Perimeter - Security Guards / Proper Lighting / Biometrics / Environmental Control
|
| Governance Security Layer |
3.5 - Governance - Incident Response Process and/or BCP
3.6 - Governance - Business Continuity Plan (BCP)
3.7 - Governance - Periodic Audit
|
On 10-February-2024, Dr. Shekhar Ashok Pawar received the Award for “Excellence in Innovation in Cybersecurity” from the Asian-African Chamber of Commerce and Industry (AACCI) as an inventor of the Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) Framework, which is helping micro, small, and medium enterprises (MSMEs) worldwide. Not only was the BDSLCCI framework invented by him, but also, with his team’s continuous efforts, they have been successful in building an AI-ML-based web platform, www.BDSLCCI.com, which is making the process of deploying the BDSLCCI framework to many MSMEs worldwide easier.
In this article, let us understand more about BDSLCCI innovation.
Dr. Shekhar Ashok Pawar is one of those who moved from settled corporate job life into boot-strapped entrepreneurship, where he and his core team build companies from scratch. Since January 2016, Dr. Pawar’s first venture, GrassDew IT Solutions Pvt. Ltd., has provided cybersecurity services and software development solutions to hundreds of multiple domain businesses worldwide. Apart from that, since 2020, GrassDew has also worked as the PAN India sales channel partner and certified solution partner of Tata Tele Business Services (TTBS), providing various products such as internet leased lines, cloud telephony, Interactive Voice Response (IVR), and much more.
There are about 400 million small and medium enterprises worldwide, which is approximately 90% of businesses. They are at the bottom of the pyramid, and because of these companies, 60 to 70% of employment opportunities are generated worldwide. Also, these organizations contribute about 55% of GDP to developed economies. On the other hand, it is also true that around 43% of cyberattacks target small businesses, and one out of every two small and medium businesses has a chance of a cyber breach. Looking at the contribution of these segments of companies, if they do not get cyber security protection for themselves, it is going to hamper the global economy as well.
SecureClaw Incorporation is the second venture of Dr. Pawar, which is on the mission of cybersecuring small and medium companies worldwide, which are known as MSMEs, small and medium businesses (SMBs), or even small and medium enterprises (SMEs), depending on their size, revenue, and location. For this article, let us consider the word SMB, which represents any of these kinds of companies. With his decades of international experience and research studies during his doctorate from the Swiss School of Business and Management in Geneva, Switzerland, Dr. Pawar has invented a new cybersecurity framework popularly known as Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI), which is more focused on these kinds of organizations. Apart from continuous research and enhancement in BDSLCCI to make it more beneficial to MSMEs, SecureClaw also provides various cybersecurity services, which include the Virtual Chief Information Security Officer (V-CISO), Source Code Security Review, which is popularly known as static application security testing (SAST), dynamic application security testing (DAST), or vulnerability assessment and penetration testing (VAPT), as a few of its key offerings. These organizations have diverse experience in programming, telecom, and cybersecurity, which makes their expertise unique while designing solutions for their customers.
During international research studies by Dr. Pawar, the top management of SMB companies from 19 different countries participated. It was evident that there were three major problems faced by those companies.
- Small and medium-sized companies are not having enough funds or allocated budget for the implementation of hundreds of controls mandated by existing cybersecurity standards.
- These companies do not have skilled teammates or other resources to implement and maintain cybersecurity controls.
- Top management is not able to see the return on investment (RoI) for cybersecurity implementation, as the top priorities of such companies are not directly aligned with the recommended controls by existing cybersecurity standards or frameworks.
Dr. Pawar's research reveals that each SMB has a unique business domain and mission-critical asset (MCA) based on their sector. MCAs, such as data, information, or infrastructure, are crucial for a SMB's core business. For instance, healthcare MCAs might be Electronic Medical Record (EMR) software, while banking, financial services, and insurance (BSFI) MCAs might be financial records. MCAs can be information-related or even business function-related.
MCAs weigh confidentiality, integrity, and availability differently, and SMBs need cybersecurity controls. Defense in Depth (DiD) strategy addresses people, process, and technology. BDSLCCI framework provides recommendations for implementing DiD controls in parallel with MCA, designed by Dr. Pawar.
Once an organization successfully implements BDSLCCI and passes the assessment criteria for a specific level, it receives three deliverables.
- BDSLCCI Certificate.
- BDSLCCI Transcript.
- BDSLCCI Web Analytics Report explaining the coverage and effectiveness of the cybersecurity controls.
There are multiple ways to get BDSLCCI certification.
- SMB can self-assist by directly registering itself on the BDSLCCI web portal. The BDSLCCI web portal provides secured access to various data points and guidance provided by the logic of the BDSLCCI framework.
- SMB can identify a BDSLCCI member company, which is a certification body of BDSLCCI, authorized to provide BDSLCCI certificates as one of its services.
- SMB can even hire BDSLCCI-authorized freelancers who can assist them in their BDSLCCI certification journey, where the final audit will be done by SecureClaw and the BDSLCCI certification and transcript will be issued by SecureClaw.
The BDSLCCI offers certifications and assessments at three different levels. On the incremental order of control implementation, SMB can be more cybersecure while reaching BDSLCCI Level 3.
Any startup, even one employee company, or any medium-scale company with hundreds of employees can get a customized or tailored cybersecurity controls list using BDSLCCI. It offers an ascending order of controls, aiding top management in decision-making. In situations where organizations need to take the Data Privacy and Protection Acts of their nation seriously to avoid high penalties if a data breach happens, or even to avail of cyber insurance, or to simply have better confidence in their way of working and handling customers’ critical assets, selecting SecureClaw’s BDSLCCI will be a very good choice. SecureClaw has been deployed in many SMBs/ SMEs/ MSMEs and has received good market feedback.