OpenLobby.EU
Explore

LEET Security

As ICT Services Cyber Security Rating Agency, our goal is promote the use of rating mechanism as a basis to assess cyber security capabilities in services and the use of labelling as a way to provide transparency about this cyber security capabilities.

Lobbying Activity

Response to Digital Operational Resilience of Financial Services (DORFS) Act

24 Nov 2020

As cybersecurity rating agency, our comments are focused on the 'Oversight framework of critical ICT third-party service providers' (Section II - Chapter V). Based on our 10 years of experience in third-party risk management the proposed approach faces many challenges: - Increases audit fatigue - Would impact on the ICT services market (not neutral) - Modify the operational activities of ESAs - Raise potential conflict of interests - Reduce competition - Flexibility and speed of updating required Our suggestion is to approach the problem from a different perspective which is implement a cybersecurity rating system (objective and transparent) that assess the cybersecurity capability level of service providers and allows financial entities (and ESAs) understand the level of security of the services they are using or pretend to use (in the same way that Cambridge exam allows to understand the English proficiency of a candidate or financial ratings allow an investor to understand the financial stability of an debt issuer). The foundations elements of this system are: - Objective and transparent methodology - Validated assessors - Robust audit procedures - Ongoing monitoring of security posture - Mappings between rating levels and specific requirements of each financial entity - Efficiency on assessments processes - (Limited) Publicity of cybersecurity ratings.
Read full response

Response to Review of ENISA Regulation and laying down a EU ICT security certification and labelling

6 Dec 2017

LEET Security | ICT Security Rating Agency, the first rating agency in Europe working on labeling cyber security in services, welcomes the opportunity to provide its views on the European Commission’s proposal for Regulation on ICT Cybersecurity Certification. Please find our comments on the attached document.
Read full response