|Reducing the likelihood of Cyber-security and Privacy Risks for IoT (Internet of Things) devices are becoming an increasing concern for both the private and public sector. However, “reducing risks” is a broad concept which needs to be clearly broken down into specific goals and steps. Here are three goals in IoT device security that will help your organization reduce cyber-security and privacy risks.
Goal 1: Protect Device Security.
Prevent a device from being used to conduct attacks. Here are risk mitigation areas to help achieve this goals:
- Asset Management: Maintain a current, accurate inventory of all IoT devices and their relevant characteristics throughout the devices’ lifecycles for cybersecurity and privacy risk management purposes.
- Vulnerability Management: Identify and eliminate known vulnerabilities of IoT device software and firmware in order to prevent a security breach.
- Access Management: Prevent unauthorized and improper access to IoT Devices by people, processes and other computing devices.
- Device Security Incident Detection: Regularly monitor and analyze IoT device activity for signs of incidents and suspicious patterns.
Goal 2: Protect Data Security.
Protect the confidentiality of data including Personally Identifiable Information (PII) collected by, stored on, or transmitted to or from the IoT device. Here are risk mitigation areas for Goal 2:
Data Protection: Prevent access to and tampering with data at rest or in transit that might expose sensitive information or allow manipulation or disruption of IoT device operations.
Data Security Incident Detection: As mentioned previously in Goal 1, this is a highly important step in achieving this goal. Be sure to regularly monitor and analyze IoT Device activity for signs of incidents!
Goal 3: Protect Individuals’ Privacy.
Protect individuals’ privacy impacted by PII processing beyond risks managed through device and data security protection. Here are some Risk mitigation areas for Goal 3:
- Information Flow Management: Maintain a current, accurate mapping of the information lifecycle of PII.
- PII Processing Permissions Management: Maintain permissions for PII processing to prevent unpermitted PII processing.
- Informed Decision Making: Enable individuals to understand the effects of PII processing and interactions with the device and resolve problems.
- Privacy Breach Detection: Monitor and analyze IoT device activity for signs of breaches involving individuals’ privacy.
|The contents of this email was based on a report by the National Institute of Standards and Technology (NIST). The full report can be found here.
If you would like to learn more about improving your organization’s IoT Security, contact us!