LEET Commitment
Our understanding of the management and process of information systems in the business environment is based on the following points:
We are independent
We evaluate and measure your services’ security processes to help you obtain an understanding of your security strengths and weaknesses, so you can make informed decisions and increase your resilience.
We do this based on a proprietary development methodology built from the main international standards, regulations and best practices, and it can be found here.
We do not sell solutions
We work on the diagnosis, not on the vaccine.
We make it easy for you to analyse and be informed, we can also point out possible solutions, but in the end it’s your decision on the possible actions to take. We are a rating agency. We are analysts and we make ratings. We are not consultants.
We are not infallible
But we're close.
Each audit evaluates over three hundred cybersecurity capabilities and establishes a rating of the level of security a given service has. But the rating of a service, no matter how high, does not indicate that it is inexpugnable - no such thing exist - but yes, potential intruders will have it more difficult to access, the greater the rating obtained is.
Our assurance comes from experience and knowledge, which we constantly update to keep up with new attack techniques and vectors used.
We want to be useful
Our ratings, unlike those known as digital ratings, are complete, made from within. They provide information that is real, complete and useful. But not only that, the rating also includes a continuous monitoring, both with a digital tool and with timely campaigns against known vulnerabilities.
We also try to partner with other companies to deliver additional benefits to our clients.
A rating is not a certification
If you go to a hotel, you can be sure that it has a license that guarantees minimum operational, health and hygiene measures. However, this license does not indicate the level and quality of those measures, which will be different in a five-star establishment than in a one-star hotel.
Broadly, this is the difference between certification and rating, between, for example, an ISO 27001 and a cybersecurity rating. Where certification indicates that minimums are met, our rating lets you know the actual cybersecurity level of your vendors, or your own, with the most comprehensive system.
We believe in the value chain
A company is not an island, it operates within a supply chain of suppliers and customers, which is as strong as its weakest link and as secure as its most exposed entity.
Our rating system makes it easier for each element in a supply chain to ascertain the security level of each of the other parties and to demonstrate its own. In this way, companies can perform third party risk management by knowing the security level of their suppliers and thus define the access they are granted.
We work for a safer ecosystem
We are all connected.
With every entity making a new commitment to cybersecurity, the overall security of the global ecosystem increases and we all are, collectively, safer. That's why we're promoting initiatives aimed at a more secure digital ecosystem.
Cybersecurity is no joke
We don't lose our our sense of humor, but for us cybersecurity is a very serious matter. We devote time and energy to it, studying and participating. We go where they call us, we publish, we disclose and reflect on current industry-related topics.
To stay up to date, visit our blog or subscribe to our newsletter.
Cybersecurity requires a comprehensive approach
Cybersecurity is not just about investing in technology; it’s not just about digital elements. That’s why the methodology used in our comprehensive assessments also includes things like backup location, access control, staff training, and more.
We are transparent
We have nothing to hide — no tricks, no hidden catches. That is why our methodology is public and can be downloaded for your reference. And every time we update it, we make a public call to participate in it.
If you have any questions contact us, we want to hear from you. You can do this via phone, e-mail, Twitter, LinkedIn, Facebook or Instagram. You can even visit us.