BEATO (Security)

From Wikipedia, the free encyclopedia

BEATO (sometimes spelled BeATo) stands for "BEnchmark Assessment TOol". Some people refer to it as "Be At zero", meaning the ideal of lowering non-compliance and risk. BEATO is both a tool and a methodology, originally dedicated to Security assessments. It determines the quality of controls as well as the degree of compliance using a Capability Maturity Model.

It allows management to evaluate their current level of security (via consolidations of individual assessments and drill-down), as well as the effects of decisions and projects undertaken for the purpose of improving security.

Both methodology and tool have been developed by Unisys for internal use, originating from 1999 (Y2K compliance). Since 2002 BEATO (and BEATO assessment services) have been marketed to Unisys clients.

BEATO can also be used for compliance assessment relative to all ISO Standards (specifically ISO 9000, ISO/IEC 20000, ISO 27000) with the integral PLATO Risk Management module (PLAnning TOol). PLATO answers the question if poor controls have consequences big enough to warrant investments (The "So What?" question).