How to use BDSLCCI Web Platform?
Business Domain-Specific Least Cybersecurity Controls Implementation (BDSLCCI) is a framework designed specifically for Small and Medium Enterprises (SMEs).
It has below key benefits:
- Depending on the business domain of the SME, this framework provides only the required minimum set of cybersecurity controls to be implemented.
- Helps with the step-wise implementation of cybersecurity controls in a prioritized manner.
- Avoids one-time big investment being gradual implementation.
- Better utilization of available resources.
Regardless of business type or domain, any Small and Medium Enterprise (SME) is an ideal entity to adopt the BDSLCCI framework.
by Dr. Shekhar Pawar
Table of Contents
Sign Up to BDSLCCI
BDSLCCI Dashboard
STEP 1 : Choose Domain and its MCA
STEP 2 : Review CIA Weightage for Selected MCA
STEP 3 : Implement Recommended CIA Controls
STEP 4 : Implement Recommended DiD Controls
STEP 5 : View Current Achieved Levels
Validation of Cybersecurity Controls Implementation
Get BDSLCCI Certificate
The BDSLCCI Web Platform is easy to use.
Sign Up to BDSLCCI
Click on "Sign Up" on BDSLCCI.com
Screenshot of BDSLCCI Web Platform Home
Screenshot of BDSLCCI Sign Up form
This platform is designed for organizations. Take note of the following key points:
- Use an official email address for the registration. Gmail and similar domain email addresses are not considered valid.
- Select your company's business domain in the drop-down list "Domain Name."
- If you can't find your business domain in this drop down list or you need any more clarifications, contact our helpdesk via Contact Us Form.
Click on the "Register" button at the bottom once you have filled in the correct information.
BDSLCCI Dashboard
The dashboard and every web page of this web platform provide menu choices that let the super user of the firm—who registered the company at BDSLCCI—add additional employees as users of the same company. Additionally, it contains menu choices for logout, editing the company profile, and other functional features.
Dashboard displays a radial graph of how various controls are being applied to a particular mission critical asset (MCA) or DiD layer.
Screenshot of BDSLCCI Dashboard showing initial Radial Graph
Screenshot of BDSLCCI Dashboard showing Radial Graph where Controls Implementation is in-progress
Click on "Next" to go ahead.
STEP 1 : Choose Domain and its MCA
Mission Critical Asset (MCA) is considered as business domain specific and has high value in your organization's business to sustain and grow.
Screenshot of BDSLCCI - How to Choose Domain and its MCA
Follow below procedure.
- 1. First select specific business domain from the drop down list.
- 2. According to selected business domain relevant MCAs will be displayed.
- 3. Click on one of multiple "MCA" to select it for controls to be implemented.
- 4. Once you click on "MCA" it will show selected as tick mark as well as blue color.
- 5. You can even remove earlier selected "MCA" by clicking on it, it will remove tick mark to indicate removal.
- 6. Always click on "Save Changes and Proceed" button to confirm the changes of selecting or removing MCAs.
- 7. If you don't wish to do any changes, click on the "Next" button to go to next step.
- 8. If MCA for selected business domain is missing, you can even add new MCA by clicking the "Add MCA" button.
STEP 2 : Review CIA Weightage for Selected MCA
Mission Critical Asset (MCA) is considered as business domain specific and has high value in your organization's business to sustain and grow. Each MCA has different prioritization of Confidentiality, Integrity, and Availability (CIA).
Screenshot of BDSLCCI - How to Review CIA Weightage for Selected MCA (Outcome of AI ML)
Follow below procedure.
- 1. First select specific business domain from the drop down list.
- 2. According to selected business domain relevant MCAs will appear in second drop down list.
- 3. Click on "View" button.
- 4. It will display graphical representation of weightage for each tenant of Confidentiality, Integrity, and Availability (CIA). These values are derived using analysis of the data received from other enterprises having similar business domain and MCA. This weightage distribution will be further useful for prioritization of controls implementation for particular MCA.
- 5. Click on the "Next" button to go to next step, or click on the "Previous" button to go to earlier step.
