LEET Security. An independent entity created to qualify the security of ICT services

The agency gets its name inspired by the court LEET, exercised in England, Wales and Ireland in the Middle Ages, to maintain peace and resolve conflicts on the proper application of standards and best practices in trade.

Now, the rating agency LEET Security is an independent entity, formed for the sole purpose of developing and managing a labeling system to qualify reliably the levels of information security offered by ICT service providers, particularly -but not solely- in cloud environments.

The agency was born motivated by the fact that the existing systems so far do not offer a model to assess, in a homogeneous and transparent way, the level of security provided by a system or service:

-Certifications for ISO / IEC27001 standard assess the safety management system of information with an scope which defined by the supplier, but not evaluate the actual security measures; and

-Audits evaluate compliance with certain requirements of security, which often do not match with the needs of service users (being poorly reusable).

Thus, since late 2010, the LEET Security agency compiles the controls which are defined in the international regulations, standards and best practices, classifies and groups them in different levels, and provides a "score" to the security that is implemented in each qualifying service, which is reflected in the LEET stamp.

Thus, the rating system managed by LEET Security becomes the first implementation of the recommendation by the Cybersecurity Strategy of the EU, to create security labeling systems for ICT services.

The ultimate goal is to provide trust to the customers / users of these services, offering full transparency to the security measures implemented by providers in the services that they offer.