BDSLCCI Version 3.0 has been available as an enhanced Cybersecurity Framework since January 2025
Recently, the SecureClaw Cyber Threat Advisory team has studied thousands of international cyber attack news stories of year 2024 in various industries and created a most visible cyber threats trend considering sampling basis summary report. Such inputs help the team to understand the latest cyber threat trends.
BDSLCCI 3.0 has been available since January 2025 with modified cybersecurity control areas and a more prioritized approach to protect against the latest cyber threats. It is mainly focused on cyber-securing micro, small, and medium enterprises. These organizations are widely known as small and medium enterprises or businesses (SMEs or SMBs).
"Cybersecurity is right for every business, regardless of its size, location, or revenue! We invite and recommend small and medium-sized businesses to utilize the BDSLCCI framework."
by Dr. Shekhar Ashok Pawar
Visit www.BDSLCCI.com today to know more features and benefits!
The below diagram shows different security layers of the defense in depth (DiD) mechanism recommended by BDSLCCI 3.0, followed by the security control area, BDSLCCI policy, and the guidelines or reference documents.
Latest BDSLCCI framework 3.0 has modified Defense in Depth (DiD) as well as Mission Critical Asset (MCA). Even though at a high level these layers follow the same sequence of BDSLCCI 2.0, there are changes in policies and guidelines. Below table shows coverage of Defense in Depth according to modified framework.
BDSLCCI
Priority
Sequence |
BDSLCCI
Defense in Depth (DiD)
Layer Title |
List of Control
Areas BDSLCCI 3.0
Helps Organization |
| BDSLCCI DiD Level-1 |
Host/Endpoint Security Layer
|
1.1 - Host/Endpoint - Less Permission to Use
1.2 - Host/Endpoint - Endpoint Protection - Anti-Virus
1.3 - Host/Endpoint - Licensed Operating System (OS)
1.4 - Host/Endpoint - Block File Transfers
|
| Data Security Layer |
1.5 - Data - Encryption
1.6 - Data - Access control
1.7 - Data - Backup
1.8 - Data - Data Loss Prevention
1.9 - Data - Secure Deletion
|
| Human Security Layer |
1.10 - Human - Cybersecurity Awareness Training
1.11 - Human - Separation of Duties
1.12 - Human - Service Level Agreement (SLA)
1.13 - Human - Employee Background Check
1.14 - Human - Review Access Rights
1.15 - Human - Cyber Threat Alert Notifications
1.16 - Human - Cybersecurity Banners / Posters
1.17 - Human - Non Disclosure Agreement (NDA)
|
| BDSLCCI DiD Level-2 |
Network Security Layer |
2.1 - Network - Network Firewall
2.2 - Network - Network Access Control
2.3 - Network - Remote Access VPN
2.4 - Network - Instruction Detection & Prevention Systems (IDPS)
|
| Application Security Layer |
2.5 - Application - OWASP Coding Practices
2.6 - Application - Application Hardening
|
| BDSLCCI DiD Level-3 |
Physical Perimeter Security Layer |
3.1 - Physical Perimeter - Locked and Dead-Bolted Steel Doors
3.2 - Physical Perimeter - Closed-Circuit Surveillance Cameras (CCTV)
3.3 - Physical Perimeter - Picture IDs
3.4 - Physical Perimeter - Security Guards / Proper Lighting / Biometrics / Environmental Control
|
| Governance Security Layer |
3.5 - Governance - Incident Response Process and/or BCP
3.6 - Governance - Business Continuity Plan (BCP)
3.7 - Governance - Periodic Audit
|
In this article, let us understand more about BDSLCCI innovation. This is the third version and the official third year of BDSLCCI's existence in the global market.
Dr. Shekhar Ashok Pawar and his team at SecureClaw have developed this product. BDSLCCI was an international research project conducted by Dr. Pawar. Let's see an overview of that in this article.
