When can you actually trust the web services to safely handle your data? A new report by the EU’s cyber security agency ENISA analyses the conditions under which online security and privacy seals help users to evaluate the trustworthiness of a web service. The report underlines the need for clear icons, standards, assessment and evaluation methodology. Furthermore, a second report addresses the framework, methodology and evaluation for security certification and provides a qualitative analysis of certification practices in the EU.
Numerous policy documents identify marks, seals, logos, icons (collectively referred to as “seals”). These help users to judge the trustworthiness of services offered on the web. But there are many obstacles for users to use these seals, as it is not clear how the seals are granted to the services. ENISA analyses the current situation and identifies key challenges, solutions, and recommendations for online seals.
The two reports deal with (1) how users can use seals to base their trust in a service, and (2) what we can learn from other certification initiatives to improve these seals. Some of the key challenges and corresponding recommendations are:
The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “The effectiveness of trust signals must be improved. Regulatory bodies at the EU and national level should set incentives for service providers to obtain better online security and privacy protection”.
For full reports: ENISA, On the security, privacy and usability of online seals
ENISA, Security certification practice in the EU - A case study,
Background: EU Cyber Security Strategy
For interviews; Ulf Bergström, Spokesman, ulf