Jump to content

User:Shekharpw/sandbox

From Wikipedia, the free encyclopedia

Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) is a framework for mitigating Small and medium-sized enterprises's cybersecurity risks, published by its inventor, Dr. Shekhar Ashok Pawar, based on BDSLCCI specific processes, guidelines, and best practices.[1] A 2021 research study found that small and medium enterprises surveyed see various problems while implementing and maintaining cybersecurity controls, such as less funds, a lack of skilled resources, and no clarity on return on investment for the cybersecurity controls implementation.[2]

Overview

[edit]

Small and medium-sized enterprises, businesses, and other organizations can implement a tailored list of cybersecurity controls based on their business domain using the BDSLCCI Cybersecurity Framework. Each of such organizations has different business-specific mission-critical assets that need to be protected against cyber threats. The framework is divided into two parts, "Mission Critical Assets" and "Defense in Depth." Since 2022, the BDSLCCI Framework has been protecting small and medium enterprises (SMEs) in-depth cybersecurity control implementation. The BDSLCCI framework offers tailored, hence less costly, and easy-to-implement cybersecurity controls, allowing small and medium-sized enterprises to adopt the cybersecurity posture built by the framework.[3]

Controls and categories consideration in BDSLCCI Framework

[edit]

The BDSLCCI framework considers a comprehensive Defense in Depth (DiD) strategy considering the Data Security Layer, Endpoint Security Layer, Network Security Layer, Physical Perimeter Security Layer, Human Security Layer, and Governance Layer. It has been designed to enhance cybersecurity by addressing multiple layers of security controls, categorized into five main areas: 1. Preventive Controls: Measures to avoid incidents (e.g., encryption, access control). 2. Detective Controls: Mechanisms to identify and report incidents (e.g., intrusion detection systems). 3. Deterrent Controls: Strategies to discourage malicious activities (e.g., cybersecurity awareness training). 4. Recovery Controls: Steps to restore normal operations after an incident (e.g., data backups). 5. Corrective Controls: Actions to fix vulnerabilities and prevent recurrence (e.g., patch management). Using the BDSLCCI web platform, an organization typically starts by using the framework to implement recommended cybersecurity controls and later can apply for the audit and assessment. Depending on the ascending order of recommended control implementation, the organization can comply with BDSLCCI Level 1, 2, or 3. SecureClaw and its membership-certifying bodies can further provide a BDSLCCI certificate, transcript, and analytical report showing cybersecurity controls coverage and effectiveness.

Overview of BDSLCCI Framework

The BDSLCCI Framework groups its "mission critical asset" and "defense in depth" controls to provide good protection against cyber threats for any small and medium-sized enterprises. Version 1.0 was published by Dr. Shekhar Ashok Pawar for Business Domain Specific Least Cybersecurity Controls Implementation in 2022, using the BDSLCCI web platform powered by SecureClaw Inc. In 2024, a modified version of the framework, version 2.0, was published with digital data protection as a priority in the defense in depth part of the framework.[4]

[edit]
  1. ^ Pawar, Shekhar A; Palivela, Hemant (April 10, 2022). "LCCI: A framework for least cybersecurity controls to be implemented for small and medium enterprises (SMEs)". International Journal of Information Management Data Insights. 2 (1). Elsevier. doi:10.1016/j.jjimei.2022.100080. ISSN 2667-0968.
  2. ^ Pawar, Shekhar (September 30, 2022). "BUSINESS DOMAIN-SPECIFIC LEAST CYBERSECURITY CONTROLS IMPLEMENTATION (BDSLCCI) FRAMEWORK FOR SMALL AND MEDIUM ENTERPRISES (SMES)". gbis.ch. GBIS Journal ISSN 2673-9690 (Online). Retrieved September 30, 2022.
  3. ^ Pawar, Shekhar; Palivela, Hemant (May 29, 2023). "Importance of Least Cybersecurity Controls for Small and Medium Enterprises (SMEs) for Better Global Digitalised Economy". Smart Analytics, Artificial Intelligence and Sustainable Performance Management in a Global Digitalised Economy. Emerald Publishing. ISBN 978-1-83753-417-3.
  4. ^ Pawar, Shekhar; Pawar, Poonam (August 18, 2024). BDSLCCI : Business Domain Specific Least Cybersecurity Controls Implementation. Vol. 2. Notion Press.