When can you trust web services to handle your data?
Posted on 15 January 2014.
A new report by the EU’s cyber security agency ENISA analyses the conditions under which online security and privacy seals help users to evaluate the trustworthiness of a web service. The report underlines the need for clear icons, standards, assessment and evaluation methodology.

Furthermore, a second report addresses the framework, methodology and evaluation for security certification and provides a qualitative analysis of certification practices in the EU.

Numerous policy documents identify marks, seals, logos, icons (collectively referred to as “seals”). These help users to judge the trustworthiness of services offered on the web. But there are many obstacles for users to use these seals, as it is not clear how the seals are granted to the services. ENISA analyses the current situation and identifies key challenges, solutions, and recommendations for online seals.

The two reports deal with (1) how users can use seals to base their trust in a service, and (2) what we can learn from other certification initiatives to improve these seals. Some of the key challenges and corresponding recommendations are:

Users suffer from information overload. Therefore, web designers need to develop clearer privacy icons, which are based on research, including cultural and legal differences.

Users are not sufficiently aware of what seals mean. Educational material should be provided to spread knowledge of the existence and meaning of seals.

Seals are not checked by the user. Service providers and web developers need to provide and implement seals that can be automatically checked.

Transparency. Policy makers should demand reliable statistics on certification and seals. The bodies issuing certificates/seals should keep updated, public records on certificates/seals that they have issued.

Reduction of burden. Standardization bodies and responsible stakeholders should develop best practices and standards merging the requirements for security and data protection in order to reduce burden.

Enforcement. The national policy makers should ensure enforcement of such requirements for genuine compliance, for instance by applying sanctions and/or ad-hoc assessments carried on by third parties.

The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “The effectiveness of trust signals must be improved. Regulatory bodies at the EU and national level should set incentives for service providers to obtain better online security and privacy protection”.





Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //