It's summer 2018 and how to encourage security in the Internet of Things remains a hot topic.
But the first step in securing anything, according to the CISOs I've talked to at our SecureWorld cybersecurity conferences, is a risk assessment.
This raises a good question: how do you assess organizational IoT risk? How do you score IoT risk to the business?
Agelight Advisory group's Managing Director says his organization has developed something new called the IoT Safety and Trust Design Architecture Risk Guide, of ISTA.
"The ISTA provides a blueprint to embrace security and privacy by design. Organizations who adopt the ISTA can maximize user safety and peace of mind, while making security and privacy are part of their brand promise.”
The guide was developed on the premise that even the most price sensitive IoT devices can make room for security and privacy.
Manufactures, in particular, can use the framework to determine 6 key things:
the impact to the user
the impact to the ecosystem and society at-large
3) financial and performance impact
hazardization, the physical and life safety related risks
development costs and impact to market timing and
regulatory and liability risk. Based on an organization’s “risk appetite”, engineering efforts can be ranked and prioritized.