Following our tradition of analyze security documents that could apply to cloud computing, in this post it is the turn of Jericho Forum(R) "Self-Assessment Scheme" (PDF). We find this scheme interesting because it applies a rating system, in this case, with two levels.
This scheme is applicable for evaluating how a system meet Jericho Forum eleven commandments throuhg a self-assessment carried on by the own system provider, without validation for any third party (unlike leet security methodology that implies a validation from the rating agency).
But, conceptually, we applies the same way of evaluating rating levels:
And we, both, also agree in the way of assigning rating levels:
The major difference is the number of levels: While this scheme has three levels (inaceptable - aceptable - good), leet security system has five (besides our system also considers different security dimensions - confidentiality, integrity, and availability).
In summary, the scheme shows how self-assessment and rating levels are useful mechanisms to get better information in evaluating the security of ICT products and services.