IT is all about Strategy.

Managed service providers often rely on gimmicks to sell cybersecurity services. Network assessments, dark web reports, security scans are just some of the ways that tug on your emotional strings and impart fear and confusion. Good news, it's all theater. Cybersecurity is a strategic and methodical approach to risk management. We make our approach clear and transparent - here is what you can expect.

Our awesome features
1
Instant wins.

It is important to see results right away and your e-mail system is generally the most vulnerable asset. At the start of our engagement you delegate administrative rights to your Microsoft 365 or Google Workspace tenant. In turn, we activate AI powered enterprise e-mail and file monitoring that reduces risks of ransomware, phishing, and identity compromise.

Our awesome features
2
Onboarding and Risk Assessment

We developed our own methods for cybersecurity evaluations. Your business management will sit with our team and go through a series of questions about your company, we will then rank and score various areas in order of priority. Despite the noise -- you don't need to try secure everything in every way. Cyber security is about reasonable risk mitigation.

Our awesome features
3
Design & Implement Controls

We have developed our own framework, controls, and evidence collection process which works for law firms, CPAs, accountants, wealth management companies, and various other professional organizations. We select the tasks and projects that make sense for you and get to work.

Our awesome features
4
Verify and Optimize

Once your systems are configured and running, a mindful audit process what it will take to ensure they do their job as designed. This is also the part of the process where you can change things that can work better.

We are fanatical about cyber security assurance. We developed the Bento Cyber Security Framework for comprehensive guidance from policy to attestation. Professional Services enable your organization to design, implement, audit, and attest your information security program.


Take ownership of information security

Policy Development

Information security starts with sensible policies that are used by executives, employees, vendors, and IT.

Common Controls

The controls framework spells out objectives necessary for advancing cyber security from fragmented to zero trust.

Control Actions

We have developed hundreds specific actionable steps to harden Microsoft 365, devices, identities, networks, and SaaS.

Incident Mitigation

Demonstrate to your cyber security insurance carrier company competence.

Collaborative Approach

Our team will work with your existing IT to provide guidance, process improvement, or engineering services.

Certification & Attestation

We help small companies develop functional programs and then validate through certification.

Frequently Asked Questions

Got a question? We've got answers. If you have some other questions, contact us using email.

The cyber security landscape is changing, and doing nothing means denial of claims. Your insurance carrier expects you to do the bare minimum.

BCSF is a series of cyber security publications in three major categories: policy, implementation, and oversight. Collectively, it enables business owners to build and deploy an information security and compliance program.

BENTO:GUIDES is a software solution for accessing and working with the Bento Cyber Security Framework. While all BCSF core publications are accessible to anyone who registers with their company e-mail address, we offer premium subscriptions to enable companies to easily manage BCSF implementations.

All BCSF core publications are available without a subscription – they enable any small company to develop a comprehensive cyber security strategy. Entry paid subscriptions enable access to security awareness training while premium tiers give each organization a dedicated instance of GUIDES with content that can be edited. This enables companies to develop their own security management programs, track key information, and share that data with our experts.

We provide comprehensive advisory and implementation services. Customers with paid plans have access to our solution architects, informations security managers, system engineers, and support staff. Our team is your virtual CISO, IT department, IS department, and professional services team. We can help you determine what to do, how to do it, and then get you there. We provide end:end support for BCSF implementation.

Increasingly companies are asked to prove their cyber security readiness to vendors, prospects, and customers alike. For instance, your insurance company may demand proof that you are managing cyber security risks. Equally, a prospect may be concerned over your resiliency before signing a contract. Or – perhaps – a customer may suddenly becomes concerned over your risk in their supply-chain. Premium tier customers may elect to have their policies and controls audited for effectiveness by our team. The audit includes a report you may share with others and a certification seal valid for as long as you remain a subscriber (renewable every 18 months).

There are three major skillsets required to implement cyber security. Segregation of duties and experience both force your organization to leverage multiple individuals/teams in program development. Cyber Security Experts: Help you develop policy and information programs. Solution Consultants: Help you manage vendor requirements and design solutions that align your program with technical specifications. Security Engineers: do the work required to implement technical solutions.