The National Institute of Standards and Technology (NIST) released a report last June to help managers understand and manage the risks posed by IoT devices over their life cycle. This 34-page report is entitled “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228)”. The opening is a basic definition and key issues, such as operational differences between privacy and security. Subsequent reports describe situations that address large management issues, including the vast differences between device access and management as well as the security capabilities of IT hardware and IoT systems.
NIST defines IoT risks and mitigations within the framework of three risk mitigation goals: protecting device security, protecting data security, and protecting personal privacy. Within each target, there are two to five more specific risk mitigation areas such as vulnerability management, data protection, and information flow management. The report tabulates the security expectations that IT managers may have with traditional IT equipment and the challenges that IoT devices may face in meeting those expectations. This report is the first in a series to address IoT issues, and it addresses higher-level considerations, although NIST says it will discuss more detail in subsequent reports.
According to Mike Fagan, one of the authors of the report: “The report is mainly for any organization that is thinking about security on the level of the NIST Cybersecurity Framework. It’s targeted at the mode of thinking that an organization would have — more resources, more people, more ability, but also more risk of attack because of all those things. It’s bad when a single house is attacked, but if a million bank account passwords are stolen, that has a much larger impact.”
Nowadays, IoT devices are popular and used in many offices. However, before you linking your office’s new printer or coffee maker to the IoT, it is important to understand the risks behind this move. LIFARS Solution for Information & Cybersecurity, Compliance and Risk Gap Assessment can help you figure out the IoT risks in your office. LIFARS Gap Assessment Solution is designed to ascertain your comprehensive information security, risk and compliance status (current). Not only we determine your current state along with your risk appetite and tolerance, but we also provide you with an actionable roadmap to reach target maturity level including strategy, structure, governance, and operations management plan. We will leverage our extensive knowledge and experience, our competent Assessors and Project Managers focus on the following to deliver optimal services for you:
- Identify key business processes and associated with information flow to ensure adequate threat modeling.
- Identify and engage key stakeholders to ensure adequate information discovery.
- Adhere to industry best practices and standards such as ISO, NIST, COBIT, and CIS.
- Provide Assessment Workbook prior to onsite and remote observations and interviews to maximize productivity.
- Optimally engage stakeholders for interviews and observations to minimize time impact.
- Provide Roadmap, Strategy and Operations Management plan aligned with your risk appetite and tolerance.
- Present findings to key stakeholders including executives to influence cultural changes.
Contact LIFARS Immediately For
Your Gap Assessment Solution