STEP 3 : Implement Recommended CIA Controls
Till this step you have got clarity about that one (or few) Mission Critical Asset (MCA), now this step is to identify what should be the focus of cybersecurity area among Confidentiality, Integrity, and Availability (CIA Triad) for the same. As discussed in the earlier steps, it will differ for a particular domain of SME. Even SMEs can choose multiple areas of Confidentiality, Integrity, and Availability (CIA Triad) if the chosen MCA has demand for it.
Screenshot of BDSLCCI - How to Implement Recommended CIA Controls
Follow below procedure.
- 1. View the priortized controls shown in ascending order of recommendation.
- 2. It is highly recommended to implement the number of controls specified in the list.
- 3. Click on the checkbox against each control once that particular control has been implemented.
- 3.1 If “No” is selected, it means that control is not yet implemented by you.
- 3.2 You can select “Yes” if you have implemented the control specified.
- 3.3 You can select “N/A” if you have valid reason to consider that control not applicable.
- 3.4 It will auto-save the selection on click to the checkbox.
- 4. You can use page number to navigate next recommended controls in this list.
- 5. Click on the "Next" button to go to next step, or click on the "Previous" button to go to earlier step.
STEP 4 : Implement Recommended DiD Controls
Defense in Depth (DiD), referred to as the "Security in Depth" strategy, is a conceptual model which covers people, operations, and technology areas by establishing guidelines and best practices for securing assets like physical infrastructure, processes, and IT systems. Apart from Mission Critical Asset (MCA), this considers the overall organization's cybersecurity implementation.
Screenshot of BDSLCCI - How to Implement Recommended DiD Controls
Follow below procedure.
- 1. View the priortized controls shown in ascending order of recommendation.
- 2. It is highly recommended to implement the number of controls specified in the list.
- 3. Click on the checkbox against each control once that particular control has been implemented.
- 3.1 If “No” is selected, it means that control is not yet implemented by you.
- 3.2 You can select “Yes” if you have implemented the control specified.
- 3.3 You can select “N/A” if you have valid reason to consider that control not applicable.
- 3.4 It will auto-save the selection on click to the checkbox.
- 4. You can use page number to navigate next recommended controls in this list.
- 5. Click on the "Next" button to go to next step, or click on the "Previous" button to go to earlier step.
STEP 5 : View Current Achieved Levels
Depending on the controls implemented for Mission Critical Asset (MCA) as well as Defense in Depth (DiD) for overall organization, either of three levels achieved will be shown here. Both CIA Level as well as DiD Level controls must be implemented to achieve particular BDSLCCI Level. Tick mark in each cell indicates that you are sure about the controls required for that partical level are implemented by you in earlier steps.
Screenshot of BDSLCCI - View Current Achieved Levels (without validation)
Screenshot of BDSLCCI - View Current Achieved Levels (without validation with different combinations)
Follow below procedure.
- 1. You are able to view the levels achieved depending on controls implementation in earlier two steps for particular business domain and MCA.
- 2. If you have achieved either of Level 1 to 3 of BDSLCCI Level which is indicated as tick mark in third column - you are eligible for applying for validation of controls implementation.
- 3. You can check multiple MCA's achieved BDSLCCI Level, by selecting business domain and its respective MCA in top drop down lists - and then clicking "View" button.
- 4. Click on the "Assess Controls" button to go for next step of validating implementation of controls, or click on the "Previous" button to go to earlier step.
Validation of Cybersecurity Controls Implementation
It is important to go for the validation of Cybersecurity Controls Implementation to get BDSLCCI certificate.
BDSLCCI Audit is must for Validation of Cybersecurity Controls Implementation
- 1. Once prepared, the organization must proceed with the proof submission process to get BDSLCCI accreditation.
- 2. These will be picture files that you must post in order to demonstrate that you have correctly implemented each control.
- 3. Multiple tiers of internal auditors at BDSLCCI will analyze the evidence and decide whether to accept or reject it.
- 4. Your organization will get a BDSLCCI certificate if authorized by BDSLCCI auditors; otherwise, you must resubmit your supporting documentation in light of the auditors' remarks.
Get BDSLCCI Certificate
Snapshot of Sample BDSLCCI Certificate
Click Here To Know More "What is BDSLCCI?"
SecureClaw partner for your entire journey of cybersecurity implementation. Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework and certification is the solution for cost-effective cybersecurity implementation.
Click Here To Sign Up for the BDSLCCI Certification!