There are about 400 million small and medium enterprises worldwide, which is approximately 90% of businesses. They are at the bottom of the pyramid, and because of these companies, 60 to 70% of employment opportunities are generated worldwide. Also, these organizations contribute about 55% of GDP to developed economies. On the other hand, it is also true that around 43% of cyberattacks target small businesses, and one out of every two small and medium businesses has a chance of a cyber breach. Looking at the contribution of these segments of companies, if they do not get cyber security protection for themselves, it is going to hamper the global economy as well.
During international research studies by Dr. Pawar, the top management of SMB companies from 19 different countries participated. It was evident that there were three major problems faced by those companies.
- Small and medium-sized companies are not having enough funds or allocated budget for the implementation of hundreds of controls mandated by existing cybersecurity standards.
- These companies do not have skilled teammates or other resources to implement and maintain cybersecurity controls.
- Top management is not able to see the return on investment (RoI) for cybersecurity implementation, as the top priorities of such companies are not directly aligned with the recommended controls by existing cybersecurity standards or frameworks.
Dr. Pawar's research reveals that each SMB has a unique business domain and mission-critical asset (MCA) based on their sector. MCAs, such as data, information, or infrastructure, are crucial for a SMB's core business. For instance, healthcare MCAs might be Electronic Medical Record (EMR) software, while banking, financial services, and insurance (BSFI) MCAs might be financial records. MCAs can be information-related or even business function-related.
MCAs weigh confidentiality, integrity, and availability differently, and SMBs need cybersecurity controls. Defense in Depth (DiD) strategy addresses people, process, and technology. BDSLCCI framework provides recommendations for implementing DiD controls in parallel with MCA, designed by Dr. Pawar.
The below diagram indicates how confidentiality, integrity, and availability (CIA triad) are mapped with the preventive, detective, deterrent, recovery, and corrective control areas in BDSLCCI levels.
Once an organization successfully implements BDSLCCI and passes the assessment criteria for a specific level, it receives three deliverables.
- BDSLCCI Certificate.
- BDSLCCI Transcript.
- BDSLCCI Web Analytics Report explaining the coverage and effectiveness of the cybersecurity controls.
There are multiple ways to get BDSLCCI certification.
- SMB can self-assist by directly registering itself on the BDSLCCI web portal. The BDSLCCI web portal provides secured access to various data points and guidance provided by the logic of the BDSLCCI framework.
- SMB can identify a BDSLCCI member company, which is a certification body of BDSLCCI, authorized to provide BDSLCCI certificates as one of its services.
- SMB can even hire BDSLCCI-authorized freelancers who can assist them in their BDSLCCI certification journey, where the final audit will be done by SecureClaw and the BDSLCCI certification and transcript will be issued by SecureClaw.
The BDSLCCI offers certifications and assessments at three different levels. On the incremental order of control implementation, SMB can be more cybersecure while reaching BDSLCCI Level 3.
Any startup, even one employee company, or any medium-scale company with hundreds of employees can get a customized or tailored cybersecurity controls list using BDSLCCI. It offers an ascending order of controls, aiding top management in decision-making. In situations where organizations need to take the Data Privacy and Protection Acts of their nation seriously to avoid high penalties if a data breach happens, or even to avail of cyber insurance, or to simply have better confidence in their way of working and handling customers’ critical assets, selecting SecureClaw’s BDSLCCI will be a very good choice. SecureClaw has been deployed in many SMBs/ SMEs/ MSMEs and has received good market feedback.
On 10-February-2024, Dr. Shekhar Ashok Pawar received the Award for “Excellence in Innovation in Cybersecurity” from the Asian-African Chamber of Commerce and Industry (AACCI) as an inventor of the Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) Framework, which is helping micro, small, and medium enterprises (MSMEs) worldwide. Not only was the BDSLCCI framework invented by him, but also, with his team’s continuous efforts, they have been successful in building an AI-ML-based web platform, www.BDSLCCI.com, which is making the process of deploying the BDSLCCI framework to many MSMEs worldwide easier.