SMEs are part of 90% of the business population and plays important role in employment opportunities, GDP in developed countries, and sustaining the global economy. Hence it is important to protect them from cyber threats.
Depending on the business domain of an SME, business priorities changes. Specific mission-critical assets plays important role in fulfilling those business priorities.
Few mission-critical assets (MCAs) have confidentiality as the priority, and disclosure of the information should not be permitted. Similarly, few MCAs have integrity as the highest priority, alteration by malicious users will cause massive problems. Many MCAs have availability as the top priority, if the asset is not reachable it can harm business goals.
Many of the cybersecurity controls are not relevant to all business domains of the SMEs. Only specific cybersecurity controls are needed for relevant business domain SMEs.
BDSLCCI framework considers a set of cybersecurity controls to be implemented initially, and it gives a roadmap for incremental deployment of such controls.
BDSLCCI is outcome of international research studies by Dr. Shekhar Pawar by taking various inputs from the top management of SME companies in 19 countries during his doctoral studies on the cybersecurity of the SME segment at SSBM Geneva, Switzerland. The participating SMEs were from Australia, Bangladesh, Cyprus, Ghana, Hong Kong, India, Indonesia, Israel, Malaysia, Nigeria, Norway, Russia, Singapore, South Africa, Sri Lanka, Sweden, the United Arab Emirates, the United Kingdom, and the United States.
Business Domain-Specific Least Cybersecurity Controls Implementation (BDSLCCI) is a framework designed specifically for Small and Medium Enterprises (SMEs). It has below key benefits. 1. Depending on the business domain of the SME, this framework provides only the required minimum set of cybersecurity controls to be implemented. 2. Helps with the step-wise implementation of cybersecurity controls in a prioritized manner. 3. Avoids one-time big investment being gradual implementation. 4. Better utilization of available resources.
Regardless of business type or domain, any Small and Medium Enterprise (SME) or Small and Medium Business (SMB) company is an ideal entity to adopt this framework.
There are three levels of BDSLCCI. Level 1 is having good cyber-threat protection against maximum threats identified for SMEs which reduces malware, phishing, insider threat, web attack, ransomware attack, and a few more at a certain level. Further Level 2 gives better cybersecurity as compared to Level 1. Level 3 can be considered as the best minimum Cybersecurity controls satisfactory implemented for SMEs.
In the digital world, Mission Critical Asset (MCA) is mostly crucial data, information, or important system handling it. It differs for each SME mostly based on its domain. The asset which has the maximum value, highest risks, and a big impact on SME’s core business, can be treated as MCA. For example, MCA in the industry that deals with healthcare can be Electronic Medical Record (EMR) software; in the Banking, Financial Services, and Insurance (BSFI) industry it will be a net-banking transaction or financial records kind of web portal; in the E-Commerce sector it will be shopping web and mobile app online presence, for the innovative manufacturing industry, product design ideas, methodology and research material might be a most valuable asset than anything else and so on. Most of the time MCA is information-related.
This web portal helps with ease of SME registration followed by listing predicted cybersecurity controls. This prediction is done via inputs collected from research using Responsible Artificial Intelligence (AI) and Machine Learning (ML).
Yes. It can be achieved after conducting a BDSLCCI audit. Such audits can be performed online or offline.
Yes. We are offering FREE usage of the web portal, your organization can start using this framework. It is recommended to conduct an audit of the effectiveness of the BDSLCCI within your organization to qualify for a certain level and certificate.